ecs

package
v0.23.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 7, 2024 License: MIT Imports: 8 Imported by: 0

Documentation

Overview

ECS event mapping functions.

ECS specification.

Index

Constants

View Source 
const (
	Version = "8.11"
)

Variables

This section is empty.

Functions

func Fingerprint 

func Fingerprint(s string) string

Types

type Agent 

type Agent struct {
	Type    string `ecs:"type"`
	Version string `ecs:"version"`
}

type Base 

type Base struct {
	Timestamp time.Time              `ecs:"@timestamp"`
	Message   string                 `ecs:"message"`
	Tags      string                 `ecs:"tags"`
	Labels    map[string]interface{} `ecs:"labels"`
}

type Ecs 

type Ecs struct {
	Version string `ecs:"version"`
}

type Event 

type Event struct {
	Ecs     Ecs
	Agent   Agent
	File    File
	Base    Base
	Event   Evt
	Host    Host
	User    User
	Process Process
}

func MapEvent 

func MapEvent(log, src string) (e *Event, err error)

func (*Event) Bytes 

func (e *Event) Bytes(pty bool) (b []byte, err error)

type Evt 

type Evt struct {
	Kind     string    `ecs:"kind"`
	Module   string    `ecs:"module"`
	Dataset  string    `ecs:"dataset"`
	Severity int64     `ecs:"severity"`
	ID       string    `ecs:"id"`
	Code     string    `ecs:"code"`
	Provider string    `ecs:"provider"`
	Timezone string    `ecs:"timezone"`
	Created  time.Time `ecs:"created"`
	Ingested time.Time `ecs:"ingested"`
	Original string    `ecs:"original"`
	Hash     string    `ecs:"hash"`
}

type File 

type File struct {
	Name        string `ecs:"name"`
	Directory   string `ecs:"directory"`
	Extension   string `ecs:"extension"`
	DriveLetter string `ecs:"drive_letter"`
	Path        string `ecs:"path"`
	Type        string `ecs:"type"`
}

type Host 

type Host struct {
	Hostname string `ecs:"hostname"`
	Name     string `ecs:"name"`
}

type Process 

type Process struct {
	PID      int64 `ecs:"pid"`
	ThreadID int64 `ecs:"thread.id"`
}

type User 

type User struct {
	ID string `ecs:"id"`
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.