Skip to main content

SessionBuilder

eventql_parser

Struct SessionBuilder 

Source 
pub struct SessionBuilder { /* private fields */ }
Expand description

SessionBuilder is a builder for Session objects.

It allows for the configuration of analysis options, such as declaring functions (both regular and aggregate), event types, and custom types, before building an EventQL parsing session.

Implementations§

Source§

impl SessionBuilder

Source

pub fn declare_func<'a>( self, name: &'a str, args: impl Into<FunArgsBuilder<'a>>, result: Type, ) -> Self

Declares a new function with the given name, arguments, and return type.

This function adds a new entry to the session’s default scope, allowing the parser to recognize and type-check calls to this function.

§Arguments
  • name - The name of the function.
  • args - The arguments the function accepts, which can be converted into FunArgs.
  • result - The return type of the function.
Source

pub fn declare_func_when<'a>( self, test: bool, name: &'a str, args: impl Into<FunArgsBuilder<'a>>, result: Type, ) -> Self

Conditionally declares a new function with the given name, arguments, and return type.

This function behaves like declare_func but only declares the function if the test argument is true. This is useful for conditionally including functions based on configuration or features.

§Arguments
  • test - A boolean indicating whether to declare the function.
  • name - The name of the function.
  • args - The arguments the function accepts, which can be converted into FunArgs.
  • result - The return type of the function.
Source

pub fn declare_agg_func<'a>( self, name: &'a str, args: impl Into<FunArgsBuilder<'a>>, result: Type, ) -> Self

Declares a new aggregate function with the given name, arguments, and return type.

Similar to declare_func, but marks the function as an aggregate function. Aggregate functions have specific rules for where they can be used in an EQL query.

§Arguments
  • name - The name of the aggregate function.
  • args - The arguments the aggregate function accepts.
  • result - The return type of the aggregate function.
Source

pub fn declare_agg_func_when<'a>( self, test: bool, name: &'a str, args: impl Into<FunArgsBuilder<'a>>, result: Type, ) -> Self

Conditionally declares a new aggregate function.

Behaves like declare_agg_func but only declares the function if the test argument is true.

§Arguments
  • test - A boolean indicating whether to declare the aggregate function.
  • name - The name of the aggregate function.
  • args - The arguments the aggregate function accepts.
  • result - The return type of the aggregate function.
Source

pub fn declare_event_type_when(self, test: bool, tpe: Type) -> Self

Conditionally declares the expected type of event records.

This type information is crucial for type-checking event properties accessed in EQL queries (e.g., e.id, e.data.value). The declaration only happens if test is true.

§Arguments
  • test - A boolean indicating whether to declare the event type.
  • tpe - The Type representing the structure of event records.
Source

pub fn declare_event_type(self) -> EventTypeBuilder

Declares the expected type of event records.

This type information is crucial for type-checking event properties accessed in EQL queries (e.g., e.id, e.data.value).

§Arguments
  • tpe - The Type representing the structure of event records.
Source

pub fn declare_custom_type_when(self, test: bool, name: &str) -> Self

Conditionally declares a custom type that can be used in EQL queries.

This allows the type-checker to recognize and validate custom types that might be used in type conversions or record definitions. The declaration only happens if test is true.

§Arguments
  • test - A boolean indicating whether to declare the custom type.
  • name - The name of the custom type.
Source

pub fn declare_custom_type(self, name: &str) -> Self

Declares a custom type that can be used in EQL queries.

This allows the type-checker to recognize and validate custom types that might be used in type conversions or record definitions.

§Arguments
  • name - The name of the custom type.
Source

pub fn use_stdlib(self) -> Self

Includes the standard library of functions and event types in the session.

This method pre-configures the SessionBuilder with a set of commonly used functions (e.g., mathematical, string, date/time) and a default event type definition. Calling this method is equivalent to calling declare_func and declare_agg_func for all standard library functions, and declare_event_type for the default event structure.

Source

pub fn build(self) -> Session

Builds the Session object with the configured analysis options.

This consumes the SessionBuilder and returns a Session instance ready for tokenizing, parsing, and analyzing EventQL queries.

Trait Implementations§

Source§

impl Default for SessionBuilder

Source§

fn default() -> SessionBuilder

Returns the “default value” for a type. Read more

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.