Documentation
¶
Index ¶
- Constants
- type API
- type AggregateBy
- type AggregateDefinition
- type AggregateDefinitions
- type AggregateOperation
- type Aggregates
- type ClientTLS
- type ConnTrack
- type ConnTrackHash
- type ConnTrackOperationEnum
- type ConnTrackOutputRecordTypeEnum
- type ConnTrackSchedulingGroup
- type ConnTrackTCPFlags
- type Decoder
- type DecoderEnum
- type Duration
- type EncodeKafka
- type EncodeOtlpLogs
- type EncodeOtlpMetrics
- type EncodeOtlpTraces
- type EncodeS3
- type ExtractTimebased
- type FieldGroup
- type FilterOperationEnum
- type GRPCLokiConfig
- type GenericTransform
- type GenericTransformRule
- type IngestGRPCProto
- type IngestIpfix
- type IngestKafka
- type IngestStdin
- type IngestSynthetic
- type K8SOutputKeys
- type K8sInfraRule
- type K8sReference
- type K8sRule
- type KafkaEncodeBalancerEnum
- type KeyDefinition
- type MetricEncodeOperationEnum
- type MetricFilterEnum
- type MetricsFilter
- type MetricsItem
- type MetricsItems
- type NetworkAddLocationRule
- type NetworkAddServiceRule
- type NetworkAddSubnetLabelRule
- type NetworkAddSubnetRule
- type NetworkGenericRule
- type NetworkTransformDirectionInfo
- type NetworkTransformKubeConfig
- type NetworkTransformRule
- type NetworkTransformRules
- type NetworkTransformSubnetLabel
- type OtlpConnectionInfo
- type OutputField
- type PromConnectionInfo
- type PromEncode
- type PromTLSConf
- type RemoveEntryRule
- type SASLConfig
- type SASLTypeEnum
- type SamplingCondition
- type SecondaryNetwork
- type TimebasedFilterRule
- type TransformFilter
- type TransformFilterEnum
- type TransformFilterGenericRule
- type TransformFilterRemoveEntryEnum
- type TransformFilterRule
- type TransformFilterRuleWithAssignee
- type TransformGeneric
- type TransformGenericOperationEnum
- type TransformNetwork
- type TransformNetworkOperationEnum
- type WriteGRPC
- type WriteIpfix
- type WriteLoki
- type WriteStdout
Constants ¶
View Source
const ( FileType = "file" FileLoopType = "file_loop" FileChunksType = "file_chunks" SyntheticType = "synthetic" CollectorType = "collector" // deprecated: use 'ipfix' instead StdinType = "stdin" GRPCType = "grpc" FakeType = "fake" KafkaType = "kafka" S3Type = "s3" OtlpLogsType = "otlplogs" OtlpMetricsType = "otlpmetrics" OtlpTracesType = "otlptraces" StdoutType = "stdout" LokiType = "loki" IpfixType = "ipfix" AggregateType = "aggregates" TimebasedType = "timebased" PromType = "prom" GenericType = "generic" NetworkType = "network" FilterType = "filter" ConnTrackType = "conntrack" NoneType = "none" TagYaml = "yaml" TagDoc = "doc" )
View Source
const ( HashIDFieldName = "_HashId" RecordTypeFieldName = "_RecordType" IsFirstFieldName = "_IsFirst" )
View Source
const (
OVN = "ovn"
)
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type API ¶
type API struct {
PromEncode PromEncode `yaml:"prom" doc:"## Prometheus encode API\nFollowing is the supported API format for prometheus encode:\n"`
KafkaEncode EncodeKafka `yaml:"kafka" doc:"## Kafka encode API\nFollowing is the supported API format for kafka encode:\n"`
S3Encode EncodeS3 `yaml:"s3" doc:"## S3 encode API\nFollowing is the supported API format for S3 encode:\n"`
IngestIpfix IngestIpfix `yaml:"ipfix" doc:"## Ingest NetFlow/IPFIX API\nFollowing is the supported API format for the NetFlow / IPFIX collector:\n"`
IngestKafka IngestKafka `yaml:"kafka" doc:"## Ingest Kafka API\nFollowing is the supported API format for the kafka ingest:\n"`
IngestGRPCProto IngestGRPCProto `` /* 154-byte string literal not displayed */
IngestStdin IngestStdin `yaml:"stdin" doc:"## Ingest Standard Input\nFollowing is the supported API format for the standard input ingest:\n"`
TransformGeneric TransformGeneric `yaml:"generic" doc:"## Transform Generic API\nFollowing is the supported API format for generic transformations:\n"`
TransformFilter TransformFilter `yaml:"filter" doc:"## Transform Filter API\nFollowing is the supported API format for filter transformations:\n"`
TransformNetwork TransformNetwork `yaml:"network" doc:"## Transform Network API\nFollowing is the supported API format for network transformations:\n"`
WriteLoki WriteLoki `yaml:"loki" doc:"## Write Loki API\nFollowing is the supported API format for writing to loki:\n"`
WriteStdout WriteStdout `yaml:"stdout" doc:"## Write Standard Output\nFollowing is the supported API format for writing to standard output:\n"`
WriteIPFIX WriteIpfix `yaml:"ipfix" doc:"## Write IPFIX\nFollowing is the supported API format for writing to an IPFIX collector:\n"`
ExtractAggregate Aggregates `` /* 126-byte string literal not displayed */
ConnectionTracking ConnTrack `` /* 126-byte string literal not displayed */
ExtractTimebased ExtractTimebased `` /* 132-byte string literal not displayed */
EncodeOtlpLogs EncodeOtlpLogs `` /* 136-byte string literal not displayed */
EncodeOtlpMetrics EncodeOtlpMetrics `` /* 145-byte string literal not displayed */
EncodeOtlpTraces EncodeOtlpTraces `` /* 142-byte string literal not displayed */
}
type AggregateBy ¶
type AggregateBy []string
type AggregateDefinition ¶
type AggregateDefinition struct {
Name string `yaml:"name,omitempty" json:"name,omitempty" doc:"description of aggregation result"`
GroupByKeys AggregateBy `yaml:"groupByKeys,omitempty" json:"groupByKeys,omitempty" doc:"list of fields on which to aggregate"`
OperationType AggregateOperation `yaml:"operationType,omitempty" json:"operationType,omitempty" doc:"sum, min, max, count, avg or raw_values"`
OperationKey string `yaml:"operationKey,omitempty" json:"operationKey,omitempty" doc:"internal field on which to perform the operation"`
ExpiryTime Duration `yaml:"expiryTime,omitempty" json:"expiryTime,omitempty" doc:"time interval over which to perform the operation"`
}
type AggregateDefinitions ¶ added in v0.1.9
type AggregateDefinitions []AggregateDefinition
type AggregateOperation ¶
type AggregateOperation string
type Aggregates ¶ added in v0.1.9
type Aggregates struct {
DefaultExpiryTime Duration `` /* 155-byte string literal not displayed */
Rules AggregateDefinitions `yaml:"rules,omitempty" json:"rules,omitempty" doc:"list of aggregation rules, each includes:"`
}
type ClientTLS ¶ added in v0.1.3
type ClientTLS struct {
InsecureSkipVerify bool `` /* 144-byte string literal not displayed */
CACertPath string `yaml:"caCertPath,omitempty" json:"caCertPath,omitempty" doc:"path to the CA certificate"`
UserCertPath string `yaml:"userCertPath,omitempty" json:"userCertPath,omitempty" doc:"path to the user certificate"`
UserKeyPath string `yaml:"userKeyPath,omitempty" json:"userKeyPath,omitempty" doc:"path to the user private key"`
}
type ConnTrack ¶
type ConnTrack struct {
KeyDefinition KeyDefinition `yaml:"keyDefinition,omitempty" json:"keyDefinition,omitempty" doc:"fields that are used to identify the connection"`
OutputRecordTypes []ConnTrackOutputRecordTypeEnum `yaml:"outputRecordTypes,omitempty" json:"outputRecordTypes,omitempty" doc:"(enum) output record types to emit"`
OutputFields []OutputField `yaml:"outputFields,omitempty" json:"outputFields,omitempty" doc:"list of output fields"`
Scheduling []ConnTrackSchedulingGroup `yaml:"scheduling,omitempty" json:"scheduling,omitempty" doc:"list of timeouts and intervals to apply per selector"`
MaxConnectionsTracked int `` /* 153-byte string literal not displayed */
TCPFlags ConnTrackTCPFlags `yaml:"tcpFlags,omitempty" json:"tcpFlags,omitempty" doc:"settings for handling TCP flags"`
}
func (*ConnTrack) GetABFields ¶ added in v0.1.9
type ConnTrackHash ¶
type ConnTrackHash struct {
FieldGroupRefs []string `yaml:"fieldGroupRefs,omitempty" json:"fieldGroupRefs,omitempty" doc:"list of field group names to build the hash"`
FieldGroupARef string `yaml:"fieldGroupARef,omitempty" json:"fieldGroupARef,omitempty" doc:"field group name of endpoint A"`
FieldGroupBRef string `yaml:"fieldGroupBRef,omitempty" json:"fieldGroupBRef,omitempty" doc:"field group name of endpoint B"`
}
ConnTrackHash determines how to compute the connection hash. A and B are treated as the endpoints of the connection. When FieldGroupARef and FieldGroupBRef are set, the hash is computed in a way that flow logs from A to B will have the same hash as flow logs from B to A. When they are not set, a different hash will be computed for A->B and B->A, and they are tracked as different connections.
type ConnTrackOperationEnum ¶
type ConnTrackOperationEnum string
const ( // For doc generation, enum definitions must match format `Constant Type = "value" // doc` ConnTrackSum ConnTrackOperationEnum = "sum" // sum ConnTrackCount ConnTrackOperationEnum = "count" // count ConnTrackMin ConnTrackOperationEnum = "min" // min ConnTrackMax ConnTrackOperationEnum = "max" // max ConnTrackFirst ConnTrackOperationEnum = "first" // first ConnTrackLast ConnTrackOperationEnum = "last" // last )
type ConnTrackOutputRecordTypeEnum ¶
type ConnTrackOutputRecordTypeEnum string
const ( // For doc generation, enum definitions must match format `Constant Type = "value" // doc` ConnTrackNewConnection ConnTrackOutputRecordTypeEnum = "newConnection" // New connection ConnTrackEndConnection ConnTrackOutputRecordTypeEnum = "endConnection" // End connection ConnTrackHeartbeat ConnTrackOutputRecordTypeEnum = "heartbeat" // Heartbeat ConnTrackFlowLog ConnTrackOutputRecordTypeEnum = "flowLog" // Flow log )
type ConnTrackSchedulingGroup ¶ added in v0.1.8
type ConnTrackSchedulingGroup struct {
Selector map[string]interface{} `` /* 131-byte string literal not displayed */
EndConnectionTimeout Duration `` /* 149-byte string literal not displayed */
TerminatingTimeout Duration `` /* 145-byte string literal not displayed */
HeartbeatInterval Duration `` /* 142-byte string literal not displayed */
}
type ConnTrackTCPFlags ¶ added in v0.1.9
type ConnTrackTCPFlags struct {
FieldName string `yaml:"fieldName,omitempty" json:"fieldName,omitempty" doc:"name of the field containing TCP flags"`
DetectEndConnection bool `yaml:"detectEndConnection,omitempty" json:"detectEndConnection,omitempty" doc:"detect end connections by FIN flag"`
SwapAB bool `` /* 130-byte string literal not displayed */
}
type Decoder ¶
type Decoder struct {
Type DecoderEnum `yaml:"type" json:"type" doc:"(enum) one of the following:"`
}
type DecoderEnum ¶
type DecoderEnum string
const ( // For doc generation, enum definitions must match format `Constant Type = "value" // doc` DecoderJSON DecoderEnum = "json" // JSON decoder DecoderProtobuf DecoderEnum = "protobuf" // Protobuf decoder )
type Duration ¶ added in v0.1.3
Duration is a wrapper of time.Duration that allows json marshaling. https://stackoverflow.com/a/48051946/2749989
func (Duration) MarshalJSON ¶ added in v0.1.3
func (Duration) MarshalYAML ¶ added in v0.1.3
func (*Duration) UnmarshalJSON ¶ added in v0.1.3
func (*Duration) UnmarshalYAML ¶ added in v0.1.3
type EncodeKafka ¶
type EncodeKafka struct {
Address string `yaml:"address" json:"address" doc:"address of kafka server"`
Topic string `yaml:"topic" json:"topic" doc:"kafka topic to write to"`
Balancer KafkaEncodeBalancerEnum `yaml:"balancer,omitempty" json:"balancer,omitempty" doc:"(enum) one of the following:"`
WriteTimeout int64 `` /* 130-byte string literal not displayed */
ReadTimeout int64 `` /* 127-byte string literal not displayed */
BatchBytes int64 `` /* 139-byte string literal not displayed */
BatchSize int `` /* 136-byte string literal not displayed */
TLS *ClientTLS `yaml:"tls" json:"tls" doc:"TLS client configuration (optional)"`
SASL *SASLConfig `yaml:"sasl" json:"sasl" doc:"SASL configuration (optional)"`
}
type EncodeOtlpLogs ¶ added in v0.1.11
type EncodeOtlpLogs struct {
*OtlpConnectionInfo `json:",inline" doc:"OpenTelemetry connection info; includes:"`
}
type EncodeOtlpMetrics ¶ added in v0.1.11
type EncodeOtlpMetrics struct {
*OtlpConnectionInfo `json:",inline" doc:"OpenTelemetry connection info; includes:"`
Prefix string `yaml:"prefix,omitempty" json:"prefix,omitempty" doc:"prefix added to each metric name"`
Metrics MetricsItems `yaml:"metrics,omitempty" json:"metrics,omitempty" doc:"list of metric definitions, each includes:"`
PushTimeInterval Duration `` /* 134-byte string literal not displayed */
ExpiryTime Duration `` /* 134-byte string literal not displayed */
}
type EncodeOtlpTraces ¶ added in v0.1.11
type EncodeOtlpTraces struct {
*OtlpConnectionInfo `json:",inline" doc:"OpenTelemetry connection info; includes:"`
SpanSplitter []string `yaml:"spanSplitter,omitempty" json:"spanSplitter,omitempty" doc:"separate span for each prefix listed"`
}
type EncodeS3 ¶ added in v0.1.5
type EncodeS3 struct {
Account string `yaml:"account" json:"account" doc:"tenant id for this flow collector"`
Endpoint string `yaml:"endpoint" json:"endpoint" doc:"address of s3 server"`
AccessKeyID string `yaml:"accessKeyId" json:"accessKeyId" doc:"username to connect to server"`
SecretAccessKey string `yaml:"secretAccessKey" json:"secretAccessKey" doc:"password to connect to server"`
Bucket string `yaml:"bucket" json:"bucket" doc:"bucket into which to store objects"`
WriteTimeout Duration `yaml:"writeTimeout,omitempty" json:"writeTimeout,omitempty" doc:"timeout (in seconds) for write operation"`
BatchSize int `` /* 131-byte string literal not displayed */
Secure bool `yaml:"secure,omitempty" json:"secure,omitempty" doc:"true for https, false for http (default: false)"`
ObjectHeaderParameters map[string]interface{} `` /* 142-byte string literal not displayed */
}
type ExtractTimebased ¶ added in v0.1.4
type ExtractTimebased struct {
Rules []TimebasedFilterRule `yaml:"rules,omitempty" json:"rules,omitempty" doc:"list of filter rules, each includes:"`
}
type FieldGroup ¶
type FilterOperationEnum ¶ added in v0.1.4
type FilterOperationEnum string
const ( // For doc generation, enum definitions must match format `Constant Type = "value" // doc` FilterOperationSum FilterOperationEnum = "sum" // set output field to sum of parameters fields in the time window FilterOperationAvg FilterOperationEnum = "avg" // set output field to average of parameters fields in the time window FilterOperationMin FilterOperationEnum = "min" // set output field to minimum of parameters fields in the time window FilterOperationMax FilterOperationEnum = "max" // set output field to maximum of parameters fields in the time window FilterOperationCnt FilterOperationEnum = "count" // set output field to number of flows registered in the time window FilterOperationLast FilterOperationEnum = "last" // set output field to last of parameters fields in the time window FilterOperationDiff FilterOperationEnum = "diff" // set output field to the difference of the first and last parameters fields in the time window )
type GRPCLokiConfig ¶
type GRPCLokiConfig struct {
KeepAlive string `yaml:"keepAlive,omitempty" json:"keepAlive,omitempty" doc:"keep alive interval"`
KeepAliveTimeout string `yaml:"keepAliveTimeout,omitempty" json:"keepAliveTimeout,omitempty" doc:"keep alive timeout"`
}
func (*GRPCLokiConfig) SetDefaults ¶
func (g *GRPCLokiConfig) SetDefaults()
func (*GRPCLokiConfig) Validate ¶
func (g *GRPCLokiConfig) Validate() error
type GenericTransform ¶
type GenericTransform []GenericTransformRule
type GenericTransformRule ¶
type GenericTransformRule struct {
Input string `yaml:"input,omitempty" json:"input,omitempty" doc:"entry input field"`
Output string `yaml:"output,omitempty" json:"output,omitempty" doc:"entry output field"`
Multiplier int `yaml:"multiplier,omitempty" json:"multiplier,omitempty" doc:"scaling factor to compenstate for sampling"`
}
type IngestGRPCProto ¶
type IngestIpfix ¶
type IngestIpfix struct {
HostName string `yaml:"hostName,omitempty" json:"hostName,omitempty" doc:"the hostname to listen on; defaults to 0.0.0.0"`
Port uint `` /* 215-byte string literal not displayed */
PortLegacy uint `` /* 163-byte string literal not displayed */
Workers uint `yaml:"workers,omitempty" json:"workers,omitempty" doc:"the number of netflow/ipfix decoding workers"`
Sockets uint `yaml:"sockets,omitempty" json:"sockets,omitempty" doc:"the number of listening sockets"`
Mapping []producer.NetFlowMapField `yaml:"mapping,omitempty" json:"mapping,omitempty" doc:"custom field mapping"`
}
func (*IngestIpfix) SetDefaults ¶
func (i *IngestIpfix) SetDefaults()
func (*IngestIpfix) String ¶
func (i *IngestIpfix) String() string
type IngestKafka ¶
type IngestKafka struct {
Brokers []string `yaml:"brokers,omitempty" json:"brokers,omitempty" doc:"list of kafka broker addresses"`
Topic string `yaml:"topic,omitempty" json:"topic,omitempty" doc:"kafka topic to listen on"`
GroupID string `yaml:"groupid,omitempty" json:"groupid,omitempty" doc:"separate groupid for each consumer on specified topic"`
GroupBalancers []string `` /* 132-byte string literal not displayed */
StartOffset string `` /* 161-byte string literal not displayed */
BatchReadTimeout int64 `yaml:"batchReadTimeout,omitempty" json:"batchReadTimeout,omitempty" doc:"how often (in milliseconds) to process input"`
Decoder Decoder `yaml:"decoder,omitempty" json:"decoder" doc:"decoder to use (E.g. json or protobuf)"`
BatchMaxLen int `` /* 133-byte string literal not displayed */
PullQueueCapacity int `` /* 127-byte string literal not displayed */
PullMaxBytes int `yaml:"pullMaxBytes,omitempty" json:"pullMaxBytes,omitempty" doc:"the maximum number of bytes being pulled from kafka"`
CommitInterval int64 `` /* 192-byte string literal not displayed */
TLS *ClientTLS `yaml:"tls" json:"tls" doc:"TLS client configuration (optional)"`
SASL *SASLConfig `yaml:"sasl" json:"sasl" doc:"SASL configuration (optional)"`
}
type IngestStdin ¶ added in v0.1.11
type IngestStdin struct {
}
type IngestSynthetic ¶ added in v0.1.9
type IngestSynthetic struct {
Connections int `yaml:"connections,omitempty" json:"connections,omitempty" doc:"number of connections to maintain"`
BatchMaxLen int `` /* 133-byte string literal not displayed */
FlowLogsPerMin int `yaml:"flowLogsPerMin,omitempty" json:"flowLogsPerMin,omitempty" doc:"the number of flow logs to send per minute"`
}
type K8SOutputKeys ¶
type K8sInfraRule ¶ added in v0.1.11
type K8sInfraRule struct {
NamespaceNameFields []K8sReference `yaml:"namespaceNameFields,omitempty" json:"namespaceNameFields,omitempty" doc:"entries for namespace and name input fields"`
Output string `yaml:"output,omitempty" json:"output,omitempty" doc:"entry output field"`
InfraPrefixes []string `yaml:"infra_prefixes,omitempty" json:"infra_prefixes,omitempty" doc:"Namespace prefixes that will be tagged as infra"`
InfraRefs []K8sReference `yaml:"infra_refs,omitempty" json:"infra_refs,omitempty" doc:"Additional object references to be tagged as infra"`
}
type K8sReference ¶
type K8sRule ¶ added in v0.1.11
type K8sRule struct {
IPField string `yaml:"ipField,omitempty" json:"ipField,omitempty" doc:"entry IP input field"`
InterfacesField string `yaml:"interfacesField,omitempty" json:"interfacesField,omitempty" doc:"entry Interfaces input field"`
UDNsField string `yaml:"udnsField,omitempty" json:"udnsField,omitempty" doc:"entry UDNs input field"`
MACField string `yaml:"macField,omitempty" json:"macField,omitempty" doc:"entry MAC input field"`
Output string `yaml:"output,omitempty" json:"output,omitempty" doc:"entry output field"`
Assignee string `yaml:"assignee,omitempty" json:"assignee,omitempty" doc:"value needs to assign to output field"`
LabelsPrefix string `` /* 145-byte string literal not displayed */
AddZone bool `yaml:"add_zone,omitempty" json:"add_zone,omitempty" doc:"if true the rule will add the zone"`
OutputKeys K8SOutputKeys `yaml:"-" json:"-"`
}
type KafkaEncodeBalancerEnum ¶
type KafkaEncodeBalancerEnum string
const ( // For doc generation, enum definitions must match format `Constant Type = "value" // doc` KafkaRoundRobin KafkaEncodeBalancerEnum = "roundRobin" // RoundRobin balancer KafkaLeastBytes KafkaEncodeBalancerEnum = "leastBytes" // LeastBytes balancer KafkaHash KafkaEncodeBalancerEnum = "hash" // Hash balancer KafkaCrc32 KafkaEncodeBalancerEnum = "crc32" // Crc32 balancer KafkaMurmur2 KafkaEncodeBalancerEnum = "murmur2" // Murmur2 balancer )
type KeyDefinition ¶
type KeyDefinition struct {
FieldGroups []FieldGroup `yaml:"fieldGroups,omitempty" json:"fieldGroups,omitempty" doc:"list of field group definitions"`
Hash ConnTrackHash `yaml:"hash,omitempty" json:"hash,omitempty" doc:"how to build the connection hash"`
}
type MetricEncodeOperationEnum ¶ added in v0.1.11
type MetricEncodeOperationEnum string
const ( // For doc generation, enum definitions must match format `Constant Type = "value" // doc` MetricGauge MetricEncodeOperationEnum = "gauge" // single numerical value that can arbitrarily go up and down MetricCounter MetricEncodeOperationEnum = "counter" // monotonically increasing counter whose value can only increase MetricHistogram MetricEncodeOperationEnum = "histogram" // counts samples in configurable buckets MetricAggHistogram MetricEncodeOperationEnum = "agg_histogram" // counts samples in configurable buckets, pre-aggregated via an Aggregate stage )
type MetricFilterEnum ¶
type MetricFilterEnum string
const ( // For doc generation, enum definitions must match format `Constant Type = "value" // doc` MetricFilterEqual MetricFilterEnum = "equal" // match exactly the provided filter value MetricFilterNotEqual MetricFilterEnum = "not_equal" // the value must be different from the provided filter MetricFilterPresence MetricFilterEnum = "presence" // filter key must be present (filter value is ignored) MetricFilterAbsence MetricFilterEnum = "absence" // filter key must be absent (filter value is ignored) MetricFilterRegex MetricFilterEnum = "match_regex" // match filter value as a regular expression MetricFilterNotRegex MetricFilterEnum = "not_match_regex" // the filter value must not match the provided regular expression )
type MetricsFilter ¶ added in v0.1.11
type MetricsFilter struct {
Key string `yaml:"key" json:"key" doc:"the key to match and filter by"`
Value string `yaml:"value" json:"value" doc:"the value to match and filter by"`
Type MetricFilterEnum `yaml:"type,omitempty" json:"type,omitempty" doc:"the type of filter match (enum)"`
}
type MetricsItem ¶ added in v0.1.11
type MetricsItem struct {
Name string `yaml:"name" json:"name" doc:"the metric name"`
Type MetricEncodeOperationEnum `yaml:"type" json:"type" doc:"(enum) one of the following:"`
Help string `yaml:"help,omitempty" json:"help,omitempty" doc:"the metric help text"`
Filters []MetricsFilter `yaml:"filters" json:"filters" doc:"a list of criteria to filter entries by"`
ValueKey string `yaml:"valueKey" json:"valueKey" doc:"entry key from which to resolve metric value; leave empty to count log lines"`
Labels []string `yaml:"labels" json:"labels" doc:"labels to be associated with the metric"`
Remap map[string]string `yaml:"remap" json:"remap" doc:"optional remapping of labels"`
Flatten []string `yaml:"flatten" json:"flatten" doc:"list fields to be flattened"`
Buckets []float64 `yaml:"buckets" json:"buckets" doc:"histogram buckets"`
ValueScale float64 `yaml:"valueScale,omitempty" json:"valueScale,omitempty" doc:"scale factor of the value (MetricVal := FlowVal / Scale)"`
}
type MetricsItems ¶ added in v0.1.11
type MetricsItems []MetricsItem
type NetworkAddLocationRule ¶
type NetworkAddServiceRule ¶
type NetworkAddServiceRule struct {
Input string `yaml:"input,omitempty" json:"input,omitempty" doc:"entry input field"`
Output string `yaml:"output,omitempty" json:"output,omitempty" doc:"entry output field"`
Protocol string `yaml:"protocol,omitempty" json:"protocol,omitempty" doc:"entry protocol field"`
}
type NetworkAddSubnetRule ¶
type NetworkAddSubnetRule struct {
Input string `yaml:"input,omitempty" json:"input,omitempty" doc:"entry input field"`
Output string `yaml:"output,omitempty" json:"output,omitempty" doc:"entry output field"`
SubnetMask string `yaml:"subnet_mask,omitempty" json:"subnet_mask,omitempty" doc:"subnet mask field"`
}
type NetworkGenericRule ¶
type NetworkTransformDirectionInfo ¶ added in v0.1.7
type NetworkTransformDirectionInfo struct {
ReporterIPField string `yaml:"reporterIPField,omitempty" json:"reporterIPField,omitempty" doc:"field providing the reporter (agent) host IP"`
SrcHostField string `yaml:"srcHostField,omitempty" json:"srcHostField,omitempty" doc:"source host field"`
DstHostField string `yaml:"dstHostField,omitempty" json:"dstHostField,omitempty" doc:"destination host field"`
FlowDirectionField string `` /* 155-byte string literal not displayed */
IfDirectionField string `` /* 135-byte string literal not displayed */
}
type NetworkTransformKubeConfig ¶
type NetworkTransformKubeConfig struct {
ConfigPath string `yaml:"configPath,omitempty" json:"configPath,omitempty" doc:"path to kubeconfig file (optional)"`
SecondaryNetworks []SecondaryNetwork `yaml:"secondaryNetworks,omitempty" json:"secondaryNetworks,omitempty" doc:"configuration for secondary networks"`
ManagedCNI []string `` /* 166-byte string literal not displayed */
}
type NetworkTransformRule ¶
type NetworkTransformRule struct {
Type TransformNetworkOperationEnum `yaml:"type,omitempty" json:"type,omitempty" doc:"(enum) one of the following:"`
KubernetesInfra *K8sInfraRule `yaml:"kubernetes_infra,omitempty" json:"kubernetes_infra,omitempty" doc:"Kubernetes infra rule configuration"`
Kubernetes *K8sRule `yaml:"kubernetes,omitempty" json:"kubernetes,omitempty" doc:"Kubernetes rule configuration"`
AddSubnet *NetworkAddSubnetRule `yaml:"add_subnet,omitempty" json:"add_subnet,omitempty" doc:"Add subnet rule configuration"`
AddLocation *NetworkAddLocationRule `yaml:"add_location,omitempty" json:"add_location,omitempty" doc:"Add location rule configuration"`
AddSubnetLabel *NetworkAddSubnetLabelRule `yaml:"add_subnet_label,omitempty" json:"add_subnet_label,omitempty" doc:"Add subnet label rule configuration"`
AddService *NetworkAddServiceRule `yaml:"add_service,omitempty" json:"add_service,omitempty" doc:"Add service rule configuration"`
DecodeTCPFlags *NetworkGenericRule `yaml:"decode_tcp_flags,omitempty" json:"decode_tcp_flags,omitempty" doc:"Decode bitwise TCP flags into a string"`
}
type NetworkTransformRules ¶
type NetworkTransformRules []NetworkTransformRule
type OtlpConnectionInfo ¶ added in v0.1.11
type OtlpConnectionInfo struct {
Address string `yaml:"address" json:"address" doc:"endpoint address to expose"`
Port int `yaml:"port" json:"port" doc:"endpoint port number to expose"`
ConnectionType string `yaml:"connectionType" json:"connectionType" doc:"interface mechanism: either http or grpc"`
TLS *ClientTLS `yaml:"tls,omitempty" json:"tls,omitempty" doc:"TLS configuration for the endpoint"`
Headers map[string]string `yaml:"headers,omitempty" json:"headers,omitempty" doc:"headers to add to messages (optional)"`
}
type OutputField ¶
type OutputField struct {
Name string `yaml:"name,omitempty" json:"name,omitempty" doc:"output field name"`
Operation ConnTrackOperationEnum `yaml:"operation,omitempty" json:"operation,omitempty" doc:"(enum) aggregate operation on the field value"`
SplitAB bool `` /* 136-byte string literal not displayed */
Input string `yaml:"input,omitempty" json:"input,omitempty" doc:"The input field to base the operation on. When omitted, 'name' is used"`
ReportMissing bool `` /* 145-byte string literal not displayed */
}
type PromConnectionInfo ¶ added in v0.1.11
type PromConnectionInfo struct {
Address string `yaml:"address,omitempty" json:"address,omitempty" doc:"endpoint address to expose"`
Port int `yaml:"port,omitempty" json:"port,omitempty" doc:"endpoint port number to expose"`
TLS *PromTLSConf `yaml:"tls,omitempty" json:"tls,omitempty" doc:"TLS configuration for the endpoint"`
}
type PromEncode ¶
type PromEncode struct {
*PromConnectionInfo `json:",inline,omitempty" doc:"Prometheus connection info (optional); includes:"`
Metrics MetricsItems `yaml:"metrics,omitempty" json:"metrics,omitempty" doc:"list of prometheus metric definitions, each includes:"`
Prefix string `yaml:"prefix,omitempty" json:"prefix,omitempty" doc:"prefix added to each metric name"`
ExpiryTime Duration `` /* 145-byte string literal not displayed */
MaxMetrics int `yaml:"maxMetrics,omitempty" json:"maxMetrics,omitempty" doc:"maximum number of metrics to report (default: unlimited)"`
}
type PromTLSConf ¶ added in v0.1.4
type RemoveEntryRule ¶
type RemoveEntryRule struct {
Type TransformFilterRemoveEntryEnum `yaml:"type,omitempty" json:"type,omitempty" doc:"(enum) one of the following:"`
RemoveEntry *TransformFilterGenericRule `yaml:"removeEntry,omitempty" json:"removeEntry,omitempty" doc:"configuration for remove_entry_* rules"`
}
type SASLConfig ¶ added in v0.1.9
type SASLConfig struct {
Type SASLTypeEnum `yaml:"type,omitempty" json:"type,omitempty" doc:"SASL type"`
ClientIDPath string `yaml:"clientIDPath,omitempty" json:"clientIDPath,omitempty" doc:"path to the client ID / SASL username"`
ClientSecretPath string `yaml:"clientSecretPath,omitempty" json:"clientSecretPath,omitempty" doc:"path to the client secret / SASL password"`
}
type SASLTypeEnum ¶ added in v0.1.9
type SASLTypeEnum string
const ( // For doc generation, enum definitions must match format `Constant Type = "value" // doc` SASLPlain SASLTypeEnum = "plain" // Plain SASL SASLScramSHA512 SASLTypeEnum = "scramSHA512" // SCRAM/SHA512 SASL )
type SamplingCondition ¶
type SamplingCondition struct {
Value uint16 `yaml:"value,omitempty" json:"value,omitempty" doc:"sampling interval: 1 flow on <sampling> is kept"`
Rules []*RemoveEntryRule `yaml:"rules,omitempty" json:"rules,omitempty" doc:"rules to be satisfied for this sampling configuration"`
}
type SecondaryNetwork ¶
type TimebasedFilterRule ¶ added in v0.1.4
type TimebasedFilterRule struct {
Name string `yaml:"name,omitempty" json:"name,omitempty" doc:"description of filter result"`
IndexKey string `yaml:"indexKey,omitempty" json:"indexKey,omitempty" doc:"internal field to index TopK. Deprecated, use indexKeys instead"`
IndexKeys []string `yaml:"indexKeys,omitempty" json:"indexKeys,omitempty" doc:"internal fields to index TopK"`
OperationType FilterOperationEnum `yaml:"operationType,omitempty" json:"operationType,omitempty" doc:"(enum) sum, min, max, avg, count, last or diff"`
OperationKey string `yaml:"operationKey,omitempty" json:"operationKey,omitempty" doc:"internal field on which to perform the operation"`
TopK int `yaml:"topK,omitempty" json:"topK,omitempty" doc:"number of highest incidence to report (default - report all)"`
Reversed bool `yaml:"reversed,omitempty" json:"reversed,omitempty" doc:"report lowest incidence instead of highest (default - false)"`
TimeInterval Duration `yaml:"timeInterval,omitempty" json:"timeInterval,omitempty" doc:"time duration of data to use to compute the metric"`
}
type TransformFilter ¶
type TransformFilter struct {
Rules []TransformFilterRule `yaml:"rules,omitempty" json:"rules,omitempty" doc:"list of filter rules, each includes:"`
SamplingField string `` /* 204-byte string literal not displayed */
}
func (*TransformFilter) Preprocess ¶
func (tf *TransformFilter) Preprocess()
type TransformFilterEnum ¶
type TransformFilterEnum string
const ( // For doc generation, enum definitions must match format `Constant Type = "value" // doc` RemoveField TransformFilterEnum = "remove_field" // removes the field from the flow log RemoveEntryIfExists TransformFilterEnum = "remove_entry_if_exists" // removes the entry (ie. the flow log) if the field exists RemoveEntryIfDoesntExist TransformFilterEnum = "remove_entry_if_doesnt_exist" // removes the entry (ie. the flow log) if the field does not exist RemoveEntryIfEqual TransformFilterEnum = "remove_entry_if_equal" // removes the entry (ie. the flow log) if the field value equals the specified value RemoveEntryIfNotEqual TransformFilterEnum = "remove_entry_if_not_equal" // removes the entry (ie. the flow log) if the field value does not equal the specified value RemoveEntryAllSatisfied TransformFilterEnum = "remove_entry_all_satisfied" // removes the entry (ie. the flow log) if all of the defined rules are satisfied KeepEntryQuery TransformFilterEnum = "keep_entry_query" // keeps the entry (ie. the flow log) if it matches the query AddField TransformFilterEnum = "add_field" // adds (input) field to the entry; overrides previous value if present (key=input, value=value) AddFieldIfDoesntExist TransformFilterEnum = "add_field_if_doesnt_exist" // adds a field to the entry if the field does not exist AddFieldIf TransformFilterEnum = "add_field_if" // add output field set to assignee if input field satisfies criteria from parameters field AddRegExIf TransformFilterEnum = "add_regex_if" // add output field if input field satisfies regex pattern from parameters field AddLabel TransformFilterEnum = "add_label" // add (input) field to list of labels with value taken from Value field (key=input, value=value) AddLabelIf TransformFilterEnum = "add_label_if" // add output field to list of labels with value taken from assignee field if input field satisfies criteria from parameters field ConditionalSampling TransformFilterEnum = "conditional_sampling" // define conditional sampling rules )
type TransformFilterRemoveEntryEnum ¶
type TransformFilterRemoveEntryEnum string
const ( RemoveEntryIfExistsD TransformFilterRemoveEntryEnum = "remove_entry_if_exists" // removes the entry (ie. the flow log) if the field exists RemoveEntryIfDoesntExistD TransformFilterRemoveEntryEnum = "remove_entry_if_doesnt_exist" // removes the entry (ie. the flow log) if the field does not exist RemoveEntryIfEqualD TransformFilterRemoveEntryEnum = "remove_entry_if_equal" // removes the entry (ie. the flow log) if the field value equals the specified value RemoveEntryIfNotEqualD TransformFilterRemoveEntryEnum = "remove_entry_if_not_equal" // removes the entry (ie. the flow log) if the field value does not equal the specified value )
type TransformFilterRule ¶
type TransformFilterRule struct {
Type TransformFilterEnum `yaml:"type,omitempty" json:"type,omitempty" doc:"(enum) one of the following:"`
RemoveField *TransformFilterGenericRule `yaml:"removeField,omitempty" json:"removeField,omitempty" doc:"configuration for remove_field rule"`
RemoveEntry *TransformFilterGenericRule `yaml:"removeEntry,omitempty" json:"removeEntry,omitempty" doc:"configuration for remove_entry_* rules"`
RemoveEntryAllSatisfied []*RemoveEntryRule `` /* 137-byte string literal not displayed */
KeepEntryQuery string `yaml:"keepEntryQuery,omitempty" json:"keepEntryQuery,omitempty" doc:"configuration for keep_entry rule"`
KeepEntrySampling uint16 `` /* 143-byte string literal not displayed */
AddField *TransformFilterGenericRule `yaml:"addField,omitempty" json:"addField,omitempty" doc:"configuration for add_field rule"`
AddFieldIfDoesntExist *TransformFilterGenericRule `` /* 132-byte string literal not displayed */
AddFieldIf *TransformFilterRuleWithAssignee `yaml:"addFieldIf,omitempty" json:"addFieldIf,omitempty" doc:"configuration for add_field_if rule"`
AddRegExIf *TransformFilterRuleWithAssignee `yaml:"addRegexIf,omitempty" json:"addRegexIf,omitempty" doc:"configuration for add_regex_if rule"`
AddLabel *TransformFilterGenericRule `yaml:"addLabel,omitempty" json:"addLabel,omitempty" doc:"configuration for add_label rule"`
AddLabelIf *TransformFilterRuleWithAssignee `yaml:"addLabelIf,omitempty" json:"addLabelIf,omitempty" doc:"configuration for add_label_if rule"`
ConditionalSampling []*SamplingCondition `yaml:"conditionalSampling,omitempty" json:"conditionalSampling,omitempty" doc:"sampling configuration rules"`
}
type TransformFilterRuleWithAssignee ¶
type TransformFilterRuleWithAssignee struct {
Input string `yaml:"input,omitempty" json:"input,omitempty" doc:"entry input field"`
Output string `yaml:"output,omitempty" json:"output,omitempty" doc:"entry output field"`
Parameters string `yaml:"parameters,omitempty" json:"parameters,omitempty" doc:"parameters specific to type"`
Assignee string `yaml:"assignee,omitempty" json:"assignee,omitempty" doc:"value needs to assign to output field"`
}
type TransformGeneric ¶
type TransformGeneric struct {
Policy TransformGenericOperationEnum `yaml:"policy,omitempty" json:"policy,omitempty" doc:"(enum) key replacement policy; may be one of the following:"`
Rules []GenericTransformRule `yaml:"rules,omitempty" json:"rules,omitempty" doc:"list of transform rules, each includes:"`
}
type TransformGenericOperationEnum ¶
type TransformGenericOperationEnum string
const ( // For doc generation, enum definitions must match format `Constant Type = "value" // doc` PreserveOriginalKeys TransformGenericOperationEnum = "preserve_original_keys" // adds new keys in addition to existing keys (default) ReplaceKeys TransformGenericOperationEnum = "replace_keys" // removes all old keys and uses only the new keys )
type TransformNetwork ¶
type TransformNetwork struct {
Rules NetworkTransformRules `yaml:"rules" json:"rules" doc:"list of transform rules, each includes:"`
KubeConfig NetworkTransformKubeConfig `yaml:"kubeConfig,omitempty" json:"kubeConfig,omitempty" doc:"global configuration related to Kubernetes (optional)"`
ServicesFile string `yaml:"servicesFile,omitempty" json:"servicesFile,omitempty" doc:"path to services file (optional, default: /etc/services)"`
ProtocolsFile string `` /* 126-byte string literal not displayed */
SubnetLabels []NetworkTransformSubnetLabel `yaml:"subnetLabels,omitempty" json:"subnetLabels,omitempty" doc:"configure subnet and IPs custom labels"`
DirectionInfo NetworkTransformDirectionInfo `` /* 160-byte string literal not displayed */
}
func (*TransformNetwork) GetServiceFiles ¶ added in v0.1.4
func (tn *TransformNetwork) GetServiceFiles() (string, string)
func (*TransformNetwork) Preprocess ¶
func (tn *TransformNetwork) Preprocess()
type TransformNetworkOperationEnum ¶
type TransformNetworkOperationEnum string
const ( // For doc generation, enum definitions must match format `Constant Type = "value" // doc` NetworkAddSubnet TransformNetworkOperationEnum = "add_subnet" // add output subnet field from input field and prefix length from parameters field NetworkAddLocation TransformNetworkOperationEnum = "add_location" // add output location fields from input NetworkAddService TransformNetworkOperationEnum = "add_service" // add output network service field from input port and parameters protocol field NetworkAddKubernetes TransformNetworkOperationEnum = "add_kubernetes" // add output kubernetes fields from input NetworkAddKubernetesInfra TransformNetworkOperationEnum = "add_kubernetes_infra" // add output kubernetes isInfra field from input NetworkReinterpretDirection TransformNetworkOperationEnum = "reinterpret_direction" // reinterpret flow direction at the node level (instead of net interface), to ease the deduplication process NetworkAddSubnetLabel TransformNetworkOperationEnum = "add_subnet_label" // categorize IPs based on known subnets configuration NetworkDecodeTCPFlags TransformNetworkOperationEnum = "decode_tcp_flags" // decode bitwise TCP flags into a string )
type WriteGRPC ¶
type WriteIpfix ¶ added in v0.1.8
type WriteIpfix struct {
TargetHost string `yaml:"targetHost,omitempty" json:"targetHost,omitempty" doc:"IPFIX Collector host target IP"`
TargetPort int `yaml:"targetPort,omitempty" json:"targetPort,omitempty" doc:"IPFIX Collector host target port"`
Transport string `yaml:"transport,omitempty" json:"transport,omitempty" doc:"Transport protocol (tcp/udp) to be used for the IPFIX connection"`
EnterpriseID int `yaml:"enterpriseId,omitempty" json:"enterpriseId,omitempty" doc:"Enterprise ID for exporting transformations"`
TplSendInterval Duration `` /* 135-byte string literal not displayed */
}
func (*WriteIpfix) SetDefaults ¶ added in v0.1.8
func (w *WriteIpfix) SetDefaults()
func (*WriteIpfix) Validate ¶ added in v0.1.8
func (w *WriteIpfix) Validate() error
type WriteLoki ¶
type WriteLoki struct {
URL string `yaml:"url,omitempty" json:"url,omitempty" doc:"the address of an existing Loki service to push the flows to"`
TenantID string `yaml:"tenantID,omitempty" json:"tenantID,omitempty" doc:"identifies the tenant for the request"`
BatchWait string `yaml:"batchWait,omitempty" json:"batchWait,omitempty" doc:"maximum amount of time to wait before sending a batch"`
BatchSize int `` /* 126-byte string literal not displayed */
Timeout string `yaml:"timeout,omitempty" json:"timeout,omitempty" doc:"maximum time to wait for a server to respond to a request"`
MinBackoff string `yaml:"minBackoff,omitempty" json:"minBackoff,omitempty" doc:"initial backoff time for client connection between retries"`
MaxBackoff string `yaml:"maxBackoff,omitempty" json:"maxBackoff,omitempty" doc:"maximum backoff time for client connection between retries"`
MaxRetries int `yaml:"maxRetries,omitempty" json:"maxRetries,omitempty" doc:"maximum number of retries for client connections"`
Labels []string `yaml:"labels,omitempty" json:"labels,omitempty" doc:"map of record fields to be used as labels"`
StaticLabels model.LabelSet `yaml:"staticLabels,omitempty" json:"staticLabels,omitempty" doc:"map of common labels to set on each flow"`
IgnoreList []string `yaml:"ignoreList,omitempty" json:"ignoreList,omitempty" doc:"map of record fields to be removed from the record"`
ClientConfig *promConfig.HTTPClientConfig `` /* 250-byte string literal not displayed */
TimestampLabel model.LabelName `yaml:"timestampLabel,omitempty" json:"timestampLabel,omitempty" doc:"label to use for time indexing"`
// TimestampScale provides the scale in time of the units from the timestamp
// E.g. UNIX timescale is '1s' (one second) while other clock sources might have
// scales of '1ms' (one millisecond) or just '1' (one nanosecond)
// Default value is '1s'
TimestampScale string `yaml:"timestampScale,omitempty" json:"timestampScale,omitempty" doc:"timestamp units scale (e.g. for UNIX = 1s)"`
Format string `` /* 198-byte string literal not displayed */
Reorder bool `yaml:"reorder,omitempty" json:"reorder,omitempty" doc:"reorder json map keys"`
// Client protocol selection
ClientProtocol string `` /* 136-byte string literal not displayed */
GRPCConfig *GRPCLokiConfig `yaml:"grpcConfig,omitempty" json:"grpcConfig,omitempty" doc:"gRPC client configuration (used only for gRPC client type)"`
}
func (*WriteLoki) SetDefaults ¶ added in v0.1.3
func (w *WriteLoki) SetDefaults()
type WriteStdout ¶
type WriteStdout struct {
Format string `` /* 198-byte string literal not displayed */
}
Source Files
¶
- api.go
- conntrack.go
- decoder.go
- encode_kafka.go
- encode_otlp.go
- encode_prom.go
- encode_s3.go
- extract_aggregate.go
- extract_timebased.go
- ingest_grpc.go
- ingest_ipfix.go
- ingest_kafka.go
- ingest_stdin.go
- ingest_synthetic.go
- sasl.go
- tls.go
- transform_filter.go
- transform_generic.go
- transform_network.go
- utils.go
- write_grpc.go
- write_ipfix.go
- write_loki.go
- write_stdout.go
Click to show internal directories.
Click to hide internal directories.