Documentation ¶
Index ¶
- Variables
- func GenDateParse(date string) (string, time.Time)
- func GeoIpASN(field string, p *types.Event, ctx interface{}) (map[string]string, error)
- func GeoIpCity(field string, p *types.Event, ctx interface{}) (map[string]string, error)
- func GeoIpInit(cfg map[string]string) (interface{}, error)
- func IpToRange(field string, p *types.Event, ctx interface{}) (map[string]string, error)
- func Parse(ctx UnixParserCtx, xp types.Event, nodes []Node) (types.Event, error)
- func ParseDate(in string, p *types.Event, x interface{}) (map[string]string, error)
- func ProcessStatics(statics []types.ExtraField, p *types.Event, clog *logrus.Entry) error
- func SetTargetByName(target string, value string, evt *types.Event) bool
- type EnrichFunc
- type EnricherCtx
- type GeoIpEnricherCtx
- type InitFunc
- type Node
- type Parser
- type Stagefile
- type UnixParser
- type UnixParserCtx
Constants ¶
This section is empty.
Variables ¶
View Source
var ECTX []EnricherCtx
ECTX : DID YOU SEE THAT GLOBAL, ISN'T IT HUGLY
View Source
var ExportedFuncs = []string{"GeoIpASN", "GeoIpCity"}
All plugins must export a list of function pointers for exported symbols
View Source
var NodesHits = prometheus.NewCounterVec( prometheus.CounterOpts{ Name: "cs_node_hits", Help: "How many time an event entered this node.", }, []string{"source", "name"}, )
View Source
var NodesHitsKo = prometheus.NewCounterVec( prometheus.CounterOpts{ Name: "cs_node_hits_ko", Help: "How many time an event unsuccessfuly exited this node.", }, []string{"source", "name"}, )
View Source
var NodesHitsOk = prometheus.NewCounterVec( prometheus.CounterOpts{ Name: "cs_node_hits_ok", Help: "How many time an event successfuly exited this node.", }, []string{"source", "name"}, )
Functions ¶
func ProcessStatics ¶
Types ¶
type EnrichFunc ¶
should be part of a packaged shared with enrich/geoip.go
type EnricherCtx ¶
type GeoIpEnricherCtx ¶
type GeoIpEnricherCtx struct {
// contains filtered or unexported fields
}
type Node ¶
type Node struct { FormatVersion string `yaml:"format"` //Enable config + runtime debug of node via config o/ Debug bool `yaml:"debug,omitempty"` //If enabled, the node (and its child) will report their own statistics Profiling bool `yaml:"profiling,omitempty"` //Name, author, description and reference(s) for parser pattern Name string `yaml:"name,omitempty"` Author string `yaml:"author,omitempty"` Description string `yaml:"description,omitempty"` Rerferences []string `yaml:"references,omitempty"` //This is mostly a hack to make writting less repetive. //relying on stage, we know which field to parse, and we //can as well promote log to next stage on success Stage string `yaml:"stage,omitempty"` //OnSuccess allows to tag a node to be able to move log to next stage on success OnSuccess string `yaml:"onsuccess,omitempty"` //Filter is executed at runtime (with current log line as context) //and must succeed or node is exited Filter string `yaml:"filter,omitempty"` RunTimeFilter *vm.Program `yaml:"-" json:"-"` //the actual compiled filter //If node has leafs, execute all of them until one asks for a 'break' SuccessNodes []Node `yaml:"nodes,omitempty"` /* If the node is actually a leaf, it can have : grok, enrich, statics */ //pattern_syntax are named grok patterns that are re-utilised over several grok patterns SubGroks map[string]string `yaml:"pattern_syntax,omitempty"` //Holds a grok pattern Grok types.GrokPattern `yaml:"grok,omitempty"` //Statics can be present in any type of node and is executed last Statics []types.ExtraField `yaml:"statics,omitempty"` //Whitelists Whitelist types.Whitelist `yaml:"whitelist,omitempty"` Data []*types.DataSource `yaml:"data,omitempty"` // contains filtered or unexported fields }
func LoadStageDir ¶
func LoadStageDir(dir string, pctx *UnixParserCtx) ([]Node, error)
func LoadStages ¶
func LoadStages(stageFiles []Stagefile, pctx *UnixParserCtx) ([]Node, error)
type UnixParser ¶
type UnixParser struct { }
func (UnixParser) Init ¶
func (u UnixParser) Init(c map[string]interface{}) (*UnixParserCtx, error)
func (UnixParser) IsParsable ¶
func (u UnixParser) IsParsable(ctx interface{}, l types.Line) (bool, error)
Click to show internal directories.
Click to hide internal directories.