types

package
v4.0.0-...-5981c31 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 30, 2024 License: BSD-2-Clause Imports: 25 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	//MAJOR API VERSIONS should always be compatible, there just may be
	//additional features
	API_VERSION_MAJOR uint32 = 0
	API_VERSION_MINOR uint32 = 2
)
View Source 
const (
	IngestCat         = `Data Ingest`
	SearchCat         = `Search`
	ActionablesCat    = `Actionables`
	DashboardsCat     = `Dashboards`
	ExtractorsCat     = `Extractors`
	FilesCat          = `Files`
	KitsCat           = `Kits`
	MacrosCat         = `Macros`
	NotificationsCat  = `Notifications`
	PlaybooksCat      = `Playbooks`
	QueryLibraryCat   = `Query Library`
	ResourcesCat      = `Resources`
	AutomationsCat    = `Automations`
	TemplatesCat      = `Templates`
	TokensCat         = `Tokens`
	UsersAndGroupsCat = `Users and Groups`
	SystemAndStatsCat = `System and Stats`
	SecretsCat        = `Secrets`
)
View Source 
const (
	TemplateFullUserName = `Full User`
	TemplateReadOnlyName = `Read Only User`
)
View Source 
const (
	EVENTTYPE_LOG   EventType = "log"
	EVENTTYPE_EVENT EventType = "event"

	EVENTLOG_LEVEL_DEBUG = "debug"
	EVENTLOG_LEVEL_INFO  = "info"
	EVENTLOG_LEVEL_WARN  = "warn"
	EVENTLOG_LEVEL_ERROR = "error"
)
View Source 
const (
	// request IDs
	FDG_REQ_GET_ENTRIES uint32 = 0x02000002
	FDG_REQ_STREAMING   uint32 = 0x02000005

	// response IDs
	FDG_RESP_GET_ENTRIES uint32 = 0x02000002
	FDG_RESP_STREAMING   uint32 = 0x02000005
)
View Source 
const (
	// license type magic numbers
	Eval       LicenseType = 0xb7c489d229961f64 //single instance (backend and frontend must be on the same machine) but we throw a bunch of stuff up in the GUI
	Community  LicenseType = 0xa332f9b1f64789d2 // single instance, limited ingest per day
	Fractional LicenseType = 0xe5354cae719162c3 // single instance, full features, limited ingest per day
	Single     LicenseType = 0x6f848b5ce61db26a //single instance (backend and frontend must be on the same machine)
	Enterprise LicenseType = 0x6e67a154aa1d503e //single instance, but all features allowed
	Cluster    LicenseType = 0x16e6aac870ea32ee //MxN configuration (many headends, restricted backends)
	Unlimited  LicenseType = 0x387dd2c0faa6e1e3 //MxN configuration (many headends, many backends)

	// feature override bitmasks
	Replication     FeatureOverride = 1
	SingleSignon    FeatureOverride = 1 << 1
	Overwatch       FeatureOverride = 1 << 2
	NoStats         FeatureOverride = 1 << 3
	UnlimitedCPU    FeatureOverride = 1 << 4
	CBAC            FeatureOverride = 1 << 5
	UnlimitedIngest FeatureOverride = 1 << 6

	ReplicationName     string = `replication`
	SingleSignonName    string = `sso`
	OverwatchName       string = `overwatch`
	NoStatsName         string = `nostats`
	UnlimitedCPUName    string = `unlimitedcpu`
	CBACName            string = `abac`
	UnlimitedIngestName string = `unlimitedingest`
)
View Source 
const (
	// base universal requests
	REQ_GET_ENTRIES     uint32 = 0x10
	REQ_STREAMING       uint32 = 0x11
	REQ_TS_RANGE        uint32 = 0x12
	REQ_GET_RAW_ENTRIES uint32 = 0x13

	// data exploration requests
	REQ_GET_EXPLORE_ENTRIES uint32 = 0xf010
	REQ_EXPLORE_TS_RANGE    uint32 = 0xf012

	// Stats Requests
	REQ_STATS_SIZE         uint32 = 0x7F000001 //how many values are there
	REQ_STATS_RANGE        uint32 = 0x7F000002 //give first and last stats values
	REQ_STATS_GET          uint32 = 0x7F000003 //get all stats available given a count
	REQ_STATS_GET_RANGE    uint32 = 0x7F000004 //get all stats over a time range
	REQ_STATS_GET_SUMMARY  uint32 = 0x7F000005 //get a single  stats entry
	REQ_STATS_GET_LOCATION uint32 = 0x7F000006 //get the current location of the search
	REQ_STATS_GET_OVERVIEW uint32 = 0x7F000007 //Get just an array of entry counts and byte counts over a time range
	// Search Metadata requests
	REQ_SEARCH_METADATA uint32 = 0x10001

	// base universal responses
	RESP_GET_ENTRIES     uint32 = 0x10
	RESP_STREAMING       uint32 = 0x11
	RESP_TS_RANGE        uint32 = 0x12
	RESP_GET_RAW_ENTRIES uint32 = 0x13

	// data exploration responses
	RESP_GET_EXPLORE_ENTRIES uint32 = 0xf010
	RESP_EXPLORE_TS_RANGE    uint32 = 0xf012

	// Stats Responses
	RESP_STATS_SIZE         uint32 = 0x7F000001
	RESP_STATS_RANGE        uint32 = 0x7F000002
	RESP_STATS_GET          uint32 = 0x7F000003
	RESP_STATS_GET_RANGE    uint32 = 0x7F000004
	RESP_STATS_GET_SUMMARY  uint32 = 0x7F000005
	RESP_STATS_GET_LOCATION uint32 = 0x7F000006
	RESP_STATS_GET_OVERVIEW uint32 = 0x7F000007

	// Search Metadata responses
	RESP_SEARCH_METADATA uint32 = 0x10001

	STATS_MASK    uint32 = 0xFF000000
	STATS_MASK_ID uint32 = 0x7F000000
)
View Source 
const (
	DownloadJSON       string = `json`       //encode as JSON
	DownloadCSV        string = `csv`        //standard CSV file
	DownloadText       string = `text`       //just text...
	DownloadPCAP       string = `pcap`       //format as a full blown PCAP-NG file
	DownloadLookupData string = `lookupdata` //GOB encoded table that can be passed back to the "lookup" module
	DownloadIPExists   string = `ipexist`    //IPExist encoded bitblock (https://github.com/gravwell/ipexist)
	DownloadArchive    string = `archive`    //a reimportable archive that is the complete renderer dataset

	DownloadDataTypeString string = `string`
	DownloadDataTypeSlice  string = `slice`
	DownloadDataTypeIP     string = `IP`
	DownloadDataTypeEV     string = `EV`

	RenderNameRaw        string = `raw`
	RenderNameHex        string = `hex`
	RenderNameText       string = `text`
	RenderNamePcap       string = `pcap`
	RenderNameTable      string = `table`
	RenderNameGauge      string = `gauge`
	RenderNameNumbercard string = `numbercard`
	RenderNameChart      string = `chart`
	RenderNameFdg        string = `fdg`
	RenderNameStackGraph string = `stackgraph`
	RenderNamePointmap   string = `pointmap`
	RenderNameHeatmap    string = `heatmap`
	RenderNameP2P        string = `point2point`

	MetadataTypeRaw    string = `raw`
	MetadataTypeNumber string = `number`
)
View Source 
const (
	ScriptAnko ScriptLang = 0 // default is anko
	ScriptGo   ScriptLang = 1 // new hotness is go

	ScheduledTypeSearch string = "search"
	ScheduledTypeScript string = "script"
	ScheduledTypeFlow   string = "flow"

	SEQ_NODE_NOT_EXECUTED = 9999999
)
View Source 
const (
	// Universal requests
	REQ_CLOSE          uint32 = 0x1
	REQ_ENTRY_COUNT    uint32 = 0x3
	REQ_SEARCH_DETAILS uint32 = 0x4
	REQ_SEARCH_TAGS    uint32 = 0x5

	// Universal responses
	RESP_ERROR          uint32 = 0xFFFFFFFF
	RESP_CLOSE          uint32 = 0x1
	RESP_ENTRY_COUNT    uint32 = 0x3
	RESP_SEARCH_DETAILS uint32 = 0x4
	RESP_SEARCH_TAGS    uint32 = 0x5
)
View Source 
const (
	LaunchMethodManual          = `manual`
	LaunchMethodDirectQuery     = `directquery`
	LaunchMethodFlow            = `flow`
	LaunchMethodScript          = `script`
	LaunchMethodScheduledSearch = `scheduledSearch`
	LaunchMethodDashboard       = `dashboard`
)

Search Launch Methods

View Source 
const (
	NotificationLevelInfo     string = `info`
	NotificationLevelWarn     string = `warn`
	NotificationLevelError    string = `error`
	NotificationLevelCritical string = `critical`
)
View Source 
const AllowedMacroChars = "ABCDCEFGHIJKLMNOPQRSTUVWXYZ1234567890_-"
View Source 
const (
	TokenHeader string = `Gravwell-Token`
)

Variables

View Source 
var (
	ErrMissingModule error = errors.New("extraction module name is missing")
	ErrMissingParams error = errors.New("extraction parameters missing")
	ErrMissingTag    error = errors.New("extraction tag assignment missing")
)
View Source 
var (
	ErrNameChartableMismatch = errors.New("Name lengths do not match chartable lengths")
	ChartableNaN             = ChartableDataPoint(math.NaN())
)
View Source 
var (
	ErrNoMetadata          = errors.New("No metadata available")
	ErrIngestNotRestricted = errors.New("Ingest is not restricted")
)
View Source 
var (
	Overrides = []FeatureOverride{
		Replication,
		SingleSignon,
		Overwatch,
		NoStats,
		UnlimitedCPU,
		UnlimitedIngest,
		CBAC,
	}

	OverrideNames = []string{
		ReplicationName,
		SingleSignonName,
		OverwatchName,
		NoStatsName,
		UnlimitedCPUName,
		UnlimitedIngestName,
		CBACName,
	}
)
View Source 
var (
	ErrIllegalMacroCharacter error = errors.New("Illegal character in macro name")
)
View Source 
var (
	ErrInvalidGeofence = errors.New("Invalid geofence")
)
View Source 
var (
	ErrUnknownCapability = errors.New("Unknown capability")
)
View Source 
var (
	ErrUnknownScriptLanguage = errors.New("Unknown script language")
)
View Source 
var (
	//essentially a never expires
	NeverExpires = time.Date(2099, 12, 31, 12, 0, 0, 0, time.UTC)
)

Functions

func AddCapability 

func AddCapability(b []byte, cp Capability) (r []byte, err error)

AddCapability adds the capability c to the bitmask b

func CapabilityStringList 

func CapabilityStringList() []string

func CheckApiVersion 

func CheckApiVersion(remote ApiInfo) error

func CheckCapability 

func CheckCapability(b []byte, c Capability) (r bool)

CheckCapability checks if the capability c is set in the bitmask b

func CheckMacroName 

func CheckMacroName(name string) error

func CheckTagAccess 

func CheckTagAccess(tg string, prime TagAccess, set []TagAccess) (allowed bool)

CheckTagAccess returns true if the tag tg is allowed in the given TagAccess object.

func CheckUserCapabilityAccess 

func CheckUserCapabilityAccess(ud *UserDetails, c Capability) (allowed bool)

CheckUserCapabilityAccess checks if a user has access to a given capability based on their direct and group assignments

func EncodeCapabilities 

func EncodeCapabilities(caps []Capability) (b []byte, err error)

Encode encodes a list of capabilities into a buffer

func EncodeMetadata 

func EncodeMetadata(md map[string]interface{}) ([]byte, error)

func FeatureOverridesString 

func FeatureOverridesString(fo FeatureOverride) (s string)

func FilterTags 

func FilterTags(tags []string, prime TagAccess, set []TagAccess) (r []string)

Return the set of tags permitted within a given slice of tags.

func GenLine 

func GenLine(wtr io.Writer, name, line string) (err error)

func RemoveCapability 

func RemoveCapability(b []byte, c Capability) (r bool)

RemoveCapability removes the capability c in the bitmask b

func UniqueIngesters 

func UniqueIngesters(sts []IngestStats) (r uint64)

func ValidateCapabilities 

func ValidateCapabilities(cps []Capability) (err error)

Types

type AXDefinition 

type AXDefinition struct {
	Name        string    `toml:"name,omitempty" json:",omitempty"`
	Desc        string    `toml:"desc,omitempty" json:",omitempty"`
	Module      string    `toml:"module"`
	Params      string    `toml:"params" json:",omitempty"`
	Args        string    `toml:"args,omitempty" json:",omitempty"`
	Tag         string    `toml:"tag"`
	Tags        []string  `toml:"tags"` // AXs can support multiple tags. For backwards compatibility, we leave Tag and add Tags
	Labels      []string  `toml:"-"`
	UID         int32     `toml:"-"`
	GIDs        []int32   `toml:"-"`
	Global      bool      `toml:"-"`
	UUID        uuid.UUID `toml:"-"`
	Synced      bool      `toml:"-" json:"-"`
	LastUpdated time.Time `toml:"-"`
}

AutoExtractor object. When setting an AutoExtractor, only Name, Module, Params, and Tag must be set.

func (AXDefinition) Encode 

func (dc AXDefinition) Encode(fout io.Writer, hdr string) (err error)

Encode the "config file" styled AX definition to the given io.Writer. hdr is an optional header comment.

func (AXDefinition) Equal 

func (axd AXDefinition) Equal(v AXDefinition) bool

func (*AXDefinition) GetTags 

func (dc *AXDefinition) GetTags() []string

func (AXDefinition) JSONMetadata 

func (dc AXDefinition) JSONMetadata() (ro json.RawMessage, err error)

func (*AXDefinition) Validate 

func (dc *AXDefinition) Validate() error

Verify all required fields in an AXDefinition object are valid.

type Access 

type Access struct {
	Global bool
	GIDs   []int32
}

type Actions 

type Actions struct {
	Delete bool
	Modify bool
	Share  bool
}

type AddGroup 

type AddGroup struct {
	Name string
	Desc string
}

type AddUser 

type AddUser struct {
	User  string
	Pass  string
	Name  string
	Email string
	Admin bool
}

type AdminActionResp 

type AdminActionResp struct {
	UID   int32 `json:",omitempty"`
	Admin bool  `json:",omitempty"`
}

type AlertConsumer 

type AlertConsumer struct {
	ID string `json:"ID"`

	Type AlertConsumerType `json:"Type"`
}

AlertConsumer - Something which consumes alerts.

type AlertConsumerType 

type AlertConsumerType string

AlertConsumerType : Possible types for an Alert Consumer 

const (
	ALERTCONSUMERTYPE_FLOW AlertConsumerType = "flow"
)

List of AlertConsumerType

type AlertConsumerValidateRequest 

type AlertConsumerValidateRequest struct {
	Consumer AlertConsumer

	Alert AlertDefinition
}

AlertConsumerValidateRequest - Request to validate the given consumer for use with an alert

type AlertConsumerValidateResponse 

type AlertConsumerValidateResponse struct {
	Valid bool

	Error string
}

AlertConsumerValidateResponse - Indicates whether a consumer is valid for a given alert or not.

type AlertDefinition 

type AlertDefinition struct {
	// The actions the user is allowed to take on this definition.
	// Derived by the backend when requested by the user; any
	// value sent in a request will be ignored.
	Can Actions `json:"Can"`

	// A list of flows which will be run when alerts are generated.
	Consumers []AlertConsumer `json:"Consumers"`

	Description string `json:"Description"`

	Disabled bool `json:"Disabled"`

	// A list of things which create alerts (currently only scheduled searches).
	Dispatchers []AlertDispatcher `json:"Dispatchers"`

	GIDs []int32 `json:"GIDs"`

	GUID uuid.UUID `json:"GUID"`

	Global bool `json:"Global"`

	Labels []string `json:"Labels"`

	LastUpdated time.Time `json:"LastUpdated"`

	// Maximum number of events allowed per firing of the alert. This is
	// intended as a safety valve to avoid thousands of emails. If zero,
	// a (low) default value will be used.
	MaxEvents int `json:"MaxEvents"`

	Name string `json:"Name"`

	// How long, in seconds, we should save searches which trigger this alert.
	SaveSearchDuration int32 `json:"SaveSearchDuration"`

	// Whether or not searches which trigger the alert should be saved
	SaveSearchEnabled bool `json:"SaveSearchEnabled"`

	// A JSON schema describing the expected fields in the alerts.
	Schemas AlertSchemas `json:"Schemas"`

	// The tag into which alerts will be ingested
	TargetTag string `json:"TargetTag"`

	ThingUUID uuid.UUID `json:"ThingUUID"`

	// The owner of the Alert
	UID int32 `json:"UID"`

	// Arbitrary user-defined metadata which will be injected into the events
	UserMetadata map[string]interface{} `json:"UserMetadata"`

	// Sharing rules for this alert.
	WriteAccess Access `json:"WriteAccess"`
}

AlertDefinition - A Gravwell Alert specification

func (*AlertDefinition) JSONMetadata 

func (alert *AlertDefinition) JSONMetadata() (json.RawMessage, error)

type AlertDispatcher 

type AlertDispatcher struct {
	ID string `json:"ID"`

	Type AlertDispatcherType `json:"Type"`
}

AlertDispatcher - Something which creates alerts.

type AlertDispatcherType 

type AlertDispatcherType string

AlertDispatcherType : Possible types for an Alert Dispatcher 

const (
	ALERTDISPATCHERTYPE_SCHEDULEDSEARCH AlertDispatcherType = "scheduledsearch"
)

List of AlertDispatcherType

type AlertDispatcherValidateError 

type AlertDispatcherValidateError struct {

	// The path that led to the error
	Path string

	InvalidValue *interface{}

	// Human-friendly information as to why the item failed
	Message string
}

AlertDispatcherValidateError - Describes a failed validation item for a dispatcher

type AlertDispatcherValidateRequest 

type AlertDispatcherValidateRequest struct {
	Dispatcher AlertDispatcher

	QueryString string

	Schema AlertSchemas
}

AlertDispatcherValidateRequest - Request to validate the given dispatcher against a schema. Populate the Dispatcher field to refer to an existing scheduled search, or set QueryString to test a query string

type AlertDispatcherValidateResponse 

type AlertDispatcherValidateResponse struct {

	// If true, the dispatcher generates all required fields in the schema.
	Valid bool

	// Names of fields which were missing.
	ValidationErrors []AlertDispatcherValidateError
}

AlertDispatcherValidateResponse - Indicates which, if any, fields the given dispatcher failed to provide.

type AlertSchemas 

type AlertSchemas struct {

	// The "simple" schema, if any is defined.
	Simple []AlertSchemasSimpleItem

	// A schema derived from an OCSF spec.
	OCSF AlertSchemasOcsf

	// A user-provided JSON schema.
	JSON map[string]interface{}

	ActiveSchema string
}

AlertSchema - Contains schema definitions for an alert and selects which one is to be used.

type AlertSchemasOcsf 

type AlertSchemasOcsf struct {
	EventClass string

	Extensions []string

	Profiles []string
}

AlertSchemasOcsf defines an OCSF schema to use.

type AlertSchemasSimpleItem 

type AlertSchemasSimpleItem struct {
	Name string

	Type string
}

AlertSchemasSimpleItem defines a single item in a Simple schema

type ApiInfo 

type ApiInfo struct {
	Major uint32
	Minor uint32
}

func ApiVersion 

func ApiVersion() ApiInfo

type AttachSearchRequest 

type AttachSearchRequest struct {
	ID string
}

Request to reattach to a search.

type AttachSearchResponse 

type AttachSearchResponse struct {
	Error       string      `json:",omitempty"` //error if not
	Subproto    string      `json:",omitempty"` //the new subprotocol
	RendererMod string      `json:",omitempty"` //the renderer in use
	RendererCmd string      `json:",omitempty"` //the renderer commands
	Info        *SearchInfo `json:",omitempty"` //info if available
}

AttachSearchResponse contains the subproto and SearchInfo object when attaching to a search.

type AuthorInfo 

type AuthorInfo struct {
	Name    string
	Email   string
	Company string
	URL     string
}

type BackendNotification 

type BackendNotification struct {
	Notification
	Action NotificationAction
	GUID   uuid.UUID
}

type BackupConfig 

type BackupConfig struct {
	IncludeSS     bool   // Include scheduled searches
	OmitSensitive bool   // Omit sensitive items
	Password      string // password to use when encrypting backup file
}

type BackupResponse 

type BackupResponse struct {
	DownloadID string
	Expiration time.Time
}

type BaseRequest 

type BaseRequest struct {
	ID         uint32
	Stats      *SearchStatsRequest `json:",omitempty"`
	EntryRange *EntryRange         `json:",omitempty"`
	Addendum   json.RawMessage     `json:",omitempty"`
}

BaseRequest contains elements common to all renderer requests. DEPRECATED - use REST API

type BaseResponse 

type BaseResponse struct {
	ID         uint32                    // DEPRECATED - REST API no longer returns this value
	Stats      *SearchStatsResponse      `json:",omitempty"`
	Addendum   json.RawMessage           `json:",omitempty"`
	SearchInfo *SearchInfo               `json:",omitempty"`
	EntryRange *EntryRange               `json:",omitempty"`
	Metadata   *SearchMetadata           `json:",omitempty"`
	Tags       map[string]entry.EntryTag `json:",omitempty"`
	Error      string                    `json:",omitempty"`

	// Finished is true when the query has completed.
	Finished bool

	// EntryCount is the number of entries which *entered* the renderer.
	EntryCount uint64
	// For some renderers, the EntryCount accurately represents the total
	// number of results available. This field is set to 'true' in that case,
	// meaning the EntryCount number can be displayed alongside the results
	// without confusion.
	EntryCountValid bool

	// If set, there are more entries for the given timeframe available.
	// For non-condensing this means EntryCount > request.Last
	// For condensing, this means that given the range, there are values
	// available after the Last range.
	AdditionalEntries bool

	// Indicates that the query results exceeded the on-disk storage limits.
	OverLimit bool
	// Indicates the range of entries that were dropped due to storage limits.
	LimitDroppedRange TimeRange

	//SessionID is the search Session ID, used for tracking "handles" on a search using REST interface
	SessionID uuid.UUID

	//Interval is the number of seconds between hits on the search control REST API for a given second
	//that can transpire before we consider the search session abandoned
	Interval uint
}

BaseResponse contains elements common to all renderer request responses.

func (BaseResponse) Err 

func (br BaseResponse) Err() error

type BuildInfo 

type BuildInfo struct {
	CanonicalVersion
	BuildDate  time.Time `json:",omitempty"`
	BuildID    string    `json:",omitempty"`
	GUIBuildID string    `json:",omitempty"`
}

func (BuildInfo) NewerVersion 

func (bi BuildInfo) NewerVersion(nbi BuildInfo) bool

func (BuildInfo) String 

func (bi BuildInfo) String() string

func (BuildInfo) Version 

func (bi BuildInfo) Version() string

Return the full build version of Gravwell eg "4.1.2"

type CBACRules 

type CBACRules struct {
	Capabilities CapabilitySet
	Tags         TagAccess
}

CBACRules is the main structure that holds default stats and grants for for API and tag access the Capabilities and Tags sub structures handle access independently

func (*CBACRules) CapabilityList 

func (abr *CBACRules) CapabilityList() (r []CapabilityDesc)

CapabilityList returns a comprehensive set of capability descriptions that the given ruleset has access to

func (*CBACRules) CapabilityState 

func (abr *CBACRules) CapabilityState() (r CapabilityState)

export a CapabilityState from the underlying capability rules

func (*CBACRules) HasCapability 

func (abr *CBACRules) HasCapability(c Capability) (allowed bool)

HasCapability checks if a given CBACRules set has a capability

type CalendarEntry 

type CalendarEntry struct {
	Date         string `json:"date"`
	DataIngested uint64 `json:"dataIngested"`
	EntryCount   uint64 `json:"entryCount"`
}

type CalendarRequest 

type CalendarRequest struct {
	Start time.Time `json:"start"`
	End   time.Time `json:"end"`
	Wells []string  `json:"wells"`
}

type CanonicalVersion 

type CanonicalVersion struct {
	Major uint32
	Minor uint32
	Point uint32
}

The full version of Gravwell in this build - eg 4.1.2

func ParseCanonicalVersion 

func ParseCanonicalVersion(s string) (r CanonicalVersion, err error)

Return a CanonicalVersion object containing the given version string. Must be in the form of "X.Y.Z".

func (CanonicalVersion) Compare 

func (cv CanonicalVersion) Compare(ncv CanonicalVersion) int

Compare returns the following: 

0	- equal versions
<0	- incoming is older than existing
>0	- incoming is newer then existing

func (CanonicalVersion) Compatible 

func (cv CanonicalVersion) Compatible(min, max CanonicalVersion) bool

func (CanonicalVersion) Enabled 

func (cv CanonicalVersion) Enabled() bool

func (CanonicalVersion) NewerVersion 

func (cv CanonicalVersion) NewerVersion(ncv CanonicalVersion) bool

NewerVersion returns true if the incoming version is newer than coming

func (CanonicalVersion) String 

func (cv CanonicalVersion) String() string

type CapError 

type CapError struct {
	Cap   string
	Error string
}

CapError is an enhanced error that will return why an API told you know Typically its an error message and the capability you would need in order to use the API

type Capability 

type Capability uint16
const (
	Search           Capability = 0
	Download         Capability = 1
	SaveSearch       Capability = 2
	AttachSearch     Capability = 3
	BackgroundSearch Capability = 4

	SetSearchGroup     Capability = 6
	SearchHistory      Capability = 7
	SearchGroupHistory Capability = 8
	SearchAllHistory   Capability = 9
	DashboardRead      Capability = 10
	DashboardWrite     Capability = 11
	ResourceRead       Capability = 12
	ResourceWrite      Capability = 13
	TemplateRead       Capability = 14
	TemplateWrite      Capability = 15
	PivotRead          Capability = 16
	PivotWrite         Capability = 17
	MacroRead          Capability = 18
	MacroWrite         Capability = 19
	LibraryRead        Capability = 20
	LibraryWrite       Capability = 21
	ExtractorRead      Capability = 22
	ExtractorWrite     Capability = 23
	UserFileRead       Capability = 24
	UserFileWrite      Capability = 25
	KitRead            Capability = 26
	KitWrite           Capability = 27
	KitBuild           Capability = 28
	KitDownload        Capability = 29
	ScheduleRead       Capability = 30
	ScheduleWrite      Capability = 31
	SOARLibs           Capability = 32
	SOAREmail          Capability = 33
	PlaybookRead       Capability = 34
	PlaybookWrite      Capability = 35

	//management capabilities
	LicenseRead       Capability = 36
	Stats             Capability = 37
	Ingest            Capability = 38
	ListUsers         Capability = 39
	ListGroups        Capability = 40
	ListGroupMembers  Capability = 41
	NotificationRead  Capability = 42
	NotificationWrite Capability = 43
	SystemInfoRead    Capability = 44
	TokenRead         Capability = 45
	TokenWrite        Capability = 46
	SecretRead        Capability = 47
	SecretWrite       Capability = 48
	AlertRead         Capability = 49
	AlertWrite        Capability = 50
)

func CapabilityList 

func CapabilityList() []Capability

func (Capability) CapabilityDesc 

func (c Capability) CapabilityDesc() CapabilityDesc

CapabilityDesc converts a Capability into a CapabilityDescription

func (Capability) Category 

func (c Capability) Category() CapabilityCategory

Name returns the ASCII name of a capability

func (Capability) Description 

func (c Capability) Description() string

Description returns an ASCII description of a capability value

func (Capability) Name 

func (c Capability) Name() string

Name returns the ASCII name of a capability

func (*Capability) Parse 

func (c *Capability) Parse(v string) (err error)

Parse attempts to resolve a capability value from a name Parse will ignore case and trim surrounding whitespace

func (Capability) String 

func (c Capability) String() string

String implements the stringer interface, it does not return a parsable name but rather a shorthand description

func (Capability) Valid 

func (c Capability) Valid() bool

Check if the capability value is valid/known

type CapabilityCategory 

type CapabilityCategory string

type CapabilityDesc 

type CapabilityDesc struct {
	Cap      Capability
	Name     string
	Desc     string
	Category CapabilityCategory
}

CapabilityDesc is an enhanced structure containing a capability value, its name, and a brief description

func CapabilityDescriptions 

func CapabilityDescriptions() (r []CapabilityDesc)

func CreateUserCapabilityList 

func CreateUserCapabilityList(ud *UserDetails) (r []CapabilityDesc)

CreateUserCapabilityList creates a comprehensive list of capabilities the user has access to based on their direct and group assignments

type CapabilityExplanation 

type CapabilityExplanation struct {
	CapabilityDesc
	Granted     bool           // True if the user has this capability
	UserGrant   bool           // True if the capability was explicitly granted to the user
	GroupGrants []GroupDetails // An array of groups to which the user belongs that grant the capability.
}

CapabilityExplanation wraps a CapabilityDesc with information about if and how the user *obtained* that capability.

type CapabilitySet 

type CapabilitySet struct {
	Grants []byte
}

CapabilitySet is the compacted set of default values and grants The CapabilitySet is translated from the CapabilityState and held internally for faster operations

func (*CapabilitySet) CapabilityList 

func (cs *CapabilitySet) CapabilityList() (r []CapabilityDesc)

CapabilityList returns a list of capability descrptions that are in this set

func (*CapabilitySet) Clear 

func (cs *CapabilitySet) Clear(c Capability) (r bool)

Clear removes a capability grant from the CapabilitySet

func (CapabilitySet) Has 

func (cs CapabilitySet) Has(c Capability) bool

Has checks if a capability is allowed given the default value and grants

func (CapabilitySet) IsSet 

func (cs CapabilitySet) IsSet(c Capability) bool

IsSet checks if a capability grant is set

func (*CapabilitySet) Set 

func (cs *CapabilitySet) Set(c Capability) (r bool)

Set sets an grant on the capability set

type CapabilityState 

type CapabilityState struct {
	Grants []string
}

CapabilityState is the expanded set of capabilities that is exchanged between clients the the API The grants specified using the full name of a capability to make the API more explicit

func AllCapabilityAccess 

func AllCapabilityAccess() CapabilityState

func (CapabilityState) CapabilityList 

func (st CapabilityState) CapabilityList() (lst []CapabilityDesc, err error)

CapabilityList returns a list of capability descriptions that this capability state has access to

func (CapabilityState) CapabilitySet 

func (st CapabilityState) CapabilitySet() (cs CapabilitySet, err error)

CapabilitySet converts the human friendly CapabilityState into an optimized and encoded CapabilitySet for internal use

func (CapabilityState) MarshalJSON 

func (cs CapabilityState) MarshalJSON() ([]byte, error)

type CapabilityTemplate 

type CapabilityTemplate struct {
	Name string
	Desc string
	Caps []Capability
}

CapabilityTemplate is group of capabilities with a name and description, this is used to build up a simplified set of macro capabilities like "can run all searches" or "can read results but not write them"

func TemplateList 

func TemplateList() []CapabilityTemplate

func (CapabilityTemplate) CapabilityState 

func (ct CapabilityTemplate) CapabilityState() (s CapabilityState)

CapabilityState takes a capability template and converts it into a capability set that can be sent to the API This defaults to a state with default deny and explicit allow

type ChangePassword 

type ChangePassword struct {
	OrigPass string
	NewPass  string
}

type ChartRequest 

type ChartRequest struct {
	BaseRequest
}

type ChartResponse 

type ChartResponse struct {
	BaseResponse
	Entries ChartableValueSet
}

type Chartable 

type Chartable struct {
	Data []ChartableDataPoint
	TS   entry.Timestamp
}

type ChartableDataPoint 

type ChartableDataPoint float64

func (ChartableDataPoint) IsNaN 

func (cdp ChartableDataPoint) IsNaN() bool

func (ChartableDataPoint) MarshalJSON 

func (cdp ChartableDataPoint) MarshalJSON() ([]byte, error)

type ChartableSet 

type ChartableSet []Chartable

func (*ChartableSet) Add 

func (cs *ChartableSet) Add(c Chartable)

func (ChartableSet) Len 

func (cs ChartableSet) Len() int

func (*ChartableSet) Reset 

func (cs *ChartableSet) Reset()

func (ChartableSet) Sec 

func (cs ChartableSet) Sec(i int) int64

func (ChartableSet) TS 

func (cs ChartableSet) TS(i int) entry.Timestamp

type ChartableValueSet 

type ChartableValueSet struct {
	Names      []string
	KeyComps   []KeyComponents `json:",omitempty"`
	Categories []string        `json:",omitempty"`
	Values     ChartableSet
}

ChartableValueSet is what is returned when we have a request for data the length of Names MUST BE the same length as each set of Values in each Set

func (*ChartableValueSet) AddKeyComponents 

func (cvs *ChartableValueSet) AddKeyComponents(name, cat string, keys []string) error

AddKeyComponents preps the ChartableValueSet with the appropriate key material

func (ChartableValueSet) MarshalJSON 

func (cvs ChartableValueSet) MarshalJSON() ([]byte, error)

func (*ChartableValueSet) Sort 

func (cvs *ChartableValueSet) Sort() error

Sort is a little helper that picks the right sort based on the data types exposed if there is only one set (one time slice for things like non time-series charts) it sorts by value if there is more than one time slice, it sortsby name

func (*ChartableValueSet) SortByNames 

func (cvs *ChartableValueSet) SortByNames() error

SortByNames will sort the chartable data by name, keeping values coordinated

func (*ChartableValueSet) SortByValue 

func (cvs *ChartableValueSet) SortByValue() error

SortByValues will sort the series by the the first value in the chartable data set this will return an error if there is more than one time slice of data

type Dashboard 

type Dashboard struct {
	ID          uint64
	Name        string
	UID         int32
	GIDs        []int32
	Global      bool
	Description string
	Created     time.Time
	Updated     time.Time
	Data        RawObject
	Labels      []string
	GUID        string `json:",omitempty"`
	Trivial     bool   `json:",omitempty"`
	Synced      bool
}

Dashboard type used for relaying data back and forth to frontend.

func (Dashboard) Equal 

func (d Dashboard) Equal(v Dashboard) bool

func (*Dashboard) UnmarshalObject 

func (d *Dashboard) UnmarshalObject(obj interface{}) error

type DashboardAdd 

type DashboardAdd struct {
	Name        string
	Description string
	Data        RawObject
	Labels      []string
	UID         int32
	GIDs        []int32
	Global      bool
}

DashboardAdd is used to push new dashboards.

func EncodeDashboardAdd 

func EncodeDashboardAdd(name, desc string, obj interface{}) (*DashboardAdd, error)

func (DashboardAdd) MarshalJSON 

func (d DashboardAdd) MarshalJSON() ([]byte, error)

func (*DashboardAdd) UnmarshalObject 

func (d *DashboardAdd) UnmarshalObject(obj interface{}) error

type DashboardComment 

type DashboardComment struct {
	ID      int
	UID     int
	Name    string
	Comment string
}

DashboardComment is used to send and retrieve comments.

type DashboardGet 

type DashboardGet struct {
	Name     string
	Desc     string
	JSON     []byte
	User     string
	Score    int `json:",omitempty"`
	Version  int `json:",omitempty"`
	GUID     string
	Created  time.Time
	Updated  time.Time
	Customer string
	Tags     []string
}

DashboardGet is used to get a dashboard from the marketplace.

type DashboardPost 

type DashboardPost struct {
	Name string
	Desc string
	JSON []byte
	User string
	Tags []string
}

DashboardPost is used in sending a new dashboard to the marketplace.

type Dashboards 

type Dashboards []Dashboard

func (Dashboards) MarshalJSON 

func (d Dashboards) MarshalJSON() ([]byte, error)

type DeploymentInfo 

type DeploymentInfo struct {
	Distributed     bool //distributed webservers, meaning more than one
	CBACEnabled     bool //whether CBAC is enabled on the system
	DefaultLanguage string
}

type DiskIO 

type DiskIO struct {
	Device string
	Read   uint64
	Write  uint64
}

Disk statistics as shown in the System Stats - Hardware and Disks view in Gravwell.

type DiskStats 

type DiskStats struct {
	Mount     string
	Partition string
	Total     uint64
	Used      uint64
	// unique ID for this disk on this host
	// essentially a hash of indexer UUID, Mount, and Partition
	// this is used to uniquely identify a disk and mount on a specific host
	// uses are for when multiple indexers have the same disk topology
	// or docker clusters where everything is identical
	ID string
}

Disk statistics as shown in the System Stats - Hardware and Disks view in Gravwell.

type Edge 

type Edge struct {
	Value int64 `json:"value"`
	// Source and Destination nodes for an edge are represented by an index
	// into the parent node set
	Src int `json:"source"` // index into the source node list
	Dst int `json:"target"` // index into the destination node list
}

type Element 

type Element struct {
	Module      string
	Args        string `json:",omitempty"`
	Name        string
	Path        string
	Value       interface{}
	SubElements []Element `json:",omitempty"`
	Filters     []string
}

An Element is an item which has been extracted from an entry using the data exploration system.

type EntryRange 

type EntryRange struct {
	StartTS entry.Timestamp `json:",omitempty"`
	EndTS   entry.Timestamp `json:",omitempty"`
	First   uint64
	Last    uint64
}

type EnumeratedPair 

type EnumeratedPair struct {
	Name     string
	Value    string             `json:"ValueStr"`
	RawValue RawEnumeratedValue `json:"Value"`
}

EnumeratedPair is the string representation of enumerated values.

func (EnumeratedPair) String 

func (ep EnumeratedPair) String() string

type ErrorObject 

type ErrorObject struct {
	Err  string `json:"error"`
	Info string `json:"info,omitempty"`
}

ErrorObject is a basic error object with the error value and an optional info structure that has more info about the error

type Event 

type Event struct {
	Type     EventType
	Metadata EventMetadata          `json:",omitempty"`
	Contents map[string]interface{} `json:",omitempty"`
}

Event is the type produced by an Alert Dispatcher which gets ingested. The Type field should always be EVENTTYPE_EVENT, to indicate that this is a regular event.

type EventConsumerInfo 

type EventConsumerInfo struct {
	Type   AlertConsumerType
	ID     string
	Name   string
	Labels []string `json:",omitempty"`
}

EventConsumerInfo gives extended information about a consumer which will be launched to consume this event.

type EventDispatcherInfo 

type EventDispatcherInfo struct {
	Type         AlertDispatcherType
	ID           string
	Name         string   `json:",omitempty"`
	SearchID     string   `json:",omitempty"`
	Labels       []string // any labels attached to this dispatcher
	EventCount   int      // number of events that were generated by the dispatcher
	EventsElided bool     // true if we had to drop events because there were too many results
}

EventDispatcherInfo gives extended information about the thing which triggered the alert / created the event

type EventLog 

type EventLog struct {
	Type    EventType
	Level   string
	Message string            `json:",omitempty"`
	KV      map[string]string `json:",omitempty"`
	Trigger Event             `json:",omitempty"`
}

EventLog gets generated when something happens during the execution of an alert that needs to be logged. The Type field should always be EVENTTYPE_LOG.

type EventMetadata 

type EventMetadata struct {
	UID                int32
	Username           string
	Created            time.Time
	AlertID            string // ThingUUID of the Alert
	AlertName          string
	AlertActivation    string // uniquely identify the particular activation of the alert
	EventIndex         int    // this event's index within the dispatcher results for the alert activation
	TargetTag          string // the tag this got sent to
	AlertLabels        []string
	Dispatcher         EventDispatcherInfo
	Consumers          []EventConsumerInfo    `json:",omitempty"` // consmers which will be launched for this event
	UserMetadata       map[string]interface{} // this is arbitrary stuff that the user attached to the alert def.
	ValidationProblems []ValidationProblem    `json:",omitempty"`
}

EventMetadata tells us about the owner of this event definition and who created the event.

func BuildEventMetadata 

func BuildEventMetadata(created time.Time, ud UserDetails, alertDef AlertDefinition, dispatcher EventDispatcherInfo) EventMetadata

BuildEventMetadata builds up a generic EventMetadata to be used with events for a specific firing of the given Alert via the given Dispatcher.

type EventType 

type EventType string

type ExploreRequest 

type ExploreRequest struct {
	Start int64
	End   int64
}

ExploreRequest is used to request that the webserver perform a complete cracking of all entries in the given range, the webserver will return an array of ExploreResult

type ExploreResult 

type ExploreResult struct {
	Elements []Element `json:",omitempty"`
	// This represents the module which generated the result, but
	// individual Elements may have a different module set for
	// purposes of filtering.
	Module      string
	Tag         string
	WordOffsets []WordOffset `json:",omitempty"`
}

type FdgRequest 

type FdgRequest struct {
	BaseRequest
}

type FdgResponse 

type FdgResponse struct {
	BaseResponse
	Entries FdgSet
}

type FdgSet 

type FdgSet struct {
	Nodes  []Node   `json:"nodes"`
	Edges  []Edge   `json:"links"`
	Groups []string `json:"groups"`
}

type FeatureOverride 

type FeatureOverride uint64

func NewFeatureOverride 

func NewFeatureOverride(name string) (fo FeatureOverride, err error)

func ParseFeatureOverrides 

func ParseFeatureOverrides(v string) (fo FeatureOverride, err error)

func (FeatureOverride) Set 

func (fo FeatureOverride) Set(t FeatureOverride) bool

func (FeatureOverride) String 

func (fo FeatureOverride) String() (r string)

func (*FeatureOverride) Update 

func (fo *FeatureOverride) Update(t FeatureOverride)

type Features 

type Features struct {
	Replication     bool
	SingleSignon    bool
	Overwatch       bool
	NoStats         bool
	UnlimitedCPU    bool
	CBAC            bool
	UnlimitedIngest bool
}

Features is a list of features present on this license. It's used in the /api/license path to report what features are available (but not necessarily in use).

type FilterRequest 

type FilterRequest struct {
	Tag    string
	Module string
	Args   string `json:",omitempty"`
	Path   string // The path to extract
	Name   string // The desired output name
	Op     string
	Value  string
}

type FlowNodeResult 

type FlowNodeResult struct {
	Payload map[string]interface{}
	ID      int    // the node ID
	Type    string // the type of node, e.g. RunQuery
	Log     string
	Error   string
	Start   int64 // unix nanoseconds
	End     int64 // unix nanoseconds
	// The first node executed has sequence 0, the next is sequence 1, etc.
	// Nodes which were not executed have Sequence = SEQ_NODE_NOT_EXECUTED
	Sequence int
}

type FlowParseRequest 

type FlowParseRequest struct {
	Flow       string
	DebugEvent *Event // If provided, this will be set as `event` in the flow payload for parsing.
}

type FlowParseResponse 

type FlowParseResponse struct {
	OK bool

	// Error and ErrorNode are now deprecated; look at the Failures map
	// to see if there were parse problems. They are retained for compatibility.
	Error     string `json:",omitempty"`
	ErrorNode int    // the node which failed to parse (ignore if Error is empty)

	OutputPayloads map[int]map[string]interface{}
	InitialPayload map[string]interface{} // the payload which gets passed to nodes with no dependencies
	Failures       map[int]NodeParseFailure
}

type GUISettings 

type GUISettings struct {
	DistributedWebservers bool
	DisableMapTileProxy   bool
	MapTileUrl            string

	// If true, the UI shouldn't display any notifications about new features
	DisableFeaturePopups bool

	// Indicates that we're in cloud mode - changes some behaviors
	CloudMode bool

	ServerTime           time.Time
	ServerTimezone       string
	ServerTimezoneOffset int

	MaxFileSize        uint64 // the maximum size allowed for user file uploads
	MaxResourceSize    uint64 // the largest resource you're allowed to make
	MaxJsonRequestSize uint64 // the largest object you're allowed to send in a JSON request body

	IngestAllowed bool // set to true if the user is allowed to use the ingest APIs
	NonCommercial bool // set to true if the license is a non-commercial license
}

type GaugeRequest 

type GaugeRequest struct {
	BaseRequest
}

type GaugeResponse 

type GaugeResponse struct {
	BaseResponse
	Entries []GaugeValue
}

type GaugeValue 

type GaugeValue struct {
	Name      string
	Magnitude float64
	Min       float64
	Max       float64
}

Gauge renderer

type GenerateAXRequest 

type GenerateAXRequest struct {
	Tag     string
	Entries []SearchEntry
}

A GenerateAXRequest contains a tag name and a set of entries. It is used by clients to request all possible extractions from the given entries. All entries should have the same tag.

type GenerateAXResponse 

type GenerateAXResponse struct {
	Extractor AXDefinition
	// Confidence is a range from 0 to 10, with 10 meaning "we are very confident"
	// and 0 meaning "we didn't extract anything of worth".
	// Some modules, like xml, will return values lower than 10 even if they extracted
	// lots of data, because other modules like winlog should take precedence if they
	// succeed.
	Confidence float64
	Entries    []SearchEntry
	Explore    []ExploreResult
}

A GenerateAXResponse contains an autoextractor definition and corresponding Element extractions as gathered from a single extraction module

type Geofence 

type Geofence struct {
	SouthWest Location `json:",omitempty"`
	NorthEast Location `json:",omitempty"`
	// contains filtered or unexported fields
}

func (*Geofence) CrossesAntimeridian 

func (gf *Geofence) CrossesAntimeridian() bool

func (*Geofence) Enabled 

func (gf *Geofence) Enabled() bool

func (*Geofence) InFence 

func (gf *Geofence) InFence(loc Location) bool

func (*Geofence) Validate 

func (gf *Geofence) Validate() error

type GroupDetails 

type GroupDetails struct {
	GID    int32
	Name   string
	Desc   string
	Synced bool
	CBAC   CBACRules `json:"-"` //do not include in API responses
}

type HeatmapRequest 

type HeatmapRequest struct {
	BaseRequest
	Fence Geofence `json:",omitempty"`
}

type HeatmapResponse 

type HeatmapResponse struct {
	BaseResponse
	Entries []HeatmapValue `json:",omitempty"`
}

type HeatmapValue 

type HeatmapValue struct {
	Location
	Magnitude float64 `json:",omitempty"`
}

func (HeatmapValue) MarshalJSON 

func (hv HeatmapValue) MarshalJSON() ([]byte, error)

func (*HeatmapValue) UnmarshalJSON 

func (hv *HeatmapValue) UnmarshalJSON(data []byte) error

type HostSysStats 

type HostSysStats struct {
	Uptime                uint64  `json:",omitempty"`
	TotalMemory           uint64  `json:",omitempty"`
	ProcessHeapAllocation uint64  `json:",omitempty"` // bytes allocated by this process's heap
	ProcessSysReserved    uint64  `json:",omitempty"` // total bytes obtained from the OS
	MemoryUsedPercent     float64 `json:",omitempty"`
	Disks                 []DiskStats
	CPUUsage              float64
	CPUCount              int `json:",omitempty"`
	HostHash              string
	Net                   NetworkUsage `json:",omitempty"`
	IO                    []DiskIO
	VirtSystem            string       `json:",omitempty"` // e.g. "kvm" or "xen"
	VirtRole              string       `json:",omitempty"` // "host" or "guest"
	BuildInfo             BuildInfo    `json:",omitempty"` // e.g. 3.3.1
	LoadAverage           load.AvgStat `json:",omitempty"`
	Iowait                float64
}

Host statistics, used by the System Stats view in Gravwell.

type IdKitState 

type IdKitState struct {
	UUID        uuid.UUID
	UID         int32
	GIDs        []int32
	Global      bool
	WriteAccess Access
	KitState
}

type that is used when sending back lists via a ADMIN request (show uid and gid)

type IdxStatResponse 

type IdxStatResponse struct {
	Error string              `json:",omitempty"`
	Stats map[string]IdxStats `json:",omitempty"`
}

type IdxStats 

type IdxStats struct {
	UUID       uuid.UUID
	Error      string              `json:",omitempty"`
	IndexStats []IndexManagerStats `json:",omitempty"`
}

func (*IdxStats) MarshalJSON 

func (m *IdxStats) MarshalJSON() ([]byte, error)

type ImportInfo 

type ImportInfo struct {
	Imported  bool
	Time      time.Time //timestamp of when the results were imported
	BatchName string    //potential import batch name
	BatchInfo string    //potential import batch notes

}

type IndexManagerStats 

type IndexManagerStats struct {
	Name  string
	Stats []IndexerStats
}

func (*IndexManagerStats) MarshalJSON 

func (m *IndexManagerStats) MarshalJSON() ([]byte, error)

type IndexerPingResponse 

type IndexerPingResponse struct {
	Error  string            `json:",omitempty"`
	States map[string]string `json:",omitempty"`
}

IndexerPingResponse contains a map of states for all configured indexers.

type IndexerRequest 

type IndexerRequest struct {
	DialString string

	Forwarded bool // If set, do NOT propagate this message to other webservers
}

type IndexerStats 

type IndexerStats struct {
	ID          string // unique well ID based on the indexer UUID and the well ID assigned at indexer startup
	Data        uint64
	Entries     uint64
	Path        string
	Cold        bool
	Accelerator string `json:",omitempty"`
	Extractor   string `json:",omitempty"`
}

type IndexerWellData 

type IndexerWellData struct {
	UUID  uuid.UUID
	Wells []WellInfo
	//Key is the UUID of the remote system that we have replicated data for
	//the value is the list of wells and their data
	Replicated map[uuid.UUID][]WellInfo
}

func (IndexerWellData) MarshalJSON 

func (v IndexerWellData) MarshalJSON() ([]byte, error)

func (*IndexerWellData) Sort 

func (iwd *IndexerWellData) Sort()

type IngestResponse 

type IngestResponse struct {
	Count int64
	Size  int64
	Tags  []string
}

type IngestStats 

type IngestStats struct {
	QuotaUsed         uint64     // Quota used so far
	QuotaMax          uint64     // Total quota
	EntriesPerSecond  float64    // Entries per second over the last few seconds
	BytesPerSecond    float64    // Bytes per second over the last few seconds
	TotalCount        uint64     //Total Entries since the ingest server started
	TotalSize         uint64     //Total Data since the ingest server started
	LastDayCount      uint64     //total entries in last 24 hours
	LastDaySize       uint64     //total ingested in last 24 hours
	EntriesHourTail   [24]uint64 //entries per 1 hour bucket with 24 hours of tail
	EntriesMinuteTail [60]uint64 //entries per 1 second bucket with 60s of tail
	BytesHourTail     [24]uint64 //bytes per 1 hour bucket with 24 hours of tail
	BytesMinuteTail   [60]uint64 //bytes per 1 second bucket with 60s of tail
	Ingesters         []IngesterStats
	Missing           []ingest.IngesterState //ingesters that have been seen before but not actively connected now
}

func (IngestStats) MarshalJSON 

func (is IngestStats) MarshalJSON() ([]byte, error)

type IngesterStats 

type IngesterStats struct {
	RemoteAddress string
	Count         uint64
	Size          uint64
	Uptime        time.Duration
	Tags          []string
	Name          string
	Version       string
	UUID          string
	State         ingest.IngesterState
}

func (IngesterStats) Hash 

func (is IngesterStats) Hash() uint64

func (IngesterStats) MarshalJSON 

func (is IngesterStats) MarshalJSON() ([]byte, error)

type IngesterStatsResponse 

type IngesterStatsResponse struct {
	Error string                 `json:",omitempty"`
	Stats map[string]IngestStats `json:",omitempty"`
}

type InstallStatus 

type InstallStatus struct {
	Owner int32
	Done  bool

	Percentage  float64
	CurrentStep string
	Error       string
	Log         string
	InstallID   int32
	Updated     time.Time
	// contains filtered or unexported fields
}

func NewInstallStatus 

func NewInstallStatus(itemcount int, installID int32, uid int32) *InstallStatus

func (*InstallStatus) ItemDone 

func (i *InstallStatus) ItemDone()

func (*InstallStatus) SetDone 

func (i *InstallStatus) SetDone()

func (*InstallStatus) SetError 

func (i *InstallStatus) SetError(err error)

func (*InstallStatus) UpdateCurrentStep 

func (i *InstallStatus) UpdateCurrentStep(step string)

type KeyComponents 

type KeyComponents struct {
	Keys []string
}

type KitBuildRequest 

type KitBuildRequest struct {
	ID                string
	Name              string
	Description       string
	Readme            string
	Version           uint
	MinVersion        CanonicalVersion  `json:",omitempty"`
	MaxVersion        CanonicalVersion  `json:",omitempty"`
	Dashboards        []uint64          `json:",omitempty"`
	Templates         []uuid.UUID       `json:",omitempty"`
	Pivots            []uuid.UUID       `json:",omitempty"`
	Resources         []string          `json:",omitempty"`
	ScheduledSearches []int32           `json:",omitempty"`
	Flows             []int32           `json:",omitempty"`
	Macros            []uint64          `json:",omitempty"`
	Extractors        []uuid.UUID       `json:",omitempty"`
	Files             []uuid.UUID       `json:",omitempty"`
	SearchLibraries   []uuid.UUID       `json:",omitempty"`
	Playbooks         []uuid.UUID       `json:",omitempty"`
	Alerts            []uuid.UUID       `json:",omitempty"`
	EmbeddedItems     []KitEmbeddedItem `json:",omitempty"`
	Icon              string            `json:",omitempty"`
	Banner            string            `json:",omitempty"`
	Cover             string            `json:",omitempty"`
	Dependencies      []KitDependency   `json:",omitempty"`
	ConfigMacros      []KitConfigMacro
	ScriptDeployRules map[int32]ScriptDeployConfig
}

the type that is used to request a kit be built

func (*KitBuildRequest) Validate 

func (pbr *KitBuildRequest) Validate() error

type KitBuildResponse 

type KitBuildResponse struct {
	UUID string
	Size int64
	UID  int32 `json:",omitempty"`
}

type KitConfig 

type KitConfig struct {
	OverwriteExisting       bool  `json:",omitempty"`
	Global                  bool  `json:",omitempty"`
	AllowExternalResource   bool  `json:",omitempty"`
	AllowUnsigned           bool  `json:",omitempty"`
	InstallationGroup       int32 `json:",omitempty"` // deprecated, use InstallationGroups instead
	InstallationGroups      []int32
	InstallationWriteAccess Access
	Labels                  []string `json:",omitempty"` // labels applied to each *item*
	KitLabels               []string `json:",omitempty"` // labels applied to the *kit* itself
	ConfigMacros            []KitConfigMacro
	ScriptDeployRules       map[string]ScriptDeployConfig // overrides for defaults
}

KitConfig represents rules, labels, and other configuration options used during kit installation.

type KitConfigMacro 

type KitConfigMacro struct {
	MacroName     string // The name of the macro which will be created
	Description   string // a verbose description of what this *does*
	DefaultValue  string // Should be defined at kit creation time
	Value         string // Set by the UI when preparing for installation
	Type          string // "TAG" or "OTHER"
	InstalledByID string // if the macro already exists, the ID of the kit that installed it
}

type KitDependency 

type KitDependency struct {
	ID         string
	MinVersion uint
}

KitDependency declares a series of kits and minimum version requirements

type KitEmbeddedItem 

type KitEmbeddedItem struct {
	KitItem
	Content []byte `json:",omitempty"` //the actual contents of the kit
}

type KitItem 

type KitItem struct {
	Name           string
	Type           string
	ID             string          `json:",omitempty"` //the UUID
	AdditionalInfo json.RawMessage `json:",omitempty"`
	Hash           [sha256.Size]byte
}

Each item in a kit (dashboard, query, etc) is represented by a KitItem object.

func (*KitItem) DescriptionString 

func (ki *KitItem) DescriptionString() (s string)

func (KitItem) String 

func (ki KitItem) String() (r string)

type KitItemStatus 

type KitItemStatus struct {
	Item  KitItem
	Error string
}

type KitManifest 

type KitManifest struct {
	UID         int32
	GIDs        []int32
	Global      bool
	WriteAccess Access
	UUID        uuid.UUID
	Data        []byte
	WebserverID uuid.UUID // which webserver created this manifest: needed to manage staged manifests & on-disk kit files
	Synced      bool
}

the type that handles the datastore system

func (*KitManifest) Decode 

func (pm *KitManifest) Decode(v interface{}) (err error)

func (*KitManifest) Encode 

func (pm *KitManifest) Encode(v interface{}) (err error)

type KitMetadata 

type KitMetadata struct {
	ID            string
	Name          string
	GUID          string `json:",omitempty"` // DEPRECATED, TODO: remove
	UUID          string
	Version       uint
	Description   string
	Readme        string
	Signed        bool
	AdminRequired bool
	MinVersion    CanonicalVersion
	MaxVersion    CanonicalVersion
	Size          int64
	Created       time.Time
	Ingesters     []string //ingesters associated with the kit
	Tags          []string //tags associated with the kit
	Assets        []KitMetadataAsset
	Dependencies  []KitDependency
	Items         []KitItem
	ConfigMacros  []KitConfigMacro
}

KitMetadata is a struct that is primarily served by the kit server, we use this to record info about a kit so the GUI and hint to users what kits they shoudld install.

type KitMetadataAsset 

type KitMetadataAsset struct {
	Type     string
	Source   string //URL
	Legend   string //some description about the asset
	Featured bool   //should be an image, will be used for cover image
	Banner   bool   //should be an image, will be used for upper banner image
}

KitMetadataAssets are items that might be associated with kits when hosting them we use these to enable pinning additional stuff to a kit.

func (KitMetadataAsset) String 

func (kma KitMetadataAsset) String() (s string)

type KitModifyReport 

type KitModifyReport struct {
	Statuses []KitItemStatus
	WasError bool
}

type KitState 

type KitState struct {
	ID                   string
	Name                 string
	Description          string
	Readme               string
	UUID                 string
	Signed               bool
	AdminRequired        bool
	MinVersion           CanonicalVersion `json:",omitempty"`
	MaxVersion           CanonicalVersion `json:",omitempty"`
	UID                  int32            `json:",omitempty"`
	Version              uint
	Items                []KitItem
	Labels               []string
	Icon                 string           //use for icon when in the context of a kit
	Banner               string           //use for banner in a kit
	Cover                string           //use for cover image on a kit
	ModifiedItems        []SourcedKitItem // Items which were installed by a previous version of the kit and have been modified by the user
	ConflictingItems     []KitItem        // items which will overwrite a user-created object
	RequiredDependencies []KitMetadata
	Installed            bool             //true means everything was pushed in, false means it is JUST staged
	InstallationTime     time.Time        // the time at which this kit was installed
	InstallationVersion  CanonicalVersion // the Gravwell version in use when this kit was installed
	ConfigMacros         []KitConfigMacro
	Metadata             json.RawMessage `json:",omitempty"`
}

The kit data type that is actually stored in the datastore

func (*KitState) AddItem 

func (ps *KitState) AddItem(itm KitItem) error

func (*KitState) GetItem 

func (ps *KitState) GetItem(name, tp string) (KitItem, error)

func (*KitState) RemoveItem 

func (ps *KitState) RemoveItem(name, tp string) error

func (*KitState) UpdateItem 

func (ps *KitState) UpdateItem(name, tp, id string) error

type LaunchRequest 

type LaunchRequest struct {
	StartSearchRequest
}

LaunchRequest is a new named type so that we can abstract away the websocket launch requests from the REST requests

type LaunchResponse 

type LaunchResponse struct {
	SearchSessionID uuid.UUID `json:",omitempty"`
	// RefreshInterval is used to convey and optionally update the minimum interval
	// required in between touching a search session.  This value defines how often a client
	// must refresh thier search session before a search may be expired due to inactivity
	RefreshInterval uint //refresh interval in seconds

	// unified info that is always needed
	SearchID     string     `json:",omitempty"`
	RenderModule string     `json:",omitempty"`
	RenderCmd    string     `json:",omitempty"`
	Info         SearchInfo `json:",omitempty"`
}

LaunchResponse is used to respond to both Launch and Attach requests the type returns metadata about the search as well as this contains all the embedded

type LicenseDistributionStatus 

type LicenseDistributionStatus struct {
	Status string                 `json:"status"`
	States []LicenseIndexerStatus `json:"states,omitempty"`
}

type LicenseIndexerInfo 

type LicenseIndexerInfo struct {
	Indexer string      `json:"indexer"`
	Error   error       `json:"error,omitempty"`
	Info    LicenseInfo `json:"info,omitempty"`
}

type LicenseIndexerStatus 

type LicenseIndexerStatus struct {
	Indexer  string `json:"indexer"`
	Serviced bool   `json:"ready"`
	Error    string `json:"error,omitempty"`
}

type LicenseInfo 

type LicenseInfo struct {
	Version        uint64
	CustomerUUID   string `json:",omitempty"`
	CustomerNumber uint64
	Expiration     entry.Timestamp
	Type           LicenseType
	//MaxNodes is either maximum machines for cluster type, or sockets for single type
	MaxNodes  uint32
	Overrides FeatureOverride
	Metadata  []byte
	NFR       bool //non-commercial license override
	Hash      []byte
}

A LicenseInfo block represents the overall configuration for a license - the type, customer information, expiration, etc.

func (LicenseInfo) CBACEnabled 

func (li LicenseInfo) CBACEnabled() bool

func (LicenseInfo) Features 

func (li LicenseInfo) Features() Features

func (LicenseInfo) Get 

func (li LicenseInfo) Get(key string) (val interface{}, err error)

func (LicenseInfo) NoStatsEnabled 

func (li LicenseInfo) NoStatsEnabled() bool

func (LicenseInfo) OverwatchEnabled 

func (li LicenseInfo) OverwatchEnabled() bool

func (LicenseInfo) ReplicationEnabled 

func (li LicenseInfo) ReplicationEnabled() bool

func (LicenseInfo) SKU 

func (li LicenseInfo) SKU() string

SKU is <version><license type><max nodes>

func (LicenseInfo) SSOEnabled 

func (li LicenseInfo) SSOEnabled() bool

func (LicenseInfo) Serial 

func (li LicenseInfo) Serial() string

Serial number is a hex string composed of the following <cust number>-<version>-<license type><max nodes>-<expiration>

func (LicenseInfo) UnlimitedCPUEnabled 

func (li LicenseInfo) UnlimitedCPUEnabled() bool

func (LicenseInfo) UnlimitedIngestEnabled 

func (li LicenseInfo) UnlimitedIngestEnabled() bool

func (LicenseInfo) Validate 

func (li LicenseInfo) Validate() error

Validate ensures the license info is valid.

type LicenseType 

type LicenseType uint64

func ParseType 

func ParseType(c string) (LicenseType, error)

func (LicenseType) Abbr 

func (lt LicenseType) Abbr() string

func (LicenseType) AllFeatures 

func (lt LicenseType) AllFeatures() (r bool)

func (LicenseType) MarshalJSON 

func (lt LicenseType) MarshalJSON() ([]byte, error)

func (LicenseType) SingleNode 

func (lt LicenseType) SingleNode() (r bool)

func (LicenseType) String 

func (lt LicenseType) String() string

func (*LicenseType) UnmarshalJSON 

func (lt *LicenseType) UnmarshalJSON(v []byte) error

func (LicenseType) Valid 

func (lt LicenseType) Valid() bool

type LicenseUpdateError 

type LicenseUpdateError struct {
	Name string
	Err  string
}

structure for license updates and warnings

type LicenseUsage 

type LicenseUsage struct {
	Unlimited bool                 // license is unlimited, nothing else will be here
	Quota     uint64               // license ingest limitation
	Used      uint64               // license ingest usage
	Entries   uint64               // total count of entries (does not impact license)
	History   []LicenseUsageBucket `json:",omitempty"`
	Error     error                `json:",omitempty"`
}

LicenseUsage is the data structure that is handed back to indicate how much of a license quota is used and what the usage looks like over the rolling windows. Unlimited licenses will return Unlimited = true with everything else empty

type LicenseUsageBucket 

type LicenseUsageBucket struct {
	Start time.Time //start of this bucket
	End   time.Time //end of this bucket
	Size  uint64    //ingest bucket size
	Count uint64    //ingest bucket count
}

LicenseUsageBucket is a time bucket of license quota activity A typical license tracks a 24 hour rolling window with 1 hour buckets Unlimited licenses do not track ingest at all

type LicenseUsageReport 

type LicenseUsageReport struct {
	Unlimited bool                    //every single reporting indexer has unlimited ingest OR an error, nothing to report
	Indexers  map[string]LicenseUsage `json:",omitempty"` // if all indexers are unlimited this won't bbe included at all
}

LicenseUsageReport is the meta structure that contains all the license tracking data for potentially many indexers The typical use cases are a single cluster with unlimited ingest, a single indexer with unlimited ingest, or a single indexer with limited ingest however, overwatch topologies may have mixed licensing across the indexers

type Location 

type Location struct {
	Lat  float64
	Long float64
}

func (*Location) Decode 

func (loc *Location) Decode(v []byte) bool

func (Location) Encode 

func (loc Location) Encode() (v []byte)

func (Location) String 

func (loc Location) String() string

func (Location) Valid 

func (loc Location) Valid() bool

type LogLevel 

type LogLevel struct {
	Level string
}

type LoggingLevels 

type LoggingLevels struct {
	Levels  []string
	Current string
}

func (*LoggingLevels) MarshalJSON 

func (m *LoggingLevels) MarshalJSON() ([]byte, error)

type LoginRequest 

type LoginRequest struct {
	User string
	Pass string
}

type LoginResponse 

type LoginResponse struct {
	LoginStatus bool
	Reason      string `json:",omitempty"`
	Admin       bool   `json:",omitempty"`
	JWT         string `json:",omitempty"`
}

type ModuleHint 

type ModuleHint struct {
	Name            string
	ProducedEVs     []string
	ConsumedEVs     []string
	ResourcesNeeded []string
	Condensing      bool
}

ModuleHint contain "hints" about modules, populated during the init and parse phase. Hints contain information such as what enumerated values are used and produced and what resources are needed by a given module.

type ModuleStatsUpdate 

type ModuleStatsUpdate struct {
	InputCount, OutputCount uint64
	InputBytes, OutputBytes uint64
	Duration                time.Duration
}

func (*ModuleStatsUpdate) Add 

func (sms *ModuleStatsUpdate) Add(v ModuleStatsUpdate)

func (*ModuleStatsUpdate) AddIn 

func (sms *ModuleStatsUpdate) AddIn(count, bts uint64)

func (*ModuleStatsUpdate) AddOut 

func (sms *ModuleStatsUpdate) AddOut(count, bts uint64)

func (ModuleStatsUpdate) Equal 

func (sms ModuleStatsUpdate) Equal(t ModuleStatsUpdate) bool

func (*ModuleStatsUpdate) Size 

func (m *ModuleStatsUpdate) Size() (sz int64)

type NetworkUsage 

type NetworkUsage struct {
	Up   uint64
	Down uint64
}

type Node 

type Node struct {
	Name  string `json:"name"`
	Group int    `json:"group"`
}

type NodeParseError 

type NodeParseError struct {
	Err   string
	Field string `json:",omitempty"`
}

NodeParseError represents a single problem encountered during the parse phase, e.g. an un-set config field. Field represents which config field, if any, was the source of the problem; if unset, the error was of a more general nature.

func (NodeParseError) Error 

func (f NodeParseError) Error() string

func (NodeParseError) String 

func (f NodeParseError) String() string

type NodeParseFailure 

type NodeParseFailure struct {
	Errors []NodeParseError
}

NodeParseFailure represents all problems encountered during a node's Parse phase

func (*NodeParseFailure) AddError 

func (f *NodeParseFailure) AddError(e error)

AddError registers a new error. It can take regular errors, NodeParseError, or NodeParseFailure.

func (*NodeParseFailure) ErrCount 

func (f *NodeParseFailure) ErrCount() int

ErrCount returns the number of errors registered.

func (NodeParseFailure) Error 

func (f NodeParseFailure) Error() string

Error returns an error string for the NodeParseFailure. It just returns the first error if there are multiple errors; to handle it better, walk the Errors array yourself.

type Notification 

type Notification struct {
	UID         int32
	GID         int32
	Sender      int32     //who sent it
	Type        uint32    //ID which specifies the type of notification
	Broadcast   bool      //was this a broadcast to multiple users
	Sent        time.Time //when was it sent
	Expires     time.Time //when does it expire
	IgnoreUntil time.Time //Don't display until after this time
	Msg         string
	Origin      uuid.UUID // which device sent it (currently only used on indexers)
	Level       string    `json:",omitempty"` //generic keyword indicating how bad this notification is
	Link        string    `json:",omitempty"`
}

func (*Notification) Expired 

func (n *Notification) Expired() bool

type NotificationAction 

type NotificationAction uint32
var (
	SetBackendNotification   NotificationAction = 0
	ClearBackendNotification NotificationAction = 1
)

type NotificationSet 

type NotificationSet map[uint64]Notification

type OverviewStatSet 

type OverviewStatSet struct {
	Count uint64
	Bytes uint64
	TS    entry.Timestamp
}

type OverviewStats 

type OverviewStats struct {
	//indicates where in the search span the query currently is, can be used for progress
	SearchPosition entry.Timestamp
	//indicates if the search is finished
	Finished bool
	// Indicates that the query results exceeded the on-disk storage limits.
	OverLimit bool
	// Indicates the range of entries that were dropped due to storage limits.
	LimitDroppedRange TimeRange
	// For some renderers, the EntryCount accurately represents the total
	// number of results available. This field is set to 'true' in that case,
	// meaning the EntryCount number can be displayed alongside the results
	// without confusion.
	EntryCountValid bool
	EntryCount      uint64
	Stats           []OverviewStatSet `json:",omitempty"`
}

type P2PRequest 

type P2PRequest struct {
	BaseRequest
	Fence Geofence `json:",omitempty"`
}

type P2PResponse 

type P2PResponse struct {
	BaseResponse
	ValueNames []string
	Entries    []P2PValue `json:",omitempty"`
}

type P2PValue 

type P2PValue struct {
	Src       Location
	Dst       Location
	Magnitude float64  `json:",omitempty"`
	Values    []string `json:",omitempty"`
}

type PackedPivot 

type PackedPivot struct {
	UUID        string
	Name        string
	Description string
	Data        RawObject
	Labels      []string
}

type used for pivots in packages

func (*PackedPivot) JSONMetadata 

func (put *PackedPivot) JSONMetadata() (json.RawMessage, error)

type PackedUserTemplate 

type PackedUserTemplate struct {
	UUID        string
	Name        string
	Description string
	Data        TemplateContents
	Labels      []string
}

type used for templates in packages

func (*PackedUserTemplate) JSONMetadata 

func (put *PackedUserTemplate) JSONMetadata() (json.RawMessage, error)

func (*PackedUserTemplate) UnmarshalJSON 

func (t *PackedUserTemplate) UnmarshalJSON(data []byte) error

type ParseSearchRequest 

type ParseSearchRequest struct {
	SearchString string
	Sequence     uint64
	Filters      []FilterRequest
}

type ParseSearchResponse 

type ParseSearchResponse struct {
	Sequence    uint64
	GoodQuery   bool
	ParseError  string `json:",omitempty"`
	ParsedQuery string `json:",omitempty"`
	RawQuery    string `json:",omitempty"`
	ModuleIndex int
	SearchHints
}

type PerWellStorageStats 

type PerWellStorageStats struct {
	StorageStats
	Accelerator    string   `json:"accelerator"`
	Engine         string   `json:"engine"`
	PathCold       string   `json:"pathCold"`
	PathHot        string   `json:"pathHot"`
	ShardCountCold uint64   `json:"shardCountCold"`
	ShardCountHot  uint64   `json:"shardCountHot"`
	Tags           []string `json:"tags"`
	WellName       string   `json:"wellName"`
}

type PingReq 

type PingReq struct {
	X error `json:",omitempty"`
}

type Pivot 

type Pivot struct {
	GUID        uuid.UUID
	Name        string
	Description string
	Contents    RawObject
	Labels      []string
	Disabled    bool
}

Pivot is what is stored in the "thing" object, it is encoded into Contents

func (Pivot) Pack 

func (t Pivot) Pack() (put PackedPivot)

func (Pivot) WirePivot 

func (pivot Pivot) WirePivot(thing Thing) WirePivot

type Playbook 

type Playbook struct {
	UUID        uuid.UUID
	GUID        uuid.UUID // global identifier, used to uniquely identify a playbook rather than as a key in the webstore. Sorry.
	UID         int32
	GIDs        []int32
	Global      bool
	WriteAccess Access
	Name        string
	Desc        string
	Body        []byte `json:",omitempty"`
	Metadata    []byte `json:",omitempty"`
	Labels      []string
	LastUpdated time.Time
	Author      AuthorInfo
	Synced      bool
}

Playbook configuration, including ownership, description, etc., as well as the playbook content.

func (Playbook) JSONMetadata 

func (pb Playbook) JSONMetadata() (json.RawMessage, error)

type PointmapKV 

type PointmapKV struct {
	Key   string
	Value string
}

func (PointmapKV) IsEmpty 

func (pkv PointmapKV) IsEmpty() bool

func (PointmapKV) MarshalJSON 

func (pkv PointmapKV) MarshalJSON() (r []byte, err error)

type PointmapRequest 

type PointmapRequest struct {
	BaseRequest
	Fence Geofence `json:",omitempty"`
}

type PointmapResponse 

type PointmapResponse struct {
	BaseResponse
	Entries []PointmapValue `json:",omitempty"`
}

type PointmapValue 

type PointmapValue struct {
	Loc      Location
	Metadata []PointmapKV `json:",omitempty"`
}

type RawEnumeratedValue 

type RawEnumeratedValue struct {
	Type uint16
	Data []byte
}

func (RawEnumeratedValue) String 

func (rev RawEnumeratedValue) String() string

type RawObject 

type RawObject json.RawMessage

func (RawObject) MarshalJSON 

func (o RawObject) MarshalJSON() ([]byte, error)

marshalling and handlers for our raw object type

func (RawObject) String 

func (o RawObject) String() string

func (*RawObject) UnmarshalJSON 

func (o *RawObject) UnmarshalJSON(buff []byte) error

type RawRequest 

type RawRequest struct {
	BaseRequest
}

type RawResponse 

type RawResponse struct {
	BaseResponse
	ContainsBinaryEntries bool            //just a flag to tell the GUI that we might have data that needs some help
	Entries               []SearchEntry   `json:",omitempty"`
	Explore               []ExploreResult `json:",omitempty"`
}

func (RawResponse) MarshalJSON 

func (rr RawResponse) MarshalJSON() ([]byte, error)

type RenderModuleInfo 

type RenderModuleInfo struct {
	Name        string
	Description string
	Examples    []string
}

func (*RenderModuleInfo) MarshalJSON 

func (m *RenderModuleInfo) MarshalJSON() ([]byte, error)

type ReplicationState 

type ReplicationState struct {
	UUID    uuid.UUID
	Entries uint64
	Size    uint64
}

type ResourceContentType 

type ResourceContentType struct {
	ContentType string
	Body        []byte
}

type ResourceList 

type ResourceList struct {
	List   []ResourceMetadata
	Domain int16
}

This is used for client->server resource sync operations, basically "I am a webserver from domain <Domain>, here's what I have (<List>), delete anything in my domain that's not on the list".

type ResourceMetadata 

type ResourceMetadata struct {
	UID           int32     // owner
	GUID          string    // unique ID for this resource
	Domain        int16     // The webserver domain of this resource. Only webservers in this domain can access it.
	LastModified  time.Time // time resource was modified, including metadata
	VersionNumber int       // resource version #, increment at each Write
	GroupACL      []int32   // GIDs which can access the resource
	Global        bool      // if Global is set, any user can read the resource.
	ResourceName  string
	Description   string
	Size          uint64
	Hash          []byte
	Synced        bool     // Set to true if this version is on the datastore, false otherwise
	Labels        []string // the backend doesn't really care about these, it's the GUI's problem
}

func (ResourceMetadata) Equal 

func (m1 ResourceMetadata) Equal(m2 ResourceMetadata) bool

Equal returns true of both ResourceMetadata objects are identical.

func (ResourceMetadata) String 

func (m ResourceMetadata) String() string

type ResourceUpdate 

type ResourceUpdate struct {
	Metadata ResourceMetadata
	Data     []byte
	// contains filtered or unexported fields
}

func (*ResourceUpdate) Bytes 

func (ru *ResourceUpdate) Bytes() (b []byte)

Bytes returns a byte slice no matter what the underlying storage is if the ResourceUpdate is using a readCloser then it performs a complete read and returns a byte slice. If the reader points to a large resource this may require significant resources

func (*ResourceUpdate) Close 

func (ru *ResourceUpdate) Close()

Close is a safe method to make sure that ReadClosers and Byte Buffers are wiped out

func (*ResourceUpdate) SetStream 

func (ru *ResourceUpdate) SetStream(rc io.ReadCloser)

SetStream will set the resource update to use a read closer instead of static bytes we do not export the ReadCloser because gob can't handle it

func (*ResourceUpdate) Stream 

func (ru *ResourceUpdate) Stream() io.Reader

Stream generates a io.Reader from either the underlying reader or the Data byte slice

type RespError 

type RespError struct {
	Error string `json:",omitempty"`
}

type SSOStatus 

type SSOStatus struct {
	Enabled bool `json:"enabled"`
}

type SaveSearchPatch 

type SaveSearchPatch struct {
	SearchLaunchInfo
	// these are the supported fields in the free form search metadata; these are used by the GUI
	Name  string `json:"name,omitempty"`
	Notes string `json:"notes,omitempty"`
}

func (SaveSearchPatch) GetMetadata 

func (p SaveSearchPatch) GetMetadata() json.RawMessage

func (SaveSearchPatch) MergeLaunchInfo 

func (p SaveSearchPatch) MergeLaunchInfo(li *SearchLaunchInfo) (changed bool)

type ScheduledError 

type ScheduledError struct {
	Error     string
	Timestamp time.Time
}

type ScheduledSearch 

type ScheduledSearch struct {
	Synced      bool
	ID          int32
	GUID        uuid.UUID
	Groups      []int32
	Global      bool
	WriteAccess Access
	Name        string // the name of this scheduled search
	Description string // freeform description
	Labels      []string
	Owner       int32  // uid of owner
	Schedule    string // when to run: a cron spec
	Timezone    string // a location to use for the timezone, e.g. "America/New_York"
	Updated     time.Time
	Disabled    bool

	// These values are used for debug/testing runs
	OneShot    bool   // Set this flag to 'true' to make the search fire ONCE
	DebugMode  bool   // set this to true to enable debug mode
	DebugEvent *Event // If provided, this will be inserted as `event` into the flow payload.

	// if true, search agent will attempt to "backfill" missed runs since
	// the more recent of Updated or LastRun.
	BackfillEnabled bool

	// This sets what kind of scheduled "thing" it is: search, script, or flow
	ScheduledType string

	// Fields for scheduled searches
	SearchReference    uuid.UUID // A reference to a saved query item by UUID. If SearchString is populated on a GET, it represents the query referenced by SearchReference.
	SearchString       string    // The actual search to run. If SearchReference is populated on a GET, SearchString represents the query referenced by SearchReference.
	Duration           int64     // How many seconds back to search, MUST BE NEGATIVE
	SearchSinceLastRun bool      // If set, ignore Duration and run from last run time to now.
	TimeframeOffset    int64     // How many seconds to offset the search timeframe, MUST BE NEGATIVE.

	// For scheduled scripts
	Script         string     // If set, execute the contents rather than running SearchString
	ScriptLanguage ScriptLang // what script type is this: anko, go

	// For scheduled flows
	Flow            string                 // The flow specification itself
	FlowNodeResults map[int]FlowNodeResult // results for each node in the flow

	// These fields are updated by the search agent after it runs a search
	PersistentMaps  map[string]map[string]interface{}
	LastRun         time.Time
	LastRunDuration time.Duration    // how many nanoseconds did it take
	LastSearchIDs   []string         // the IDs of the most recently performed searches
	LastError       string           // any error from the last run of the scheduled search
	ErrorHistory    []ScheduledError // a list of previously-occurring errors
	DebugOutput     []byte           // output of the script if debugmode was enabled
}

ScheduledSearch represents a scheduled search, including rules, description, etc.

func FindMostRelevantAutomation 

func FindMostRelevantAutomation(ud UserDetails, guid uuid.UUID, automations []ScheduledSearch) (result ScheduledSearch, ok bool)

FindMostRelevantAutomation resolves the appropriate ScheduledSearch automation (scheduled search, script, or flow) for the given user based on the specified GUID.

func (*ScheduledSearch) Dedup 

func (ss *ScheduledSearch) Dedup()

func (ScheduledSearch) Equal 

func (s ScheduledSearch) Equal(v ScheduledSearch) bool

func (*ScheduledSearch) TypeName 

func (ss *ScheduledSearch) TypeName() string

type ScheduledSearchParseRequest 

type ScheduledSearchParseRequest struct {
	Version int
	Script  string
}

type ScheduledSearchParseResponse 

type ScheduledSearchParseResponse struct {
	OK          bool
	Error       string `json:",omitempty"`
	ErrorLine   int
	ErrorColumn int
}

type ScriptDeployConfig 

type ScriptDeployConfig struct {
	Disabled       bool
	RunImmediately bool
}

type ScriptLang 

type ScriptLang uint

func ParseScriptLang 

func ParseScriptLang(v string) (l ScriptLang, err error)

func (ScriptLang) String 

func (sl ScriptLang) String() string

func (ScriptLang) Valid 

func (sl ScriptLang) Valid() (err error)

type SearchAgentCheckin 

type SearchAgentCheckin struct {
	LastCheckin     string
	Warning         bool
	SearchAgentUUID string
	SearchAgentIP   string
}

type SearchAgentConfig 

type SearchAgentConfig struct {
	Searchagent_UUID                 string
	Webserver_Address                []string
	Insecure_Skip_TLS_Verify         bool
	Insecure_Use_HTTP                bool
	Search_Agent_Auth                string
	Scratch_Path                     string
	Max_Script_Run_Time              int64 // minutes!
	Log_File                         string
	Log_Level                        string
	Disable_Network_Script_Functions bool // disables "risky" scripting functions (network stuff)
	Disable_Self_Ingest              bool // disables ingesting search agent logs to indexers
	HTTP_Proxy                       string
}

type SearchCtrlStatus 

type SearchCtrlStatus struct {
	ID              string
	UID             int32
	GID             int32
	State           string
	AttachedClients int
	StoredData      int64
	UserQuery       string
	EffectiveQuery  string
	StartRange      time.Time
	EndRange        time.Time
	NoHistory       bool
	Import          ImportInfo
	LaunchInfo      SearchLaunchInfo
}

type SearchEntry 

type SearchEntry struct {
	TS         entry.Timestamp
	SRC        net.IP
	Tag        entry.EntryTag
	Data       []byte
	Enumerated []EnumeratedPair
}

Search entry is the entry that makes it out of the search pipeline.

func (SearchEntry) Equal 

func (se SearchEntry) Equal(v SearchEntry) bool

Return true if both SearchEntry objects are equal.

func (SearchEntry) GetEnumerated 

func (se SearchEntry) GetEnumerated(name string) (val string, ok bool)

Return the string representation of an enumerated value in a SearchEntry.

func (SearchEntry) String 

func (se SearchEntry) String() string

String implements the Stringer interface

type SearchHints 

type SearchHints struct {
	CollapsingIndex  int      // index of the first collapsed module
	RenderModule     string   `json:",omitempty"`
	TimeZoomDisabled bool     //Renderer does not support zooming around data based on time
	Tags             []string //the tags involved in the search
	ModuleHints      []ModuleHint
}

type SearchInfo 

type SearchInfo struct {
	ID                    string          //ID of the search
	UID                   int32           //UID of the user that actually kicked off the search
	GID                   int32           `json:",omitempty"` //Group ID the search was assigned to
	UserQuery             string          //query provided by the user on search
	EffectiveQuery        string          //the effective query that was actually used
	StartRange            time.Time       //start time range
	EndRange              time.Time       //end time range
	Descending            bool            //the direction the search is progressing (Descending is the standard)
	Started               time.Time       //time when the search was kicked off
	LastUpdate            time.Time       //last timestamp we saw (tells us where indexers are working)
	Duration              time.Duration   //Amount of time required to complete the search
	StoreSize             int64           //size of the main storage file
	IndexSize             int64           //size of an extra index file
	ItemCount             int64           //How many items have been stored
	TimeZoomDisabled      bool            //Renderer does not support zooming around data based on time
	RenderDownloadFormats []string        `json:",omitempty"`
	Metadata              json.RawMessage `json:",omitempty"` //additional metadata associated with a search
	Name                  string          `json:",omitempty"`
	CollapsingIndex       int
	NoHistory             bool // set to true if this search was launched with the "no history" flag, typically means it is an automated search.
	Background            bool // set to true if this search has been marked as backgrounded.
	MinZoomWindow         uint // what is the smallest minimum zoom window in seconds
	Tags                  []string
	Import                ImportInfo `json:",omitempty"` //information attached if there this search is saved and from an external import
	// Preview indicates that this search is a preview search
	// this means that the query most likely did not cover the entire time range that was originally requested
	// A preview search is used when a user is trying to understand what they have or establish AX relationships
	Preview bool

	LaunchInfo SearchLaunchInfo // information about how a search was launched
}

SearchInfo contains information about a search, including the search parameters, status, and metadata.

func (SearchInfo) MarshalJSON 

func (si SearchInfo) MarshalJSON() ([]byte, error)

custom Marshallers

func (SearchInfo) StorageSize 

func (si SearchInfo) StorageSize() int64

func (*SearchInfo) UnmarshalJSON 

func (si *SearchInfo) UnmarshalJSON(data []byte) error

type SearchLaunchInfo 

type SearchLaunchInfo struct {
	//what launched the search, manual, directquery, scheduledsearch, etc...
	Method string `json:"method,omitempty"`

	// Reference is the UUID, ID, etc. of the thing that launched the search
	// this is blank for manual queries
	Reference string `json:"reference,omitempty"`

	// Started is the timestamp of when the search was started.  This is used to inform
	// the GUI and/or clients on when the query was actually started.
	Started time.Time `json:"started,omitempty"`

	// Expires marks when when the search should expire/be deleted,
	// it may be the zero value which means never
	Expires time.Time `json:"expires,omitempty"`
}

type SearchLibrary 

type SearchLibrary struct {
	Name        string
	Description string
	Query       string `json:",omitempty"`
	GUID        uuid.UUID
	Labels      []string  `json:",omitempty"`
	Metadata    RawObject `json:",omitempty"`
}

SearchLibrary is a structure to store a search string and optional set of info The GUI uses this to build up a search library with info about a search

func (SearchLibrary) Equal 

func (psl SearchLibrary) Equal(other SearchLibrary) (ok bool)

func (SearchLibrary) JSONMetadata 

func (sl SearchLibrary) JSONMetadata() (json.RawMessage, error)

type SearchLog 

type SearchLog struct {
	UID            int32  //who started the search
	GID            int32  //what group the search was assigned to, if any
	UserQuery      string //what the user actually typed
	EffectiveQuery string //what was actually run
	Launched       time.Time
	Synced         bool
}

func (SearchLog) Equal 

func (sl SearchLog) Equal(v SearchLog) bool

type SearchMacro 

type SearchMacro struct {
	ID          uint64
	UID         int32
	GIDs        []int32
	Global      bool
	WriteAccess Access
	Name        string
	Description string
	Expansion   string
	Labels      []string
	LastUpdated time.Time
	Synced      bool
}

type SearchMetadata 

type SearchMetadata struct {
	ValueStats  []SearchMetadataEntry `json:",omitempty"`
	SourceStats []SourceMetadataEntry `json:",omitempty"`
	TagStats    map[string]uint       `json:",omitempty"`
}

type SearchMetadataEntry 

type SearchMetadataEntry struct {
	Name   string
	Type   string
	Number SearchMetadataNumber `json:",omitempty"`
	Raw    SearchMetadataRaw    `json:",omitempty"`
}

type SearchMetadataNumber 

type SearchMetadataNumber struct {
	Count uint
	Min   float64
	Max   float64
}

type SearchMetadataRaw 

type SearchMetadataRaw struct {
	Map   map[string]uint
	Other uint
}

type SearchModuleInfo 

type SearchModuleInfo struct {
	Name         string
	Info         string
	Examples     []string
	Collapsing   func(string) bool `json:"-"`
	FrontendOnly bool              // true if this module MUST run on frontend (anko)
	Sorting      bool
}

type SearchModuleStats 

type SearchModuleStats struct {
	ModuleStatsUpdate
	Name, Args string
	// contains filtered or unexported fields
}

func (SearchModuleStats) Equal 

func (sms SearchModuleStats) Equal(t SearchModuleStats) bool

func (SearchModuleStats) JSON 

func (sms SearchModuleStats) JSON() ([]byte, error)

func (*SearchModuleStats) ResetCounters 

func (s *SearchModuleStats) ResetCounters()

func (*SearchModuleStats) Size 

func (s *SearchModuleStats) Size() int64

type SearchModuleStatsUpdate 

type SearchModuleStatsUpdate struct {
	Stats []SearchModuleStats
	TS    entry.Timestamp
}

func (*SearchModuleStatsUpdate) Add 

func (s *SearchModuleStatsUpdate) Add(smsu *SearchModuleStatsUpdate) error

func (*SearchModuleStatsUpdate) AddUpdate 

func (s *SearchModuleStatsUpdate) AddUpdate(mu []ModuleStatsUpdate) error

func (*SearchModuleStatsUpdate) Append 

func (s *SearchModuleStatsUpdate) Append(sms SearchModuleStats)

func (SearchModuleStatsUpdate) Copy 

func (s SearchModuleStatsUpdate) Copy() SearchModuleStatsUpdate

func (*SearchModuleStatsUpdate) CopyZero 

func (s *SearchModuleStatsUpdate) CopyZero() SearchModuleStatsUpdate

CopyZero hands back a SearchModuleStatsUpdate structure zeroed out with ONLY the TS and the module names we use this for one-off search modules that relay stats in a strange manner due to condensing

func (*SearchModuleStatsUpdate) IsNull 

func (s *SearchModuleStatsUpdate) IsNull() bool

func (*SearchModuleStatsUpdate) MarshalJSON 

func (m *SearchModuleStatsUpdate) MarshalJSON() ([]byte, error)

func (*SearchModuleStatsUpdate) ResetCounters 

func (s *SearchModuleStatsUpdate) ResetCounters()

func (*SearchModuleStatsUpdate) Size 

func (s *SearchModuleStatsUpdate) Size() (sz int64)

type SearchSessionIntervalUpdate 

type SearchSessionIntervalUpdate struct {
	Interval uint
}

type SearchStatsRequest 

type SearchStatsRequest struct {
	SetCount int64           `json:",omitempty"`
	SetStart entry.Timestamp `json:",omitempty"`
	SetEnd   entry.Timestamp `json:",omitempty"`
	Addendum json.RawMessage `json:",omitempty"`
}

func (SearchStatsRequest) MarshalJSON 

func (ssr SearchStatsRequest) MarshalJSON() ([]byte, error)

type SearchStatsResponse 

type SearchStatsResponse struct {
	Addendum    json.RawMessage   `json:",omitempty"`
	RangeStart  entry.Timestamp   `json:",omitempty"`
	RangeEnd    entry.Timestamp   `json:",omitempty"`
	Current     entry.Timestamp   `json:",omitempty"`
	Set         []StatSet         `json:",omitempty"`
	OverviewSet []OverviewStatSet `json:",omitempty"`
	Size        int               `json:",omitempty"`
}

func (SearchStatsResponse) MarshalJSON 

func (ssr SearchStatsResponse) MarshalJSON() ([]byte, error)

type Secret 

type Secret struct {
	ID      uuid.UUID `json:"id"`
	Name    string    `json:"name"`
	Desc    string    `json:"description"`
	UID     int32     `json:"uid"`
	Groups  []int32   `json:"groups,omitempty"`
	Global  bool      `json:"global"`
	Created time.Time `json:"created"`
}

Secret is the metadata associated with a secret, it contains ownership information but not the associated value

type SecretCreate 

type SecretCreate struct {
	Name   string  `json:"name"`
	Desc   string  `json:"description"`
	Groups []int32 `json:"groups,omitempty"`
	Global bool    `json:"global"`
	Value  string  `json:"value"`
}

SecretCreate is the structure used to ask the API to make a new secret, only the request parameters are present

type SecretFull 

type SecretFull struct {
	Secret
	Value string `json:"value"`
}

SecretFull represents the full secret including its value. This type is not sent through any traditional APIs

type Session 

type Session struct {
	ID          uint64 `json:",omitempty"`
	JWT         string `json:",omitempty"`
	UID         int32  `json:",omitempty"`
	Origin      net.IP
	LastHit     time.Time
	UDets       *UserDetails `json:",omitempty"`
	TempSession bool
	Synced      bool
}

AuthSession contains all the information needed to authenticate.

func DecodeSession 

func DecodeSession(b []byte) (*Session, error)

func (*Session) Encode 

func (s *Session) Encode() ([]byte, error)

type ShardInfo 

type ShardInfo struct {
	Name        string
	Start       time.Time
	End         time.Time
	Entries     uint64           //number of entries in the shard
	Size        uint64           //raw size of data in the shard
	Stored      uint64           //actual disk usage of the shard
	RemoteState ReplicationState `json:",omitempty"`
	Cold        bool             //true if the shard is in the code storage
}

func (ShardInfo) MarshalJSON 

func (si ShardInfo) MarshalJSON() ([]byte, error)

custom marshaller to deal with the fact that the json marshaller can't handle the "empty" uuid value

type SortableSearchLog 

type SortableSearchLog []SearchLog

func (SortableSearchLog) Len 

func (s SortableSearchLog) Len() int

func (SortableSearchLog) Less 

func (s SortableSearchLog) Less(i, j int) bool

func (SortableSearchLog) Swap 

func (s SortableSearchLog) Swap(i, j int)

type SourceMetadataEntry 

type SourceMetadataEntry struct {
	IP    string
	Count uint
}

type SourcedKitItem 

type SourcedKitItem struct {
	KitItem
	KitID      string
	KitVersion uint
	KitName    string
}

SourcedKitItem is wraps a KitItem with additional information regarding the kit's version and origin.

type StackGraphRequest 

type StackGraphRequest struct {
	BaseRequest
}

type StackGraphResponse 

type StackGraphResponse struct {
	BaseResponse
	Entries []StackGraphSet
}

type StackGraphSet 

type StackGraphSet struct {
	Key    string
	Values []StackGraphValue
}

func (*StackGraphSet) Magnitude 

func (sgs *StackGraphSet) Magnitude() (v int64)

type StackGraphValue 

type StackGraphValue struct {
	Label string
	Value int64
}

type StartSearchAck 

type StartSearchAck struct {
	Ok                   bool
	OutputSearchSubproto string `json:",omitempty"`
	OutputStatsSubproto  string `json:",omitempty"`
}

Once a search has begin, an ACK is sent.

type StartSearchRequest 

type StartSearchRequest struct {
	SearchString string
	SearchStart  string
	SearchEnd    string
	Background   bool
	NoHistory    bool `json:",omitempty"`
	//Preview indicates that the renderer should only capture enough to show some usage of data
	//A raw, text, hex renderer will grab a few hundred or thousand entries
	//charts will grab enough to draw something useful
	//everything else will get "enough"
	Preview bool `json:",omitempty"`
	//NonTemporal is used to hint that we do not want this query to be temporal IF POSSIBLE
	//some queries cannot respect this, but things like table and some charts can
	NonTemporal bool            `json:",omitempty"`
	Metadata    json.RawMessage `json:",omitempty"`
	Addendum    json.RawMessage `json:",omitempty"`
	Name        string          `json:",omitempty"`
	Filters     []FilterRequest
	LaunchInfo  SearchLaunchInfo // information about how a search was launched
}

StartSearchRequest represents a search that is sent to the search controller in the webserver.

type StartSearchResponse 

type StartSearchResponse struct {
	Error string `json:",omitempty"`
	// what the user typed
	RawQuery string `json:",omitempty"`
	//what the actual search being processed is after attaching render module
	SearchString         string           `json:",omitempty"`
	RenderModule         string           `json:",omitempty"`
	RenderCmd            string           `json:",omitempty"`
	OutputSearchSubproto string           `json:",omitempty"`
	SearchID             string           `json:",omitempty"`
	SearchStartRange     time.Time        `json:",omitempty"`
	SearchEndRange       time.Time        `json:",omitempty"`
	Background           bool             `json:",omitempty"`
	NonTemporal          bool             `json:",omitempty"`
	CollapsingIndex      int              // index of the first collapsed module
	Metadata             json.RawMessage  `json:",omitempty"`
	Addendum             json.RawMessage  `json:",omitempty"`
	LaunchInfo           SearchLaunchInfo // information about how a search was launched
	SearchHints
}

The webserver responds yay/nay plus new subprotocols if the search is valid. SearchStartRange and SearchEndRange should be strings in RFC3339Nano format

type StatSet 

type StatSet struct {
	Stats []SearchModuleStats
	TS    entry.Timestamp
	// contains filtered or unexported fields
}

func (*StatSet) Add 

func (ss *StatSet) Add(s *StatSet)

func (*StatSet) AddParts 

func (ss *StatSet) AddParts(ts entry.Timestamp, stats []SearchModuleStats)

func (*StatSet) AddStats 

func (ss *StatSet) AddStats(stats []SearchModuleStats)

func (*StatSet) MarshalJSON 

func (m *StatSet) MarshalJSON() ([]byte, error)

func (*StatSet) Populated 

func (ss *StatSet) Populated() bool

type StatsRequest 

type StatsRequest struct {
	BaseRequest
}

We have a generic StatsRequest type that ONLY implements the BaseRequest. This is so that clients can ask about stats without knowing about specific renderers.

type StatsResponse 

type StatsResponse struct {
	BaseResponse
}

type StatsUpdate 

type StatsUpdate struct {
	Stats    *SearchModuleStatsUpdate
	ClientID string
}

type StorageStats 

type StorageStats struct {
	CoverageStart    time.Time `json:"coverageStart"`
	CoverageEnd      time.Time `json:"coverageEnd"`
	DataIngestedHot  uint64    `json:"dataIngestedHot"`
	DataIngestedCold uint64    `json:"dataIngestedCold"`
	DataStoredHot    uint64    `json:"dataStoredHot"`
	DataStoredCold   uint64    `json:"dataStoredCold"`
	EntryCountHot    uint64    `json:"entryCountHot"`
	EntryCountCold   uint64    `json:"entryCountCold"`
}

type StoredBuildRequest 

type StoredBuildRequest struct {
	UID int32
	KitBuildRequest
	BuildDate time.Time
}

this is what we store in the datastore

type StringTagEntry 

type StringTagEntry struct {
	TS         time.Time
	Tag        string
	SRC        net.IP
	Data       []byte
	Enumerated []EnumeratedPair
}

Used for scripting and ingesting entries via the webserver.

func (StringTagEntry) Equal 

func (se StringTagEntry) Equal(v StringTagEntry) bool

Return true if both StringTagEntry objects are equal.

func (StringTagEntry) GetEnumerated 

func (se StringTagEntry) GetEnumerated(name string) (val string, ok bool)

Return the string representation of an enumerated value in a StringTagEntry.

func (StringTagEntry) String 

func (se StringTagEntry) String() string

String implements the fmt.Stringer

type SysDescResp 

type SysDescResp struct {
	Error        string             `json:",omitempty"`
	Descriptions map[string]SysInfo `json:",omitempty"`
}

SysDescResp contains a map of SysInfo (used in the System Overview) objects for each connected system in a Gravwell deployment.

type SysInfo 

type SysInfo struct {
	VirtSystem    string `json:",omitempty"` // e.g. "kvm" or "xen"
	VirtRole      string `json:",omitempty"` // "host" or "guest"
	CPUCount      int    `json:",omitempty"`
	CPUModel      string `json:",omitempty"`
	CPUMhz        string `json:",omitempty"`
	CPUCache      string `json:",omitempty"`
	TotalMemoryMB uint64 `json:",omitempty"`
	SystemVersion string `json:",omitempty"`
	Error         string `json:",omitempty"`
}

System information as displayed in the System Overview in Gravwell.

func (SysInfo) Empty 

func (si SysInfo) Empty() bool

func (SysInfo) MarshalJSON 

func (si SysInfo) MarshalJSON() ([]byte, error)

type SysStatResponse 

type SysStatResponse struct {
	Error string              `json:",omitempty"`
	Stats map[string]SysStats `json:",omitempty"`
}

type SysStats 

type SysStats struct {
	Error string        `json:",omitempty"`
	Stats *HostSysStats `json:",omitempty"`
}

type TableRequest 

type TableRequest struct {
	BaseRequest
}

type TableResponse 

type TableResponse struct {
	BaseResponse
	Entries TableValueSet
}

type TableRow 

type TableRow struct {
	TS  entry.Timestamp
	Row []string
}

func (TableRow) MarshalJSON 

func (r TableRow) MarshalJSON() ([]byte, error)

type TableRowSet 

type TableRowSet []TableRow

type TableValueSet 

type TableValueSet struct {
	Columns []string
	Rows    TableRowSet
}

func (*TableValueSet) Compare 

func (t *TableValueSet) Compare(u *TableValueSet) (cols bool, rows bool, idx int)

Compare a table to this one. Return false on cols/rows if they do not match. If rows do not match, idx will have the index of the first offending row.

func (TableValueSet) MarshalJSON 

func (t TableValueSet) MarshalJSON() ([]byte, error)

type TagAccess 

type TagAccess struct {
	Grants []string //Grants specify tag names and/or globbing patterns which represent allowed tags
}

TagAccess is the structure that holds a set of grants to tags. a Grant can be a specific tag name or a globbing patttern

func AllTagAccess 

func AllTagAccess() TagAccess

func (TagAccess) MarshalJSON 

func (ta TagAccess) MarshalJSON() ([]byte, error)

func (*TagAccess) Validate 

func (ta *TagAccess) Validate() (err error)

Validate walks all tags in a TagAccess object, ensuring they meet all length and formatting rules:

  1. Length cannot be greater than 4096 characters.
  2. The tag cannot contain any of the following characters: !@#$%^&*()=+<>,.:;`\"'{[}]|
  3. You cannot specify more than 65536 tags.

type TemplateContents 

type TemplateContents struct {
	Query     string             `json:"query,omitempty"`
	Variables []TemplateVariable `json:"variables"`
}

TemplateContents is what goes in the template's Contents field. This is entirely the domain of the GUI.

type TemplateVariable 

type TemplateVariable struct {
	Name         string `json:"name"`
	Label        string `json:"label"`
	Description  string `json:"description"`
	Required     bool   `json:"required"`
	DefaultValue string `json:"defaultValue"`
	PreviewValue string `json:"previewValue"`
}

type TextRequest 

type TextRequest struct {
	BaseRequest
}

type TextResponse 

type TextResponse struct {
	BaseResponse
	Entries []SearchEntry   `json:",omitempty"`
	Explore []ExploreResult `json:",omitempty"`
}

func (TextResponse) MarshalJSON 

func (tr TextResponse) MarshalJSON() ([]byte, error)

type Thing 

type Thing struct {
	UUID        uuid.UUID
	UID         int32
	GIDs        []int32
	Global      bool
	WriteAccess Access
	Contents    []byte

	Updated time.Time
	Synced  bool
}

Things are stored in the datastore, a common class of blobs.

func (*Thing) Decode 

func (t *Thing) Decode(v []byte) error

func (*Thing) DecodeContents 

func (t *Thing) DecodeContents(obj interface{}) error

func (*Thing) Encode 

func (t *Thing) Encode() ([]byte, error)

func (*Thing) EncodeContents 

func (t *Thing) EncodeContents(obj interface{}) error

func (*Thing) Header 

func (t *Thing) Header() ThingHeader

type ThingHeader 

type ThingHeader struct {
	ThingUUID   uuid.UUID `json:",omitempty"`
	UID         int32
	GIDs        []int32 `json:",omitempty"`
	Global      bool
	WriteAccess Access
}

type TimeRange 

type TimeRange struct {
	StartTS entry.Timestamp `json:",omitempty"`
	EndTS   entry.Timestamp `json:",omitempty"`
}

func (*TimeRange) DecodeJSON 

func (tr *TimeRange) DecodeJSON(r io.Reader) error

func (TimeRange) IsEmpty 

func (tr TimeRange) IsEmpty() bool

func (*TimeRange) RoundToSecond 

func (tr *TimeRange) RoundToSecond()

func (*TimeRange) Swap 

func (tr *TimeRange) Swap()

func (*TimeRange) UnmarshalJSON 

func (tr *TimeRange) UnmarshalJSON(d []byte) error

type Token 

type Token struct {
	ID           uuid.UUID `json:"id"`
	Name         string    `json:"name"`
	Desc         string    `json:"description"`
	UID          int32     `json:"uid"`
	Created      time.Time `json:"createdAt"`
	Expires      time.Time `json:"expiresAt,omitempty"`
	Capabilities []string  `json:"capabilities"`
}

Token is a complete API compatible token, it contains ownership information and all capabilities associated with the token

func (Token) CapabilitiesString 

func (t Token) CapabilitiesString() string

CapabilitiesString returns a human friendly space delimited list of capabilities

func (Token) Expired 

func (t Token) Expired() bool

Expired returns whether a token is expired or not, if no expiration is set then the token is not expired

func (Token) ExpiresString 

func (t Token) ExpiresString() string

ExpiresString returns a human friendly string of when a token expires

type TokenCreate 

type TokenCreate struct {
	Name         string    `json:"name"`
	Desc         string    `json:"description"`
	Expires      time.Time `json:"expiresAt,omitempty"`
	Capabilities []string  `json:"capabilities"`
}

TokenCreate is the structure used to ask the API to make a new token, only the request parameters are present

type TokenFull 

type TokenFull struct {
	Token
	Value string `json:"token"`
}

TokenFull represents the response value for a token create request this type is the only type that contains the token value and is ONLY provided when creating a new token

type TokenFullWire 

type TokenFullWire struct {
	TokenFull
	Caps []byte
}

TokenFullWire is the internal type for storing token values

type TokenSigningKey 

type TokenSigningKey struct {
	Key        []byte
	Expiration time.Time
}

type UpdateUser 

type UpdateUser struct {
	User   string
	Name   string
	Email  string
	Admin  bool
	Locked bool
}

type UserAddGroups 

type UserAddGroups struct {
	GIDs []int32
}

func (*UserAddGroups) MarshalJSON 

func (uag *UserAddGroups) MarshalJSON() ([]byte, error)

type UserBackup 

type UserBackup struct {
	Groups []GroupDetails
	Users  []UserDetails
}

func (*UserBackup) ClearSynced 

func (ub *UserBackup) ClearSynced()

type UserDefaultSearchGroup 

type UserDefaultSearchGroup struct {
	GID int32
}

type UserDetails 

type UserDetails struct {
	UID        int32
	User       string
	Name       string
	Email      string
	Admin      bool
	Locked     bool
	TS         time.Time `json:",omitempty"`
	DefaultGID int32     `json:",omitempty"`
	Groups     []GroupDetails
	Hash       []byte `json:"-"` //do not include in API responses
	Synced     bool
	CBAC       CBACRules `json:"-"` //do not include in API responses
}

func (*UserDetails) CanModify 

func (ud *UserDetails) CanModify(uid int32) bool

CanModify returns true if the user is allowed to modify or delete something with the specified UID ownership

func (*UserDetails) CanRead 

func (ud *UserDetails) CanRead(uid int32, gids []int32) bool

CanRead returns true if the user is allowed to read something with the specified UID and GID ownerships, taking into account the Admin flag on the user.

func (*UserDetails) CapabilityList 

func (ud *UserDetails) CapabilityList() []CapabilityDesc

CapabilityList creates a comprehensive list of capabilities the user has access to based on their direct and group assignments

func (*UserDetails) FilterTags 

func (ud *UserDetails) FilterTags(all []string) (r []string)

func (*UserDetails) GIDs 

func (ud *UserDetails) GIDs() []int32

func (*UserDetails) GroupNames 

func (ud *UserDetails) GroupNames() (gps []string)

func (*UserDetails) GroupTagAccess 

func (ud *UserDetails) GroupTagAccess() (r []TagAccess)

func (*UserDetails) HasCapability 

func (ud *UserDetails) HasCapability(c Capability) bool

HasCapability returns whether the user has access to a given capability

func (*UserDetails) HasTagAccess 

func (ud *UserDetails) HasTagAccess(tg string) (allowed bool)

func (*UserDetails) InAllGroups 

func (ud *UserDetails) InAllGroups(gids []int32) bool

func (*UserDetails) InGroup 

func (ud *UserDetails) InGroup(gid int32) bool

func (UserDetails) MarshalJSON 

func (u UserDetails) MarshalJSON() ([]byte, error)

marshaller hacks to get it to return [] on empty lists

func (*UserDetails) UserCanRead 

func (ud *UserDetails) UserCanRead(uid int32, gids []int32) bool

UserCanRead returns true if the user is allowed to read something without respect to the admin, basically if owner or in groups

type UserFile 

type UserFile struct {
	GUID     uuid.UUID
	Name     string
	Desc     string
	Contents []byte `json:",omitempty"`
	Labels   []string
}

UserFile is what is actually stored in the thing object, it is encoded into contents

func (*UserFile) Info 

func (uf *UserFile) Info() (sz int64, tp string)

func (*UserFile) JSONMetadata 

func (uf *UserFile) JSONMetadata() (json.RawMessage, error)

type UserFileDetails 

type UserFileDetails struct {
	GUID        uuid.UUID
	ThingUUID   uuid.UUID
	UID         int32
	GIDs        []int32
	Global      bool
	WriteAccess Access
	Size        int64  //size of the file
	Type        string //content type as determined by the http content type detector
	Name        string
	Desc        string
	Updated     time.Time
	Labels      []string
}

UserFileDetails is a structure that is used to relay additional ownership information about a UserFile object This structure is populated via the things metadata, and does not contain any of the contents

func (*UserFileDetails) String 

func (ufd *UserFileDetails) String() string

type UserMail 

type UserMail struct {
	From        string
	To          []string
	Cc          []string
	Bcc         []string
	Subject     string
	Body        string
	Attachments []UserMailAttachment
}

func (UserMail) Validate 

func (um UserMail) Validate() error

type UserMailAttachment 

type UserMailAttachment struct {
	Name    string
	Content []byte
}

func (UserMailAttachment) Validate 

func (uma UserMailAttachment) Validate() error

type UserMailConfig 

type UserMailConfig struct {
	Server             string
	Port               int
	Username           string
	Password           string
	UseTLS             bool
	InsecureSkipVerify bool
}

type UserPreference 

type UserPreference struct {
	UID     int32
	Name    string
	Updated time.Time
	Data    []byte
	Synced  bool
}

type UserPreferences 

type UserPreferences []UserPreference

func (UserPreferences) MarshalJSON 

func (ups UserPreferences) MarshalJSON() ([]byte, error)

type UserSessions 

type UserSessions struct {
	UID      int32
	User     string
	Sessions []Session
}

func (*UserSessions) MarshalJSON 

func (s *UserSessions) MarshalJSON() ([]byte, error)

type UserTemplate 

type UserTemplate struct {
	GUID        uuid.UUID
	Name        string
	Description string
	Contents    TemplateContents
	Labels      []string
}

UserTemplate is what is stored in the "thing" object, it is encoded into Contents

func (UserTemplate) Pack 

func (t UserTemplate) Pack() (put PackedUserTemplate)

func (UserTemplate) WireUserTemplate 

func (t UserTemplate) WireUserTemplate(thing Thing) WireUserTemplate

type ValidationProblem 

type ValidationProblem struct {
	Name  string // the path in question
	Type  string // the type we were attempting to convert to
	Error string // A descriptive message as to what went wrong
}

ValidationProblem describes a field which was specified in the schema but is either: 1. Missing from the dispatcher's output, or 2. Unable to be converted to the type specified in the schema

type VersionInfo 

type VersionInfo struct {
	API   ApiInfo
	Build BuildInfo
}

type WarnResp 

type WarnResp struct {
	Name string
	Err  error `json:",omitempty"`
}

func (WarnResp) MarshalJSON 

func (wr WarnResp) MarshalJSON() ([]byte, error)

func (*WarnResp) UnmarshalJSON 

func (wr *WarnResp) UnmarshalJSON(buff []byte) error

type WellInfo 

type WellInfo struct {
	ID          string // unique identifier constructed from the indexer UUID and the well name
	Name        string
	Tags        []string
	Shards      []ShardInfo
	Accelerator string `json:",omitempty"`
	Engine      string `json:",omitempty"`
	Path        string `json:",omitempty"` //hot storage location
	ColdPath    string `json:",omitempty"` //cold storage location
}

func (*WellInfo) Empty 

func (wi *WellInfo) Empty() bool

func (WellInfo) MarshalJSON 

func (wi WellInfo) MarshalJSON() ([]byte, error)

type WirePivot 

type WirePivot struct {
	ThingHeader
	GUID        uuid.UUID
	Name        string
	Description string
	Updated     time.Time
	Contents    RawObject
	Labels      []string
	Disabled    bool
}

WirePivot is constructed from the Pivot and the details in the Thing struct. This is what we send to the user via the API.

func (WirePivot) Pivot 

func (wp WirePivot) Pivot() Pivot

Pivot creates a Pivot structure from the WiredPivot

func (WirePivot) Thing 

func (wp WirePivot) Thing() (t Thing, err error)

Thing Generates an encoded Thing from the WirePivot structure

type WireSearchLibrary 

type WireSearchLibrary struct {
	ThingHeader
	SearchLibrary
	Can     Actions
	Updated time.Time
}

WireSearchLibrary is what we actually send back and forth over the API

func (WireSearchLibrary) Thing 

func (wsl WireSearchLibrary) Thing() (t Thing, err error)

type WireUserFile 

type WireUserFile struct {
	ThingHeader
	UserFile
	Updated time.Time
}

func (WireUserFile) Thing 

func (w WireUserFile) Thing() (t Thing, err error)

type WireUserTemplate 

type WireUserTemplate struct {
	ThingHeader
	GUID        uuid.UUID
	Name        string
	Description string
	Contents    TemplateContents
	Updated     time.Time
	Labels      []string
}

WireUserTemplate is constructed from the UserTemplate and the details in the Thing struct. This is what we send to the user via the API.

func (WireUserTemplate) Thing 

func (w WireUserTemplate) Thing() (t Thing, err error)

func (WireUserTemplate) UserTemplate 

func (w WireUserTemplate) UserTemplate() (ut UserTemplate)

type WordOffset 

type WordOffset [2]int

A WordOffset contains two byte indexes into a string, denoting the location of a "word" within that string. The usual substring convention is followed, so the WordOffset of "foo" in "foo bar" is WordOffset{0, 3}, or in standard notation [0, 3).

Source Files

View all Source files

Directories

Path Synopsis
Package kits provides tools for interacting with kit archives directly.
 Package kits provides tools for interacting with kit archives directly.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.