Crate dw_transform Copy item path Source classify json_map chunk_events_by_key Chunks together events with the same key exclude_keyvals Drops events matching the specified key and value(s). Opposite of filter_keyvals. filter_keyvals Drops events not matching the specified key and value(s) filter_keyvals_regex Drops events not matching the regex on the value for a specified key
Will only match if the value is a string filter_period_intersect Removes events not intersecting with the provided filter_events find_bucket Finds the first bucket which starts with the specified string, and optionally matches a
hostname. flood Floods event to the nearest neighbouring event if within the specified pulsetime heartbeat Returns a merged event if two events have the same data and are within the pulsetime merge_events_by_keys Merge events with the same values at the specified keys period_union Takes a list of two events and returns a new list of events covering the union
of the timeperiods contained in the eventlists with no overlapping events. sort_by_duration Sort a list of events by duration with the highest duration first sort_by_timestamp Sort a list of events by timestamp split_url_event Adds $protocol, $domain, $path and $params keys for events with an “url” key