zeekio

package

v1.15.0 Latest Latest Go to latest Published: Mar 29, 2024 License: BSD-3-Clause Imports: 19 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/brimdata/zed

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
Variables
func EscapeZeekHex(b []byte) []byte
func FormatValue(v zed.Value) string
func Unflatten(zctx *zed.Context, fields []zed.Field, addPath bool) ([]zed.Field, bool, error)
type Parser
- func NewParser(r *zed.Context) *Parser
type Reader
- func NewReader(zctx *zed.Context, reader io.Reader) *Reader
- func (r *Reader) Read() (*zed.Value, error)
type Writer
- func NewWriter(w io.WriteCloser) *Writer
- func (w *Writer) Close() error
- func (w *Writer) Write(r zed.Value) error

Constants ¶

View Source

const (
	ReadSize    = 64 * 1024
	MaxLineSize = 50 * 1024 * 1024
)

Variables ¶

View Source

var ErrBadRecordDef = errors.New("bad types/fields definition in zeek header")

View Source

var ErrIncompatibleZeekType = errors.New("type cannot be represented in zeek format")

Functions ¶

func EscapeZeekHex ¶ added in v1.0.0

func EscapeZeekHex(b []byte) []byte

func FormatValue ¶ added in v1.0.0

func FormatValue(v zed.Value) string

func Unflatten ¶

func Unflatten(zctx *zed.Context, fields []zed.Field, addPath bool) ([]zed.Field, bool, error)

Unflatten turns a set of fields from legacy Zeek logs into a Zed-compatible format by creating nested records for any dotted field names. If addpath is true, a _path field is added if not already present. The fields are returned as a slice along with a bool indicating if a _path field was added. Note that according to the Zed spec, all the fields for a nested record must be adjacent which simplifies the logic here.

Types ¶

type Parser ¶

type Parser struct {
	// contains filtered or unexported fields
}

func NewParser ¶

func NewParser(r *zed.Context) *Parser

func (*Parser) Descriptor ¶

func (p *Parser) Descriptor() (*zed.TypeRecord, bool)

Descriptor returns the current descriptor (from the most recently seen #types and #fields lines) and a bool indicating whether _path was added to the descriptor. If no descriptor is present, nil and and false are returned.

func (*Parser) ParseDirective ¶

func (p *Parser) ParseDirective(line []byte) error

func (*Parser) ParseValue ¶

func (p *Parser) ParseValue(line []byte) (*zed.Value, error)

type Reader ¶

type Reader struct {
	// contains filtered or unexported fields
}

func NewReader ¶

func NewReader(zctx *zed.Context, reader io.Reader) *Reader

func (*Reader) Read ¶

func (r *Reader) Read() (*zed.Value, error)

type Writer ¶

type Writer struct {
	// contains filtered or unexported fields
}

func NewWriter ¶

func NewWriter(w io.WriteCloser) *Writer

func (*Writer) Close ¶

func (w *Writer) Close() error

func (*Writer) Write ¶

func (w *Writer) Write(r zed.Value) error

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL