filter

package

v1.6.0 Latest Latest Go to latest Published: Aug 31, 2022 License: Apache-2.0 Imports: 21 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/rabbitstack/fibratus

Links

Open Source Insights

Documentation ¶

Rendered for

Index ¶

Variables
type ActionContext
type Filter
type Rules
- func NewRules(c *config.Config) Rules
- func (r *Rules) Compile() error
- func (r *Rules) Fire(kevt *kevent.Kevent) bool

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	ErrInvalidFilter = func(rule, group string, err error) error {
		return fmt.Errorf("invalid filter %q in %q group: \n%v", rule, group, err)
	}
	ErrInvalidPatternBinding = func(rule string) error {
		return fmt.Errorf("%q is the initial sequence rule and can't contain pattern bindings", rule)
	}
)

View Source

var (
	// ErrPsNil indicates the process state associated with the event is not initialized
	ErrPsNil = errors.New("process state is nil")
)

Functions ¶

This section is empty.

Types ¶

type ActionContext ¶ added in v1.4.0

type ActionContext struct {
	Kevt   *kevent.Kevent
	Kevts  map[string]*kevent.Kevent
	Filter *config.FilterConfig
	Group  config.FilterGroup
}

ActionContext is the convenient structure for grouping the event that resulted in matched filter along with filter group information.

type Filter ¶

type Filter interface {
	// Compile compiles the filter by parsing the filtering expression.
	Compile() error
	// Run runs a filter on the inbound kernel event and decides whether the event
	// should be dropped or propagated to the downstream channel.
	Run(kevt *kevent.Kevent) bool
	// RunPartials runs a filter with stateful event tracking. Partials store all
	// intermediate events that are the result of previous filter matches.
	RunPartials(kevt *kevent.Kevent, partials map[uint16][]*kevent.Kevent) (bool, uint16, *kevent.Kevent)
	// BindingIndex returns the binding index to which the filter is bound
	// or a zero value if there are no pattern bindings defined.
	BindingIndex() (uint16, bool)
}

Filter is the main interface for the filter engine implementors.

type Rules ¶ added in v1.4.0

type Rules struct {
	// contains filtered or unexported fields
}

Rules stores the compiled filter groups and for each incoming event, it applies the corresponding filtering policies to the event, dropping the event or passing it accordingly. If the filter rule has an action, the former is executed when the rule fires.

func NewRules ¶ added in v1.4.0

func NewRules(c *config.Config) Rules

NewRules produces a fresh rules instance.

func (*Rules) Compile ¶ added in v1.4.0

func (r *Rules) Compile() error

Compile loads the filter groups from all files and creates the filters for each filter group.

func (*Rules) Fire ¶ added in v1.4.0

func (r *Rules) Fire(kevt *kevent.Kevent) bool

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
fields
funcmap
ql
functions

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL