classification

package

v1.3.0 Latest Latest Go to latest Published: May 22, 2020 License: AGPL-3.0 Imports: 8 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/panther-labs/panther

Documentation ¶

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Classifier ¶

type Classifier struct {
	// contains filtered or unexported fields
}

Classifier is the struct responsible for classifying logs

func (*Classifier) Classify ¶

func (c *Classifier) Classify(log string) *ClassifierResult

Classify attempts to classify the provided log line

func (*Classifier) ParserStats ¶

func (c *Classifier) ParserStats() map[string]*ParserStats

func (*Classifier) Stats ¶

func (c *Classifier) Stats() *ClassifierStats

type ClassifierAPI ¶

type ClassifierAPI interface {
	// Classify attempts to classify the provided log line
	Classify(log string) *ClassifierResult
	// aggregate stats
	Stats() *ClassifierStats
	// per-parser stats, map of LogType -> stats
	ParserStats() map[string]*ParserStats
}

ClassifierAPI is the interface for a classifier

func NewClassifier ¶

func NewClassifier() ClassifierAPI

NewClassifier returns a new instance of a ClassifierAPI implementation

type ClassifierResult ¶

type ClassifierResult struct {
	// Events contains the parsed events
	// If the classification process was not successful and the log is from an
	// unsupported type, this will be nil
	Events []*parsers.PantherLog
	// LogType is the identified type of the log
	LogType *string
}

ClassifierResult is the result of the ClassifierAPI#Classify method

type ClassifierStats ¶

type ClassifierStats struct {
	ClassifyTimeMicroseconds    uint64 // total time parsing
	BytesProcessedCount         uint64 // input bytes
	LogLineCount                uint64 // input records
	EventCount                  uint64 // output records
	SuccessfullyClassifiedCount uint64
	ClassificationFailureCount  uint64
}

aggregate stats

type ParserPriorityQueue ¶

type ParserPriorityQueue struct {
	// contains filtered or unexported fields
}

ParserPriorityQueue contains parsers in priority order

func (*ParserPriorityQueue) Len ¶

func (q *ParserPriorityQueue) Len() int

Len returns the length of the priority queue

func (*ParserPriorityQueue) Less ¶

func (q *ParserPriorityQueue) Less(i, j int) bool

Less compares two items of the priority queue

func (*ParserPriorityQueue) Peek ¶

func (q *ParserPriorityQueue) Peek() *ParserQueueItem

Peek returns the item with the higher priority without removing it

func (*ParserPriorityQueue) Pop ¶

func (q *ParserPriorityQueue) Pop() interface{}

Pop removes the last element of the queue

func (*ParserPriorityQueue) Push ¶

func (q *ParserPriorityQueue) Push(x interface{})

Push adds an element to the end of the SchemaQueue

func (*ParserPriorityQueue) Swap ¶

func (q *ParserPriorityQueue) Swap(i, j int)

Swap swaps two items in the priority queue

type ParserQueueItem ¶

type ParserQueueItem struct {
	// contains filtered or unexported fields
}

ParserQueueItem contains all the information needed to initialize a schema.

type ParserStats ¶

type ParserStats struct {
	ParserTimeMicroseconds uint64 // total time parsing
	BytesProcessedCount    uint64 // input bytes
	LogLineCount           uint64 // input records
	EventCount             uint64 // output records
	LogType                string
}

per parser stats

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL