36 lines
1.3 KiB
Go
36 lines
1.3 KiB
Go
package types
|
|
|
|
import (
|
|
"time"
|
|
)
|
|
|
|
const (
|
|
LOG = iota
|
|
OVFLW
|
|
)
|
|
|
|
type Event struct {
|
|
/* is it a log or an overflow */
|
|
Type int `yaml:"Type,omitempty"`
|
|
ExpectMode int `yaml:"ExpectMode,omitempty"` //how to buckets should handle event : leaky.TIMEMACHINE or leaky.LIVE
|
|
Whitelisted bool `yaml:"Whitelisted,omitempty"`
|
|
WhiteListReason string `json:"whitelist_reason,omitempty"`
|
|
//should add whitelist reason ?
|
|
/* the current stage of the line being parsed */
|
|
Stage string `yaml:"Stage,omitempty"`
|
|
/* original line (produced by acquisition) */
|
|
Line Line `json:"-" yaml:"Line,omitempty"`
|
|
/* output of groks */
|
|
Parsed map[string]string `json:"-" yaml:"Parsed,omitempty"`
|
|
/* output of enrichment */
|
|
Enriched map[string]string `json:"Enriched,omitempty" yaml:"Enriched,omitempty"`
|
|
/* Overflow */
|
|
Overflow SignalOccurence `yaml:"Overflow,omitempty"`
|
|
Time time.Time `json:"Time,omitempty"` //parsed time `json:"-"` ``
|
|
StrTime string `yaml:"StrTime,omitempty"`
|
|
MarshaledTime string `yaml:"MarshaledTime,omitempty"`
|
|
Process bool `yaml:"Process,omitempty"` //can be set to false to avoid processing line
|
|
/* Meta is the only part that will make it to the API - it should be normalized */
|
|
Meta map[string]string `json:"Meta,omitempty" yaml:"Meta,omitempty"`
|
|
}
|