Crate dw_transform

source · []

Modules

classify

Macros

json_map

Functions

chunk_events_by_key

Chunks together events with the same key

exclude_keyvals

Drops events matching the specified key and value(s). Opposite of filter_keyvals.

filter_keyvals

Drops events not matching the specified key and value(s)

filter_keyvals_regex

Drops events not matching the regex on the value for a specified key Will only match if the value is a string

filter_period_intersect

Removes events not intersecting with the provided filter_events

find_bucket

Finds the first bucket which starts with the specified string, and optionally matches a hostname.

flood

Floods event to the nearest neighbouring event if within the specified pulsetime

heartbeat

Returns a merged event if two events have the same data and are within the pulsetime

merge_events_by_keys

Merge events with the same values at the specified keys

period_union

Takes a list of two events and returns a new list of events covering the union of the timeperiods contained in the eventlists with no overlapping events.

sort_by_duration

Sort a list of events by duration with the highest duration first

sort_by_timestamp

Sort a list of events by timestamp

split_url_event

Adds $protocol, $domain, $path and $params keys for events with an “url” key