bitbucket.org/Aishee/synsec@v0.0.0-20210414005726-236fc01a153d/pkg/types/grok_pattern.go

bitbucket.org/Aishee/synsec@v0.0.0-20210414005726-236fc01a153d/pkg/types/grok_pattern.go (about)

     1  package types
     2  
     3  import (
     4  	"github.com/antonmedv/expr/vm"
     5  	"github.com/logrusorgru/grokky"
     6  )
     7  
     8  //Used mostly for statics
     9  type ExtraField struct {
    10  	//if the target is indicated by name Struct.Field etc,
    11  	TargetByName string `yaml:"target,omitempty"`
    12  	//if the target field is in Event map
    13  	Parsed string `yaml:"parsed,omitempty"`
    14  	//if the target field is in Meta map
    15  	Meta string `yaml:"meta,omitempty"`
    16  	//if the target field is in Enriched map
    17  	Enriched string `yaml:"enriched,omitempty"`
    18  	//the source is a static value
    19  	Value string `yaml:"value,omitempty"`
    20  	//or the result of an Expression
    21  	ExpValue     string      `yaml:"expression,omitempty"`
    22  	RunTimeValue *vm.Program `json:"-"` //the actual compiled filter
    23  	//or an enrichment method
    24  	Method string `yaml:"method,omitempty"`
    25  }
    26  
    27  type GrokPattern struct {
    28  	//the field to which regexp is going to apply
    29  	TargetField string `yaml:"apply_on,omitempty"`
    30  	//the grok/regexp by name (loaded from patterns/*)
    31  	RegexpName string `yaml:"name,omitempty"`
    32  	//a proper grok pattern
    33  	RegexpValue string `yaml:"pattern,omitempty"`
    34  	//the runtime form of regexpname / regexpvalue
    35  	RunTimeRegexp *grokky.Pattern `json:"-"` //the actual regexp
    36  	//a grok can contain statics that apply if pattern is successfull
    37  	Statics []ExtraField `yaml:"statics,omitempty"`
    38  }