pub struct ItemTrace {
pub field: Option<String>,
pub matcher: MatcherKind,
pub pattern: Option<String>,
pub actual: Option<Value>,
pub matched: bool,
pub reason: MatchReason,
}Expand description
A single field-or-keyword leaf in a detection trace.
Fields§
§field: Option<String>The field name tested (None for keyword items).
matcher: MatcherKindThe kind of matcher applied.
pattern: Option<String>The pattern the matcher tested against, when meaningful.
actual: Option<Value>The event value at field, when present.
matched: boolWhether this leaf matched.
reason: MatchReasonThe reason for the verdict.
Trait Implementations§
Auto Trait Implementations§
impl Freeze for ItemTrace
impl RefUnwindSafe for ItemTrace
impl Send for ItemTrace
impl Sync for ItemTrace
impl Unpin for ItemTrace
impl UnsafeUnpin for ItemTrace
impl UnwindSafe for ItemTrace
Blanket Implementations§
Source§impl<T> BorrowMut<T> for Twhere
T: ?Sized,
impl<T> BorrowMut<T> for Twhere
T: ?Sized,
Source§fn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
Mutably borrows from an owned value. Read more