use std::collections::{HashMap, HashSet};
use anyhow::bail;
use duplicate::duplicate_item;
use serde_json::{Value, json};
use crate::ecs::ecs_object::EcsObject;
use crate::ecs::{Event, Host, log::Log, File};
use crate::timestamp::Timestamp;
pub struct EcsBuilder {
ts: Timestamp,
message: String,
tags: HashSet<String>,
contents: HashMap<&'static str, Value>
}
impl EcsBuilder {
pub fn new(message: String, ts: Timestamp) -> Self {
Self {
ts,
message,
tags: HashSet::default(),
contents: HashMap::default()
}
}
pub fn with_additional_tag(mut self, tag: &str) -> Self {
self.tags.insert(tag.to_owned());
self
}
#[duplicate_item(
method ret_type;
[ with_event ] [ Event<'_> ];
[ with_host ] [ Host ];
[ with_log ] [ Log ];
[ with_file ] [ File ];
)]
pub fn method(mut self, ts: ret_type) -> anyhow::Result<Self> {
if self.contents.contains_key(ts.object_key()) {
bail!("unambigious key: '{}'", ts.object_key());
}
self.contents.insert(ts.object_key(), json!(ts));
Ok(self)
}
}
impl From<EcsBuilder> for (Timestamp, Value) {
fn from(val: EcsBuilder) -> (Timestamp, Value) {
let mut m = HashMap::from([
(
"@timestamp",
Value::Number(val.ts.timestamp_millis().into()),
),
("ecs", json!({"version": "8.4"})),
("message", json!(val.message))
]);
if !val.tags.is_empty() {
m.insert("tags", json!(val.tags));
}
for (key, value) in val.contents.into_iter() {
m.insert(key, value);
}
(val.ts, json!(m))
}
}