zeekio

package

v0.34.0-test1 Latest Latest Go to latest Published: Feb 13, 2022 License: BSD-3-Clause Imports: 18 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/brimdata/zed

Documentation ¶

Index ¶

Constants
Variables
func EscapeZeekHex(b []byte) []byte
func FormatValue(v zed.Value) string
func Unflatten(zctx *zed.Context, columns []zed.Column, addPath bool) ([]zed.Column, bool, error)
func ZeekStrings(r *zed.Value) ([]string, error)
type Parser
- func NewParser(r *zed.Context) *Parser
type Reader
- func NewReader(reader io.Reader, zctx *zed.Context) *Reader
- func (r *Reader) Read() (*zed.Value, error)
type Writer
- func NewWriter(w io.WriteCloser) *Writer
- func (w *Writer) Close() error
- func (w *Writer) Write(r *zed.Value) error

Constants ¶

View Source

const (
	ReadSize    = 64 * 1024
	MaxLineSize = 50 * 1024 * 1024
)

Variables ¶

View Source

var ErrBadRecordDef = errors.New("bad types/fields definition in zeek header")

View Source

var ErrIncompatibleZeekType = errors.New("type cannot be represented in zeek format")

Functions ¶

func EscapeZeekHex ¶ added in v1.0.0

func EscapeZeekHex(b []byte) []byte

func FormatValue ¶ added in v1.0.0

func FormatValue(v zed.Value) string

func Unflatten ¶

func Unflatten(zctx *zed.Context, columns []zed.Column, addPath bool) ([]zed.Column, bool, error)

Unflatten() turns a set of columns from legacy zeek logs into a zng-compatible format by creating nested records for any dotted field names. If addpath is true, a _path column is added if not already present. The columns are returned as a slice along with a bool indicating if a _path column was added. Note that according to the zng spec, all the fields for a nested record must be adjacent which simplifies the logic here.

func ZeekStrings ¶

func ZeekStrings(r *zed.Value) ([]string, error)

This returns the zeek strings for this record. XXX We need to not use this. XXX change to Pretty for output writers?... except zeek?

Types ¶

type Parser ¶

type Parser struct {
	// contains filtered or unexported fields
}

func NewParser ¶

func NewParser(r *zed.Context) *Parser

func (*Parser) Descriptor ¶

func (p *Parser) Descriptor() (*zed.TypeRecord, bool)

Descriptor returns the current descriptor (from the most recently seen #types and #fields lines) and a bool indicating whether _path was added to the descriptor. If no descriptor is present, nil and and false are returned.

func (*Parser) ParseDirective ¶

func (p *Parser) ParseDirective(line []byte) error

func (*Parser) ParseValue ¶

func (p *Parser) ParseValue(line []byte) (*zed.Value, error)

type Reader ¶

type Reader struct {
	// contains filtered or unexported fields
}

func NewReader ¶

func NewReader(reader io.Reader, zctx *zed.Context) *Reader

func (*Reader) Read ¶

func (r *Reader) Read() (*zed.Value, error)

type Writer ¶

type Writer struct {
	// contains filtered or unexported fields
}

func NewWriter ¶

func NewWriter(w io.WriteCloser) *Writer

func (*Writer) Close ¶

func (w *Writer) Close() error

func (*Writer) Write ¶

func (w *Writer) Write(r *zed.Value) error

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL