Documentation
¶
Index ¶
Constants ¶
View Source
const ( // known fields (all other fields are put into the properties map) TemplateFieldIndex = "index" TemplateFieldYear = "year" TemplateFieldMonth = "month" TemplateFieldDay = "day" TemplateFieldHour = "hour" TemplateFieldMinute = "minute" TemplateFieldSecond = "second" )
View Source
const ( ConfigTypeConnection = "connection" ConfigTypeFormat = "format" ConfigTypeSource = "source" )
View Source
const ( SourceFormatDelimited = "delimited" SourceFormatJsonl = "jsonl" SourceFormatRegex = "regex" SourceFormatGrok = "grok" )
View Source
const ( TpID = "tp_id" TpSourceType = "tp_source_type" TpSourceName = "tp_source_name" TpSourceLocation = "tp_source_location" TpIngestTimestamp = "tp_ingest_timestamp" TpTimestamp = "tp_timestamp" TpSourceIP = "tp_source_ip" TpDestinationIP = "tp_destination_ip" TpTable = "tp_table" TpPartition = "tp_partition" TpIndex = "tp_index" TpDate = "tp_date" TpAkas = "tp_akas" TpIps = "tp_ips" TpTags = "tp_tags" TpDomains = "tp_domains" TpEmails = "tp_emails" TpUsernames = "tp_usernames" )
View Source
const ArtifactSourceIdentifier = "artifact"
View Source
const DefaultInitialCollectionPeriod = 7 * 24 * time.Hour
DefaultInitialCollectionPeriod defines the default initial collection period for a row source. (collect for 7 days for first collection)
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
This section is empty.
Source Files
Click to show internal directories.
Click to hide internal directories.