rsigma_eval/event/
plain.rs1use std::borrow::Cow;
2
3use serde_json::Value;
4
5use super::{Event, EventValue};
6
7#[derive(Debug, Clone)]
11pub struct PlainEvent {
12 raw: String,
13}
14
15impl PlainEvent {
16 pub fn new(raw: String) -> Self {
17 Self { raw }
18 }
19
20 pub fn raw(&self) -> &str {
21 &self.raw
22 }
23}
24
25impl Event for PlainEvent {
26 fn get_field(&self, _path: &str) -> Option<EventValue<'_>> {
27 None
28 }
29
30 fn any_string_value(&self, pred: &dyn Fn(&str) -> bool) -> bool {
31 pred(&self.raw)
32 }
33
34 fn all_string_values(&self) -> Vec<Cow<'_, str>> {
35 vec![Cow::Borrowed(&self.raw)]
36 }
37
38 fn to_json(&self) -> Value {
39 serde_json::json!({ "_raw": self.raw })
40 }
41}
42
43#[cfg(test)]
44mod tests {
45 use super::*;
46 use serde_json::json;
47
48 #[test]
49 fn plain_get_field_always_none() {
50 let event = PlainEvent::new("raw log line".into());
51 assert_eq!(event.get_field("anything"), None);
52 }
53
54 #[test]
55 fn plain_keyword_search() {
56 let event = PlainEvent::new("error: disk full".into());
57 assert!(event.any_string_value(&|s| s.contains("disk")));
58 assert!(!event.any_string_value(&|s| s.contains("memory")));
59 }
60
61 #[test]
62 fn plain_to_json() {
63 let event = PlainEvent::new("hello".into());
64 assert_eq!(event.to_json(), json!({"_raw": "hello"}));
65 }
66}