filter

package
v1.8.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 30, 2022 License: Apache-2.0 Imports: 24 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	ErrInvalidFilter = func(rule, group string, err error) error {
		return fmt.Errorf("syntax error in rule %q located in %q group: \n%v", rule, group, err)
	}
	ErrInvalidPatternBinding = func(rule string) error {
		return fmt.Errorf("%q is the initial sequence rule and can't contain pattern bindings", rule)
	}
)
View Source 
var (
	// ErrPsNil indicates the process state associated with the event is not initialized
	ErrPsNil = errors.New("process state is nil")
)

Functions

func InitFuncs added in v1.8.0 

func InitFuncs(funcMap template.FuncMap)

InitFuncs assigns late-bound functions to the func map.

func InterpolateFields added in v1.8.0 

func InterpolateFields(s string, evts []*kevent.Kevent) string

InterpolateFields replaces all occurrences of field modifiers in the given string with values extracted from the event. Field modifiers may contain a leading ordinal which refers to the event in particular sequence stage. Otherwise, the modifier is a well-known field name prepended with the `%` symbol.

func NewFuncMap added in v1.8.0 

func NewFuncMap() template.FuncMap

NewFuncMap returns the template func map populated with some useful template functions that can be used in rule actions.

Types

type Filter 

type Filter interface {
	// Compile compiles the filter by parsing the filtering expression.
	Compile() error
	// Run runs a filter on the inbound kernel event and decides whether the event
	// should be dropped or propagated to the downstream channel.
	Run(kevt *kevent.Kevent) bool
	// RunPartials runs a filter with stateful event tracking. Partials store all
	// intermediate events that are the result of previous filter matches.
	RunPartials(kevt *kevent.Kevent, partials map[uint16][]*kevent.Kevent) (bool, uint16, *kevent.Kevent)
	// BindingIndex returns the binding index to which the filter is bound
	// or a zero value if there are no pattern bindings defined.
	BindingIndex() (uint16, bool)
	// GetStringFields returns field names mapped to their string values
	GetStringFields() map[fields.Field][]string
}

Filter is the main interface for the filter engine implementors.

type Rules added in v1.4.0 

type Rules struct {
	// contains filtered or unexported fields
}

Rules stores the compiled filter groups and for each incoming event, it applies the corresponding filtering policies to the event, dropping the event or passing it accordingly. If the filter rule has an action, the former is executed when the rule fires.

func NewRules added in v1.4.0 

func NewRules(c *config.Config) Rules

NewRules produces a fresh rules instance.

func (*Rules) Compile added in v1.4.0 

func (r *Rules) Compile() error

Compile loads macros and rule groups from all indicated resources and creates the rules for each filter group. It also sets up the state machine transitions for sequence rule group policies.

func (*Rules) Fire added in v1.4.0 

func (r *Rules) Fire(kevt *kevent.Kevent) bool

Source Files

View all Source files

Directories

Path Synopsis
ql
functions

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.