pub struct LogSourceExtractor { /* private fields */ }Expand description
Derives an event LogSource from configurable fields plus static
defaults, for conflict-based logsource pruning on the evaluation hot path.
Each dimension is resolved independently in precedence order: the value of
the configured event field, then the static default, then unset (None).
A present-but-blank field value is treated as unset.
§Example
use rsigma_eval::LogSourceExtractor;
use rsigma_eval::event::JsonEvent;
use serde_json::json;
let extractor = LogSourceExtractor::new();
let ev = json!({"product": "windows"});
let event = JsonEvent::borrow(&ev);
let ls = extractor.extract(&event);
assert_eq!(ls.product.as_deref(), Some("windows"));
assert_eq!(ls.category, None); // absent fields stay unset (fail-open)Implementations§
Source§impl LogSourceExtractor
impl LogSourceExtractor
Sourcepub fn new() -> Self
pub fn new() -> Self
Create an extractor that reads the literal product, service, and
category fields with no static defaults.
Sourcepub fn with_field_names(
self,
product_field: impl Into<String>,
service_field: impl Into<String>,
category_field: impl Into<String>,
) -> Self
pub fn with_field_names( self, product_field: impl Into<String>, service_field: impl Into<String>, category_field: impl Into<String>, ) -> Self
Override the event field names read for each dimension.
Sourcepub fn with_defaults(self, defaults: LogSource) -> Self
pub fn with_defaults(self, defaults: LogSource) -> Self
Set the static per-dimension defaults applied when a field is absent.
Only product, service, and category are consulted.
Trait Implementations§
Source§impl Clone for LogSourceExtractor
impl Clone for LogSourceExtractor
Source§fn clone(&self) -> LogSourceExtractor
fn clone(&self) -> LogSourceExtractor
Returns a duplicate of the value. Read more
1.0.0 (const: unstable) · Source§fn clone_from(&mut self, source: &Self)
fn clone_from(&mut self, source: &Self)
Performs copy-assignment from
source. Read moreSource§impl Debug for LogSourceExtractor
impl Debug for LogSourceExtractor
Auto Trait Implementations§
impl Freeze for LogSourceExtractor
impl RefUnwindSafe for LogSourceExtractor
impl Send for LogSourceExtractor
impl Sync for LogSourceExtractor
impl Unpin for LogSourceExtractor
impl UnsafeUnpin for LogSourceExtractor
impl UnwindSafe for LogSourceExtractor
Blanket Implementations§
Source§impl<T> BorrowMut<T> for Twhere
T: ?Sized,
impl<T> BorrowMut<T> for Twhere
T: ?Sized,
Source§fn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
Mutably borrows from an owned value. Read more