github.com/crowdsecurity/crowdsec@v1.6.1/pkg/parser/grok_pattern.go (about) 1 package parser 2 3 import ( 4 "time" 5 6 "github.com/antonmedv/expr/vm" 7 8 "github.com/crowdsecurity/grokky" 9 ) 10 11 // Used mostly for statics 12 type ExtraField struct { 13 //if the target is indicated by name Struct.Field etc, 14 TargetByName string `yaml:"target,omitempty"` 15 //if the target field is in Event map 16 Parsed string `yaml:"parsed,omitempty"` 17 //if the target field is in Meta map 18 Meta string `yaml:"meta,omitempty"` 19 //if the target field is in Enriched map 20 Enriched string `yaml:"enriched,omitempty"` 21 //the source is a static value 22 Value string `yaml:"value,omitempty"` 23 //or the result of an Expression 24 ExpValue string `yaml:"expression,omitempty"` 25 RunTimeValue *vm.Program `json:"-"` //the actual compiled filter 26 //or an enrichment method 27 Method string `yaml:"method,omitempty"` 28 } 29 30 type GrokPattern struct { 31 //the field to which regexp is going to apply 32 TargetField string `yaml:"apply_on,omitempty"` 33 //the grok/regexp by name (loaded from patterns/*) 34 RegexpName string `yaml:"name,omitempty"` 35 //a proper grok pattern 36 RegexpValue string `yaml:"pattern,omitempty"` 37 //the runtime form of regexpname / regexpvalue 38 RunTimeRegexp grokky.Pattern `json:"-"` //the actual regexp 39 //the output of the expression is going to be the source for regexp 40 ExpValue string `yaml:"expression,omitempty"` 41 RunTimeValue *vm.Program `json:"-"` //the actual compiled filter 42 //a grok can contain statics that apply if pattern is successful 43 Statics []ExtraField `yaml:"statics,omitempty"` 44 } 45 46 type DataCapture struct { 47 Name string `yaml:"name,omitempty"` 48 Key string `yaml:"key,omitempty"` 49 KeyExpression *vm.Program `yaml:"-"` 50 Value string `yaml:"value,omitempty"` 51 ValueExpression *vm.Program `yaml:"-"` 52 TTL string `yaml:"ttl,omitempty"` 53 TTLVal time.Duration `yaml:"-"` 54 MaxMapSize int `yaml:"size,omitempty"` 55 Strategy string `yaml:"strategy,omitempty"` 56 }