Documentation
¶
Index ¶
- Constants
- Variables
- func AddCapability(b []byte, cp Capability) (r []byte, err error)
- func CapabilityStringList() []string
- func CheckApiVersion(remote ApiInfo) error
- func CheckCapability(b []byte, c Capability) (r bool)
- func CheckMacroName(name string) error
- func CheckTagAccess(tg string, prime TagAccess, set []TagAccess) (allowed bool)
- func CheckUserCapabilityAccess(ud *UserDetails, c Capability) (allowed bool)
- func EncodeCapabilities(caps []Capability) (b []byte, err error)
- func EncodeMetadata(md map[string]interface{}) ([]byte, error)
- func FeatureOverridesString(fo FeatureOverride) (s string)
- func FilterTags(tags []string, prime TagAccess, set []TagAccess) (r []string)
- func GenLine(wtr io.Writer, name, line string) (err error)
- func RemoveCapability(b []byte, c Capability) (r bool)
- func UniqueIngesters(sts []IngestStats) (r uint64)
- func ValidateCapabilities(cps []Capability) (err error)
- type AIHealthcheck
- type AXDefinition
- type Access
- type Actions
- type AddGroup
- type AddUser
- type AdminActionResp
- type AlertConsumer
- type AlertConsumerType
- type AlertConsumerValidateRequest
- type AlertConsumerValidateResponse
- type AlertDefinition
- type AlertDispatcher
- type AlertDispatcherType
- type AlertDispatcherValidateError
- type AlertDispatcherValidateRequest
- type AlertDispatcherValidateResponse
- type AlertSchemas
- type AlertSchemasOcsf
- type AlertSchemasSimpleItem
- type ApiInfo
- type AttachSearchRequest
- type AttachSearchResponse
- type AuthType
- type AuthorInfo
- type BackendNotification
- type BackupConfig
- type BackupResponse
- type BaseRequest
- type BaseResponse
- type BuildInfo
- type CBACRules
- type CalendarEntry
- type CalendarRequest
- type CanonicalVersion
- type CapError
- type Capability
- type CapabilityCategory
- type CapabilityDesc
- type CapabilityExplanation
- type CapabilitySet
- type CapabilityState
- type CapabilityTemplate
- type ChangePassword
- type ChartRequest
- type ChartResponse
- type Chartable
- type ChartableDataPoint
- type ChartableSet
- type ChartableValueSet
- type Dashboard
- type DashboardAdd
- type DashboardComment
- type DashboardGet
- type DashboardPost
- type Dashboards
- type DeploymentInfo
- type DiskIO
- type DiskStats
- type Edge
- type Element
- type EntryRange
- type EnumeratedPair
- type ErrorObject
- type Event
- type EventConsumerInfo
- type EventDispatcherInfo
- type EventLog
- type EventMetadata
- type EventType
- type ExploreRequest
- type ExploreResult
- type FdgRequest
- type FdgResponse
- type FdgSet
- type FeatureOverride
- type Features
- type FilterRequest
- type FlowNodeResult
- type FlowParseRequest
- type FlowParseResponse
- type GUISettings
- type GaugeRequest
- type GaugeResponse
- type GaugeValue
- type GenerateAXRequest
- type GenerateAXResponse
- type Geofence
- type GroupDetails
- type HeatmapRequest
- type HeatmapResponse
- type HeatmapValue
- type HostSysStats
- type IdKitState
- type IdxStatResponse
- type IdxStats
- type ImportInfo
- type IndexManagerStats
- type IndexerPingResponse
- type IndexerRequest
- type IndexerStats
- type IndexerWellData
- type IngestResponse
- type IngestStats
- type IngesterStats
- type IngesterStatsResponse
- type InstallStatus
- type KeyComponents
- type KitBuildRequest
- type KitBuildResponse
- type KitConfig
- type KitConfigMacro
- type KitDependency
- type KitEmbeddedItem
- type KitItem
- type KitItemStatus
- type KitManifest
- type KitMetadata
- type KitMetadataAsset
- type KitModifyReport
- type KitState
- type LaunchRequest
- type LaunchResponse
- type LicenseDistributionStatus
- type LicenseIndexerInfo
- type LicenseIndexerStatus
- type LicenseInfo
- func (li LicenseInfo) CBACEnabled() bool
- func (li LicenseInfo) Features() Features
- func (li LicenseInfo) Get(key string) (val interface{}, err error)
- func (li LicenseInfo) LogbotLLMEnabled() bool
- func (li LicenseInfo) NoStatsEnabled() bool
- func (li LicenseInfo) OverwatchEnabled() bool
- func (li LicenseInfo) ReplicationEnabled() bool
- func (li LicenseInfo) SKU() string
- func (li LicenseInfo) SSOEnabled() bool
- func (li LicenseInfo) Serial() string
- func (li LicenseInfo) UnlimitedCPUEnabled() bool
- func (li LicenseInfo) UnlimitedIngestEnabled() bool
- func (li LicenseInfo) Validate() error
- type LicenseType
- func (lt LicenseType) Abbr() string
- func (lt LicenseType) AllFeatures() (r bool)
- func (lt LicenseType) MarshalJSON() ([]byte, error)
- func (lt LicenseType) SingleNode() (r bool)
- func (lt LicenseType) String() string
- func (lt *LicenseType) UnmarshalJSON(v []byte) error
- func (lt LicenseType) Valid() bool
- type LicenseUpdateError
- type LicenseUsage
- type LicenseUsageBucket
- type LicenseUsageReport
- type Location
- type LogLevel
- type LoggingLevels
- type LoginRequest
- type LoginResponse
- type MFAAuthRequest
- type MFAInfo
- type MFATOTPInstallResponse
- type MFATOTPSetupResponse
- type MFAUserConfig
- type ModuleHint
- type ModuleStatsUpdate
- type NetworkUsage
- type Node
- type NodeParseError
- type NodeParseFailure
- type Notification
- type NotificationAction
- type NotificationSet
- type OverviewStatSet
- type OverviewStats
- type P2PRequest
- type P2PResponse
- type P2PValue
- type PackedPivot
- type PackedUserTemplate
- type ParseSearchRequest
- type ParseSearchResponse
- type PerWellStorageStats
- type PingReq
- type Pivot
- type Playbook
- type PointmapKV
- type PointmapRequest
- type PointmapResponse
- type PointmapValue
- type RawEnumeratedValue
- type RawObject
- type RawRequest
- type RawResponse
- type RecoveryCodes
- type RenderModuleInfo
- type ReplicationState
- type ResourceContentType
- type ResourceList
- type ResourceMetadata
- type ResourceUpdate
- type RespError
- type SSOStatus
- type SaveSearchPatch
- type ScheduledError
- type ScheduledSearch
- type ScheduledSearchParseRequest
- type ScheduledSearchParseResponse
- type ScriptDeployConfig
- type ScriptLang
- type SearchAgentCheckin
- type SearchAgentConfig
- type SearchCtrlStatus
- type SearchEntry
- type SearchHints
- type SearchInfo
- type SearchLaunchInfo
- type SearchLibrary
- type SearchLog
- type SearchMacro
- type SearchMetadata
- type SearchMetadataEntry
- type SearchMetadataNumber
- type SearchMetadataRaw
- type SearchModuleInfo
- type SearchModuleStats
- type SearchModuleStatsUpdate
- func (s *SearchModuleStatsUpdate) Add(smsu *SearchModuleStatsUpdate) error
- func (s *SearchModuleStatsUpdate) AddUpdate(mu []ModuleStatsUpdate) error
- func (s *SearchModuleStatsUpdate) Append(sms SearchModuleStats)
- func (s SearchModuleStatsUpdate) Copy() SearchModuleStatsUpdate
- func (s *SearchModuleStatsUpdate) CopyZero() SearchModuleStatsUpdate
- func (s *SearchModuleStatsUpdate) IsNull() bool
- func (m *SearchModuleStatsUpdate) MarshalJSON() ([]byte, error)
- func (s *SearchModuleStatsUpdate) ResetCounters()
- func (s *SearchModuleStatsUpdate) Size() (sz int64)
- type SearchSessionIntervalUpdate
- type SearchStatsRequest
- type SearchStatsResponse
- type Secret
- type SecretCreate
- type SecretFull
- type Session
- type ShardInfo
- type SortableSearchLog
- type SourceMetadataEntry
- type SourcedKitItem
- type StackGraphRequest
- type StackGraphResponse
- type StackGraphSet
- type StackGraphValue
- type StartSearchAck
- type StartSearchRequest
- type StartSearchResponse
- type StatSet
- type StatsRequest
- type StatsResponse
- type StatsUpdate
- type StorageStats
- type StoredBuildRequest
- type StringTagEntry
- type SysDescResp
- type SysInfo
- type SysStatResponse
- type SysStats
- type TOTPUserConfig
- type TableRequest
- type TableResponse
- type TableRow
- type TableRowSet
- type TableValueSet
- type TagAccess
- type TemplateContents
- type TemplateVariable
- type TextRequest
- type TextResponse
- type Thing
- type ThingHeader
- type TimeRange
- type Token
- type TokenCreate
- type TokenFull
- type TokenFullWire
- type TokenSigningKey
- type UpdateUser
- type UserAddGroups
- type UserBackup
- type UserDefaultSearchGroup
- type UserDetails
- func (ud *UserDetails) CanModify(uid int32) bool
- func (ud *UserDetails) CanRead(uid int32, gids []int32) bool
- func (ud *UserDetails) CapabilityList() []CapabilityDesc
- func (ud *UserDetails) ClearSecrets()
- func (ud *UserDetails) FilterTags(all []string) (r []string)
- func (ud *UserDetails) GIDs() []int32
- func (ud *UserDetails) GroupNames() (gps []string)
- func (ud *UserDetails) GroupTagAccess() (r []TagAccess)
- func (ud *UserDetails) HasCapability(c Capability) bool
- func (ud *UserDetails) HasTagAccess(tg string) (allowed bool)
- func (ud *UserDetails) InAllGroups(gids []int32) bool
- func (ud *UserDetails) InGroup(gid int32) bool
- func (u UserDetails) MarshalJSON() ([]byte, error)
- func (ud *UserDetails) UserCanRead(uid int32, gids []int32) bool
- type UserFile
- type UserFileDetails
- type UserMail
- type UserMailAttachment
- type UserMailConfig
- type UserPreference
- type UserPreferences
- type UserSessions
- type UserTemplate
- type ValidationProblem
- type VersionInfo
- type WarnResp
- type WellInfo
- type WirePivot
- type WireSearchLibrary
- type WireUserFile
- type WireUserTemplate
- type WordOffset
Constants ¶
View Source
const ( //MAJOR API VERSIONS should always be compatible, there just may be //additional features API_VERSION_MAJOR uint32 = 0 API_VERSION_MINOR uint32 = 2 AUTH_TYPE_NONE AuthType = `None` // for when you don't have MFA set up at all yet. AUTH_TYPE_TOTP AuthType = `TOTP` AUTH_TYPE_RECOVERY AuthType = `RecoveryCodes` )
View Source
const ( IngestCat = `Data Ingest` SearchCat = `Search` ActionablesCat = `Actionables` DashboardsCat = `Dashboards` ExtractorsCat = `Extractors` FilesCat = `Files` KitsCat = `Kits` MacrosCat = `Macros` NotificationsCat = `Notifications` PlaybooksCat = `Playbooks` QueryLibraryCat = `Query Library` ResourcesCat = `Resources` AutomationsCat = `Automations` TemplatesCat = `Templates` TokensCat = `Tokens` UsersAndGroupsCat = `Users and Groups` SystemAndStatsCat = `System and Stats` SecretsCat = `Secrets` LogbotAICat = `Logbot AI` )
View Source
const ( TemplateFullUserName = `Full User` TemplateReadOnlyName = `Read Only User` )
View Source
const ( EVENTTYPE_LOG EventType = "log" EVENTTYPE_EVENT EventType = "event" EVENTLOG_LEVEL_DEBUG = "debug" EVENTLOG_LEVEL_INFO = "info" EVENTLOG_LEVEL_WARN = "warn" EVENTLOG_LEVEL_ERROR = "error" )
View Source
const ( // request IDs FDG_REQ_GET_ENTRIES uint32 = 0x02000002 FDG_REQ_STREAMING uint32 = 0x02000005 // response IDs FDG_RESP_GET_ENTRIES uint32 = 0x02000002 FDG_RESP_STREAMING uint32 = 0x02000005 )
View Source
const ( // license type magic numbers Free LicenseType = 0x2518766a3f4f7bca // minimal ingest, single instance, limited features, completely free Eval LicenseType = 0xb7c489d229961f64 // single instance (backend and frontend must be on the same machine) but we throw a bunch of stuff up in the GUI Community LicenseType = 0xa332f9b1f64789d2 // single instance, limited ingest per day Fractional LicenseType = 0xe5354cae719162c3 // single instance, full features, limited ingest per day Single LicenseType = 0x6f848b5ce61db26a //single instance (backend and frontend must be on the same machine) Enterprise LicenseType = 0x6e67a154aa1d503e //single instance, but all features allowed Cluster LicenseType = 0x16e6aac870ea32ee //MxN configuration (many headends, restricted backends) Unlimited LicenseType = 0x387dd2c0faa6e1e3 //MxN configuration (many headends, many backends) Cloud LicenseType = 0xa51975a973c6340f //Hosted cloud systems where number of nodes doesn't matter and ingest is tracked // feature override bitmasks Replication FeatureOverride = 1 SingleSignon FeatureOverride = 1 << 1 Overwatch FeatureOverride = 1 << 2 NoStats FeatureOverride = 1 << 3 UnlimitedCPU FeatureOverride = 1 << 4 CBAC FeatureOverride = 1 << 5 UnlimitedIngest FeatureOverride = 1 << 6 LogbotLLM FeatureOverride = 1 << 7 ReplicationName string = `replication` SingleSignonName string = `sso` OverwatchName string = `overwatch` NoStatsName string = `nostats` UnlimitedCPUName string = `unlimitedcpu` CBACName string = `abac` UnlimitedIngestName string = `unlimitedingest` LogbotLLMName string = `logbotllm` )
View Source
const ( // base universal requests REQ_GET_ENTRIES uint32 = 0x10 REQ_STREAMING uint32 = 0x11 REQ_TS_RANGE uint32 = 0x12 REQ_GET_RAW_ENTRIES uint32 = 0x13 // data exploration requests REQ_GET_EXPLORE_ENTRIES uint32 = 0xf010 REQ_EXPLORE_TS_RANGE uint32 = 0xf012 // Stats Requests REQ_STATS_SIZE uint32 = 0x7F000001 //how many values are there REQ_STATS_RANGE uint32 = 0x7F000002 //give first and last stats values REQ_STATS_GET uint32 = 0x7F000003 //get all stats available given a count REQ_STATS_GET_RANGE uint32 = 0x7F000004 //get all stats over a time range REQ_STATS_GET_SUMMARY uint32 = 0x7F000005 //get a single stats entry REQ_STATS_GET_LOCATION uint32 = 0x7F000006 //get the current location of the search REQ_STATS_GET_OVERVIEW uint32 = 0x7F000007 //Get just an array of entry counts and byte counts over a time range // Search Metadata requests REQ_SEARCH_METADATA uint32 = 0x10001 // base universal responses RESP_GET_ENTRIES uint32 = 0x10 RESP_STREAMING uint32 = 0x11 RESP_TS_RANGE uint32 = 0x12 RESP_GET_RAW_ENTRIES uint32 = 0x13 // data exploration responses RESP_GET_EXPLORE_ENTRIES uint32 = 0xf010 RESP_EXPLORE_TS_RANGE uint32 = 0xf012 // Stats Responses RESP_STATS_SIZE uint32 = 0x7F000001 RESP_STATS_RANGE uint32 = 0x7F000002 RESP_STATS_GET uint32 = 0x7F000003 RESP_STATS_GET_RANGE uint32 = 0x7F000004 RESP_STATS_GET_SUMMARY uint32 = 0x7F000005 RESP_STATS_GET_LOCATION uint32 = 0x7F000006 RESP_STATS_GET_OVERVIEW uint32 = 0x7F000007 // Search Metadata responses RESP_SEARCH_METADATA uint32 = 0x10001 STATS_MASK uint32 = 0xFF000000 STATS_MASK_ID uint32 = 0x7F000000 )
View Source
const ( DownloadJSON string = `json` //encode as JSON DownloadCSV string = `csv` //standard CSV file DownloadText string = `text` //just text... DownloadPCAP string = `pcap` //format as a full blown PCAP-NG file DownloadLookupData string = `lookupdata` //GOB encoded table that can be passed back to the "lookup" module DownloadIPExists string = `ipexist` //IPExist encoded bitblock (https://github.com/gravwell/ipexist) DownloadArchive string = `archive` //a reimportable archive that is the complete renderer dataset DownloadDataTypeString string = `string` DownloadDataTypeSlice string = `slice` DownloadDataTypeIP string = `IP` DownloadDataTypeEV string = `EV` RenderNameRaw string = `raw` RenderNameHex string = `hex` RenderNameText string = `text` RenderNamePcap string = `pcap` RenderNameTable string = `table` RenderNameGauge string = `gauge` RenderNameNumbercard string = `numbercard` RenderNameChart string = `chart` RenderNameFdg string = `fdg` RenderNameStackGraph string = `stackgraph` RenderNamePointmap string = `pointmap` RenderNameHeatmap string = `heatmap` RenderNameP2P string = `point2point` MetadataTypeRaw string = `raw` MetadataTypeNumber string = `number` )
View Source
const ( ScriptAnko ScriptLang = 0 // default is anko ScriptGo ScriptLang = 1 // new hotness is go ScheduledTypeSearch string = "search" ScheduledTypeScript string = "script" ScheduledTypeFlow string = "flow" SEQ_NODE_NOT_EXECUTED = 9999999 )
View Source
const ( // Universal requests REQ_CLOSE uint32 = 0x1 REQ_ENTRY_COUNT uint32 = 0x3 REQ_SEARCH_DETAILS uint32 = 0x4 REQ_SEARCH_TAGS uint32 = 0x5 // Universal responses RESP_ERROR uint32 = 0xFFFFFFFF RESP_CLOSE uint32 = 0x1 RESP_ENTRY_COUNT uint32 = 0x3 RESP_SEARCH_DETAILS uint32 = 0x4 RESP_SEARCH_TAGS uint32 = 0x5 )
View Source
const ( LaunchMethodManual = `manual` LaunchMethodDirectQuery = `directquery` LaunchMethodFlow = `flow` LaunchMethodScript = `script` LaunchMethodScheduledSearch = `scheduledSearch` LaunchMethodDashboard = `dashboard` )
Search Launch Methods
View Source
const ( NotificationLevelInfo string = `info` NotificationLevelWarn string = `warn` NotificationLevelError string = `error` NotificationLevelCritical string = `critical` )
View Source
const AllowedMacroChars = "ABCDCEFGHIJKLMNOPQRSTUVWXYZ1234567890_-"
View Source
const (
TokenHeader string = `Gravwell-Token`
)
Variables ¶
View Source
var ( ErrMissingModule error = errors.New("extraction module name is missing") ErrMissingParams error = errors.New("extraction parameters missing") ErrMissingTag error = errors.New("extraction tag assignment missing") )
View Source
var ( ErrNameChartableMismatch = errors.New("Name lengths do not match chartable lengths") ChartableNaN = ChartableDataPoint(math.NaN()) )
View Source
var ( ErrNoMetadata = errors.New("No metadata available") ErrIngestNotRestricted = errors.New("Ingest is not restricted") )
View Source
var ( Overrides = []FeatureOverride{ Replication, SingleSignon, Overwatch, NoStats, UnlimitedCPU, UnlimitedIngest, CBAC, LogbotLLM, } OverrideNames = []string{ ReplicationName, SingleSignonName, OverwatchName, NoStatsName, UnlimitedCPUName, UnlimitedIngestName, CBACName, LogbotLLMName, } )
View Source
var (
ErrIllegalMacroCharacter error = errors.New("Illegal character in macro name")
)
View Source
var (
ErrInvalidGeofence = errors.New("Invalid geofence")
)
View Source
var (
ErrUnknownCapability = errors.New("Unknown capability")
)
View Source
var (
ErrUnknownScriptLanguage = errors.New("Unknown script language")
)
View Source
var ( //essentially a never expires NeverExpires = time.Date(2099, 12, 31, 12, 0, 0, 0, time.UTC) )
Functions ¶
func AddCapability ¶ added in v3.8.6
func AddCapability(b []byte, cp Capability) (r []byte, err error)
AddCapability adds the capability c to the bitmask b
func CapabilityStringList ¶ added in v3.8.6
func CapabilityStringList() []string
func CheckApiVersion ¶
func CheckCapability ¶ added in v3.8.6
func CheckCapability(b []byte, c Capability) (r bool)
CheckCapability checks if the capability c is set in the bitmask b
func CheckMacroName ¶
func CheckTagAccess ¶
CheckTagAccess returns true if the tag tg is allowed in the given TagAccess object.
func CheckUserCapabilityAccess ¶ added in v3.8.6
func CheckUserCapabilityAccess(ud *UserDetails, c Capability) (allowed bool)
CheckUserCapabilityAccess checks if a user has access to a given capability based on their direct and group assignments
func EncodeCapabilities ¶ added in v3.8.6
func EncodeCapabilities(caps []Capability) (b []byte, err error)
Encode encodes a list of capabilities into a buffer
func EncodeMetadata ¶
func FeatureOverridesString ¶
func FeatureOverridesString(fo FeatureOverride) (s string)
func FilterTags ¶
Return the set of tags permitted within a given slice of tags.
func RemoveCapability ¶ added in v3.8.6
func RemoveCapability(b []byte, c Capability) (r bool)
RemoveCapability removes the capability c in the bitmask b
func UniqueIngesters ¶
func UniqueIngesters(sts []IngestStats) (r uint64)
func ValidateCapabilities ¶ added in v3.8.6
func ValidateCapabilities(cps []Capability) (err error)
Types ¶
type AIHealthcheck ¶ added in v3.8.54
type AIHealthcheck struct {
// Bool indicating if this license/endpoint has unlimited access to remote AI workers
UnlimitedActions bool `json:"unlimited"`
// The total number of actions allowed for the account in the given time frame
InitialActions int `json:"initial_actions"`
// Count of AI actions remaining for the current user
RemainingActions int `json:"remaining_actions"`
// Describes the next moment when the current user is allowed to perform more AI actions
NextActionRegenDatetime time.Time `json:"next_action_regen_datetime"`
// A soft limit of the number of tokens that can be provided in a chat completion.
// This value is used to show warnings in the Gravwell UI when a request's prompt token count reaches this number.
WarnTokens int `json:"warn_tokens"`
// A hard limit of the number of tokens that can be provided in a chat completion
MaxTokens int `json:"max_tokens"`
}
AIHealthcheck - Describes the status of AI features for the current user
type AXDefinition ¶
type AXDefinition struct {
Name string `toml:"name,omitempty" json:",omitempty"`
Desc string `toml:"desc,omitempty" json:",omitempty"`
Module string `toml:"module"`
Params string `toml:"params" json:",omitempty"`
Args string `toml:"args,omitempty" json:",omitempty"`
Tag string `toml:"tag"`
Tags []string `toml:"tags"` // AXs can support multiple tags. For backwards compatibility, we leave Tag and add Tags
Labels []string `toml:"-"`
UID int32 `toml:"-"`
GIDs []int32 `toml:"-"`
Global bool `toml:"-"`
UUID uuid.UUID `toml:"-"`
Synced bool `toml:"-" json:"-"`
LastUpdated time.Time `toml:"-"`
}
AutoExtractor object. When setting an AutoExtractor, only Name, Module, Params, and Tag must be set.
func (AXDefinition) Encode ¶
func (dc AXDefinition) Encode(fout io.Writer, hdr string) (err error)
Encode the "config file" styled AX definition to the given io.Writer. hdr is an optional header comment.
func (AXDefinition) Equal ¶
func (axd AXDefinition) Equal(v AXDefinition) bool
func (*AXDefinition) GetTags ¶ added in v3.8.25
func (dc *AXDefinition) GetTags() []string
func (AXDefinition) JSONMetadata ¶
func (dc AXDefinition) JSONMetadata() (ro json.RawMessage, err error)
func (*AXDefinition) Validate ¶
func (dc *AXDefinition) Validate() error
Verify all required fields in an AXDefinition object are valid.
type AdminActionResp ¶
type AlertConsumer ¶ added in v3.8.23
type AlertConsumer struct {
ID string `json:"ID"`
Type AlertConsumerType `json:"Type"`
}
AlertConsumer - Something which consumes alerts.
type AlertConsumerType ¶ added in v3.8.23
type AlertConsumerType string
AlertConsumerType : Possible types for an Alert Consumer
const (
ALERTCONSUMERTYPE_FLOW AlertConsumerType = "flow"
)
List of AlertConsumerType
type AlertConsumerValidateRequest ¶ added in v3.8.23
type AlertConsumerValidateRequest struct {
Consumer AlertConsumer
Alert AlertDefinition
}
AlertConsumerValidateRequest - Request to validate the given consumer for use with an alert
type AlertConsumerValidateResponse ¶ added in v3.8.23
AlertConsumerValidateResponse - Indicates whether a consumer is valid for a given alert or not.
type AlertDefinition ¶ added in v3.8.23
type AlertDefinition struct {
// The actions the user is allowed to take on this definition.
// Derived by the backend when requested by the user; any
// value sent in a request will be ignored.
Can Actions `json:"Can"`
// A list of flows which will be run when alerts are generated.
Consumers []AlertConsumer `json:"Consumers"`
Description string `json:"Description"`
Disabled bool `json:"Disabled"`
// A list of things which create alerts (currently only scheduled searches).
Dispatchers []AlertDispatcher `json:"Dispatchers"`
GIDs []int32 `json:"GIDs"`
GUID uuid.UUID `json:"GUID"`
Global bool `json:"Global"`
IngestBlocked bool `json:"IngestBlocked"`
Labels []string `json:"Labels"`
LastUpdated time.Time `json:"LastUpdated"`
// Maximum number of events allowed per firing of the alert. This is
// intended as a safety valve to avoid thousands of emails. If zero,
// a (low) default value will be used.
MaxEvents int `json:"MaxEvents"`
Name string `json:"Name"`
// How long, in seconds, we should save searches which trigger this alert.
SaveSearchDuration int32 `json:"SaveSearchDuration"`
// Whether or not searches which trigger the alert should be saved
SaveSearchEnabled bool `json:"SaveSearchEnabled"`
// A JSON schema describing the expected fields in the alerts.
Schemas AlertSchemas `json:"Schemas"`
// The tag into which alerts will be ingested
TargetTag string `json:"TargetTag"`
ThingUUID uuid.UUID `json:"ThingUUID"`
// The owner of the Alert
UID int32 `json:"UID"`
// Arbitrary user-defined metadata which will be injected into the events
UserMetadata map[string]interface{} `json:"UserMetadata"`
// Sharing rules for this alert.
WriteAccess Access `json:"WriteAccess"`
}
AlertDefinition - A Gravwell Alert specification
func (*AlertDefinition) JSONMetadata ¶ added in v3.8.23
func (alert *AlertDefinition) JSONMetadata() (json.RawMessage, error)
type AlertDispatcher ¶ added in v3.8.23
type AlertDispatcher struct {
ID string `json:"ID"`
Type AlertDispatcherType `json:"Type"`
}
AlertDispatcher - Something which creates alerts.
type AlertDispatcherType ¶ added in v3.8.23
type AlertDispatcherType string
AlertDispatcherType : Possible types for an Alert Dispatcher
const (
ALERTDISPATCHERTYPE_SCHEDULEDSEARCH AlertDispatcherType = "scheduledsearch"
)
List of AlertDispatcherType
type AlertDispatcherValidateError ¶ added in v3.8.23
type AlertDispatcherValidateError struct {
// The path that led to the error
Path string
InvalidValue *interface{}
// Human-friendly information as to why the item failed
Message string
}
AlertDispatcherValidateError - Describes a failed validation item for a dispatcher
type AlertDispatcherValidateRequest ¶ added in v3.8.23
type AlertDispatcherValidateRequest struct {
Dispatcher AlertDispatcher
QueryString string
Schema AlertSchemas
}
AlertDispatcherValidateRequest - Request to validate the given dispatcher against a schema. Populate the Dispatcher field to refer to an existing scheduled search, or set QueryString to test a query string
type AlertDispatcherValidateResponse ¶ added in v3.8.23
type AlertDispatcherValidateResponse struct {
// If true, the dispatcher generates all required fields in the schema.
Valid bool
// Names of fields which were missing.
ValidationErrors []AlertDispatcherValidateError
}
AlertDispatcherValidateResponse - Indicates which, if any, fields the given dispatcher failed to provide.
type AlertSchemas ¶ added in v3.8.23
type AlertSchemas struct {
// The "simple" schema, if any is defined.
Simple []AlertSchemasSimpleItem
// A schema derived from an OCSF spec.
OCSF AlertSchemasOcsf
// A user-provided JSON schema.
JSON map[string]interface{}
ActiveSchema string
}
AlertSchema - Contains schema definitions for an alert and selects which one is to be used.
type AlertSchemasOcsf ¶ added in v3.8.23
AlertSchemasOcsf defines an OCSF schema to use.
type AlertSchemasSimpleItem ¶ added in v3.8.23
AlertSchemasSimpleItem defines a single item in a Simple schema
type ApiInfo ¶
func ApiVersion ¶
func ApiVersion() ApiInfo
type AttachSearchRequest ¶
type AttachSearchRequest struct {
ID string
}
Request to reattach to a search.
type AttachSearchResponse ¶
type AttachSearchResponse struct {
Error string `json:",omitempty"` //error if not
Subproto string `json:",omitempty"` //the new subprotocol
RendererMod string `json:",omitempty"` //the renderer in use
RendererCmd string `json:",omitempty"` //the renderer commands
Info *SearchInfo `json:",omitempty"` //info if available
}
AttachSearchResponse contains the subproto and SearchInfo object when attaching to a search.
type BackendNotification ¶
type BackendNotification struct {
Notification
Action NotificationAction
GUID uuid.UUID
}
type BackupConfig ¶ added in v3.8.18
type BackupResponse ¶ added in v3.8.21
type BaseRequest ¶
type BaseRequest struct {
ID uint32
Stats *SearchStatsRequest `json:",omitempty"`
EntryRange *EntryRange `json:",omitempty"`
Addendum json.RawMessage `json:",omitempty"`
}
BaseRequest contains elements common to all renderer requests.
type BaseResponse ¶
type BaseResponse struct {
ID uint32
Stats *SearchStatsResponse `json:",omitempty"`
Addendum json.RawMessage `json:",omitempty"`
SearchInfo *SearchInfo `json:",omitempty"`
EntryRange *EntryRange `json:",omitempty"`
Metadata *SearchMetadata `json:",omitempty"`
Tags map[string]entry.EntryTag `json:",omitempty"`
Error string `json:",omitempty"`
// Finished is true when the query has completed.
Finished bool
// EntryCount is the number of entries which *entered* the renderer.
EntryCount uint64
// For some renderers, the EntryCount accurately represents the total
// number of results available. This field is set to 'true' in that case,
// meaning the EntryCount number can be displayed alongside the results
// without confusion.
EntryCountValid bool
// If set, there are more entries for the given timeframe available.
// For non-condensing this means EntryCount > request.Last
// For condensing, this means that given the range, there are values
// available after the Last range.
AdditionalEntries bool
// Indicates that the query results exceeded the on-disk storage limits.
OverLimit bool
// Indicates the range of entries that were dropped due to storage limits.
LimitDroppedRange TimeRange
// Indicates that there is some warning about the query results the user should be aware of.
// Will be empty if no warning is present.
Warning string
}
BaseResponse contains elements common to all renderer request responses.
func (BaseResponse) Err ¶ added in v3.8.6
func (br BaseResponse) Err() error
type BuildInfo ¶
type BuildInfo struct {
CanonicalVersion
BuildDate time.Time `json:",omitempty"`
BuildID string `json:",omitempty"`
GUIBuildID string `json:",omitempty"`
}
func (BuildInfo) NewerVersion ¶
type CBACRules ¶ added in v3.8.20
type CBACRules struct {
Capabilities CapabilitySet
Tags TagAccess
}
CBACRules is the main structure that holds default stats and grants for for API and tag access the Capabilities and Tags sub structures handle access independently
func (*CBACRules) CapabilityList ¶ added in v3.8.20
func (abr *CBACRules) CapabilityList() (r []CapabilityDesc)
CapabilityList returns a comprehensive set of capability descriptions that the given ruleset has access to
func (*CBACRules) CapabilityState ¶ added in v3.8.20
func (abr *CBACRules) CapabilityState() (r CapabilityState)
export a CapabilityState from the underlying capability rules
func (*CBACRules) HasCapability ¶ added in v3.8.20
func (abr *CBACRules) HasCapability(c Capability) (allowed bool)
HasCapability checks if a given CBACRules set has a capability
type CalendarEntry ¶ added in v3.8.25
type CalendarRequest ¶ added in v3.8.25
type CanonicalVersion ¶
The full version of Gravwell in this build - eg 4.1.2
func ParseCanonicalVersion ¶
func ParseCanonicalVersion(s string) (r CanonicalVersion, err error)
Return a CanonicalVersion object containing the given version string. Must be in the form of "X.Y.Z".
func (CanonicalVersion) Compare ¶
func (cv CanonicalVersion) Compare(ncv CanonicalVersion) int
Compare returns the following:
0 - equal versions <0 - incoming is older than existing >0 - incoming is newer then existing
func (CanonicalVersion) Compatible ¶
func (cv CanonicalVersion) Compatible(min, max CanonicalVersion) bool
func (CanonicalVersion) Enabled ¶
func (cv CanonicalVersion) Enabled() bool
func (CanonicalVersion) NewerVersion ¶
func (cv CanonicalVersion) NewerVersion(ncv CanonicalVersion) bool
NewerVersion returns true if the incoming version is newer than coming
func (CanonicalVersion) String ¶
func (cv CanonicalVersion) String() string
type CapError ¶
CapError is an enhanced error that will return why an API told you know Typically its an error message and the capability you would need in order to use the API
type Capability ¶
type Capability uint16
const ( Search Capability = 0 Download Capability = 1 SaveSearch Capability = 2 AttachSearch Capability = 3 BackgroundSearch Capability = 4 SetSearchGroup Capability = 6 SearchHistory Capability = 7 SearchGroupHistory Capability = 8 SearchAllHistory Capability = 9 DashboardRead Capability = 10 DashboardWrite Capability = 11 ResourceRead Capability = 12 ResourceWrite Capability = 13 TemplateRead Capability = 14 TemplateWrite Capability = 15 PivotRead Capability = 16 PivotWrite Capability = 17 MacroRead Capability = 18 MacroWrite Capability = 19 LibraryRead Capability = 20 LibraryWrite Capability = 21 ExtractorRead Capability = 22 ExtractorWrite Capability = 23 UserFileRead Capability = 24 UserFileWrite Capability = 25 KitRead Capability = 26 KitWrite Capability = 27 KitBuild Capability = 28 KitDownload Capability = 29 ScheduleRead Capability = 30 ScheduleWrite Capability = 31 SOARLibs Capability = 32 SOAREmail Capability = 33 PlaybookRead Capability = 34 PlaybookWrite Capability = 35 //management capabilities LicenseRead Capability = 36 Stats Capability = 37 Ingest Capability = 38 ListUsers Capability = 39 ListGroups Capability = 40 ListGroupMembers Capability = 41 NotificationRead Capability = 42 NotificationWrite Capability = 43 SystemInfoRead Capability = 44 TokenRead Capability = 45 TokenWrite Capability = 46 SecretRead Capability = 47 SecretWrite Capability = 48 AlertRead Capability = 49 AlertWrite Capability = 50 LogbotAI Capability = 51 )
func CapabilityList ¶ added in v3.8.6
func CapabilityList() []Capability
func (Capability) CapabilityDesc ¶
func (c Capability) CapabilityDesc() CapabilityDesc
CapabilityDesc converts a Capability into a CapabilityDescription
func (Capability) Category ¶ added in v3.8.18
func (c Capability) Category() CapabilityCategory
Name returns the ASCII name of a capability
func (Capability) Description ¶
func (c Capability) Description() string
Description returns an ASCII description of a capability value
func (Capability) Name ¶ added in v3.8.5
func (c Capability) Name() string
Name returns the ASCII name of a capability
func (*Capability) Parse ¶ added in v3.8.5
func (c *Capability) Parse(v string) (err error)
Parse attempts to resolve a capability value from a name Parse will ignore case and trim surrounding whitespace
func (Capability) String ¶
func (c Capability) String() string
String implements the stringer interface, it does not return a parsable name but rather a shorthand description
func (Capability) Valid ¶ added in v3.8.6
func (c Capability) Valid() bool
Check if the capability value is valid/known
type CapabilityCategory ¶ added in v3.8.18
type CapabilityCategory string
type CapabilityDesc ¶
type CapabilityDesc struct {
Cap Capability
Name string
Desc string
Category CapabilityCategory
}
CapabilityDesc is an enhanced structure containing a capability value, its name, and a brief description
func CapabilityDescriptions ¶ added in v3.8.6
func CapabilityDescriptions() (r []CapabilityDesc)
func CreateUserCapabilityList ¶ added in v3.8.6
func CreateUserCapabilityList(ud *UserDetails) (r []CapabilityDesc)
CreateUserCapabilityList creates a comprehensive list of capabilities the user has access to based on their direct and group assignments
type CapabilityExplanation ¶ added in v3.8.21
type CapabilityExplanation struct {
CapabilityDesc
Granted bool // True if the user has this capability
UserGrant bool // True if the capability was explicitly granted to the user
GroupGrants []GroupDetails // An array of groups to which the user belongs that grant the capability.
}
CapabilityExplanation wraps a CapabilityDesc with information about if and how the user *obtained* that capability.
type CapabilitySet ¶ added in v3.8.6
type CapabilitySet struct {
Grants []byte
}
CapabilitySet is the compacted set of default values and grants The CapabilitySet is translated from the CapabilityState and held internally for faster operations
func (*CapabilitySet) CapabilityList ¶ added in v3.8.6
func (cs *CapabilitySet) CapabilityList() (r []CapabilityDesc)
CapabilityList returns a list of capability descrptions that are in this set
func (*CapabilitySet) Clear ¶ added in v3.8.20
func (cs *CapabilitySet) Clear(c Capability) (r bool)
Clear removes a capability grant from the CapabilitySet
func (CapabilitySet) Has ¶ added in v3.8.6
func (cs CapabilitySet) Has(c Capability) bool
Has checks if a capability is allowed given the default value and grants
func (CapabilitySet) IsSet ¶ added in v3.8.6
func (cs CapabilitySet) IsSet(c Capability) bool
IsSet checks if a capability grant is set
func (*CapabilitySet) Set ¶ added in v3.8.20
func (cs *CapabilitySet) Set(c Capability) (r bool)
Set sets an grant on the capability set
type CapabilityState ¶ added in v3.8.6
type CapabilityState struct {
Grants []string
}
CapabilityState is the expanded set of capabilities that is exchanged between clients the the API The grants specified using the full name of a capability to make the API more explicit
func AllCapabilityAccess ¶ added in v3.8.20
func AllCapabilityAccess() CapabilityState
func (CapabilityState) CapabilityList ¶ added in v3.8.6
func (st CapabilityState) CapabilityList() (lst []CapabilityDesc, err error)
CapabilityList returns a list of capability descriptions that this capability state has access to
func (CapabilityState) CapabilitySet ¶ added in v3.8.6
func (st CapabilityState) CapabilitySet() (cs CapabilitySet, err error)
CapabilitySet converts the human friendly CapabilityState into an optimized and encoded CapabilitySet for internal use
func (CapabilityState) MarshalJSON ¶ added in v3.8.20
func (cs CapabilityState) MarshalJSON() ([]byte, error)
type CapabilityTemplate ¶
type CapabilityTemplate struct {
Name string
Desc string
Caps []Capability
}
CapabilityTemplate is group of capabilities with a name and description, this is used to build up a simplified set of macro capabilities like "can run all searches" or "can read results but not write them"
func TemplateList ¶ added in v3.8.6
func TemplateList() []CapabilityTemplate
func (CapabilityTemplate) CapabilityState ¶ added in v3.8.6
func (ct CapabilityTemplate) CapabilityState() (s CapabilityState)
CapabilityState takes a capability template and converts it into a capability set that can be sent to the API This defaults to a state with default deny and explicit allow
type ChangePassword ¶
type ChartRequest ¶
type ChartRequest struct {
BaseRequest
}
type ChartResponse ¶
type ChartResponse struct {
BaseResponse
Entries ChartableValueSet
}
type Chartable ¶
type Chartable struct {
Data []ChartableDataPoint
TS entry.Timestamp
}
type ChartableDataPoint ¶
type ChartableDataPoint float64
func (ChartableDataPoint) IsNaN ¶ added in v3.8.0
func (cdp ChartableDataPoint) IsNaN() bool
func (ChartableDataPoint) MarshalJSON ¶
func (cdp ChartableDataPoint) MarshalJSON() ([]byte, error)
type ChartableSet ¶
type ChartableSet []Chartable
func (*ChartableSet) Add ¶
func (cs *ChartableSet) Add(c Chartable)
func (ChartableSet) Len ¶
func (cs ChartableSet) Len() int
func (*ChartableSet) Reset ¶
func (cs *ChartableSet) Reset()
func (ChartableSet) Sec ¶
func (cs ChartableSet) Sec(i int) int64
type ChartableValueSet ¶
type ChartableValueSet struct {
Names []string
KeyComps []KeyComponents `json:",omitempty"`
Categories []string `json:",omitempty"`
Values ChartableSet
}
ChartableValueSet is what is returned when we have a request for data the length of Names MUST BE the same length as each set of Values in each Set
func (*ChartableValueSet) AddKeyComponents ¶
func (cvs *ChartableValueSet) AddKeyComponents(name, cat string, keys []string) error
AddKeyComponents preps the ChartableValueSet with the appropriate key material
func (ChartableValueSet) MarshalJSON ¶
func (cvs ChartableValueSet) MarshalJSON() ([]byte, error)
func (*ChartableValueSet) Sort ¶ added in v3.8.16
func (cvs *ChartableValueSet) Sort() error
Sort is a little helper that picks the right sort based on the data types exposed if there is only one set (one time slice for things like non time-series charts) it sorts by value if there is more than one time slice, it sortsby name
func (*ChartableValueSet) SortByNames ¶
func (cvs *ChartableValueSet) SortByNames() error
SortByNames will sort the chartable data by name, keeping values coordinated
func (*ChartableValueSet) SortByValue ¶ added in v3.8.16
func (cvs *ChartableValueSet) SortByValue() error
SortByValues will sort the series by the the first value in the chartable data set this will return an error if there is more than one time slice of data
type Dashboard ¶
type Dashboard struct {
ID uint64
Name string
UID int32
GIDs []int32
Global bool
WriteAccess Access
Description string
Created time.Time
Updated time.Time
Data RawObject
Labels []string
GUID string `json:",omitempty"`
Trivial bool `json:",omitempty"`
Synced bool
}
Dashboard type used for relaying data back and forth to frontend.
func (*Dashboard) UnmarshalObject ¶
type DashboardAdd ¶
type DashboardAdd struct {
Name string
Description string
Data RawObject
Labels []string
UID int32
GIDs []int32
Global bool
WriteAccess Access
}
DashboardAdd is used to push new dashboards.
func EncodeDashboardAdd ¶
func EncodeDashboardAdd(name, desc string, obj interface{}) (*DashboardAdd, error)
func (DashboardAdd) MarshalJSON ¶
func (d DashboardAdd) MarshalJSON() ([]byte, error)
func (*DashboardAdd) UnmarshalObject ¶
func (d *DashboardAdd) UnmarshalObject(obj interface{}) error
type DashboardComment ¶
DashboardComment is used to send and retrieve comments.
type DashboardGet ¶
type DashboardGet struct {
Name string
Desc string
JSON []byte
User string
Score int `json:",omitempty"`
Version int `json:",omitempty"`
GUID string
Created time.Time
Updated time.Time
Customer string
Tags []string
}
DashboardGet is used to get a dashboard from the marketplace.
type DashboardPost ¶
DashboardPost is used in sending a new dashboard to the marketplace.
type Dashboards ¶
type Dashboards []Dashboard
func (Dashboards) MarshalJSON ¶
func (d Dashboards) MarshalJSON() ([]byte, error)
type DeploymentInfo ¶
type DeploymentInfo struct {
Distributed bool //distributed webservers, meaning more than one
CBACEnabled bool //whether CBAC is enabled on the system
DefaultLanguage string
AIEnabled bool // is the AI system available at all
AIProcessor string // URL of system that services Logbot AI requests
AIDisabledReason string `json:",omitempty"` // if AI is disabled, explain why
RenderStoreLimit uint //maximum amount of data that can be stored in a renderer per search
}
type DiskStats ¶
type DiskStats struct {
Mount string
Partition string
Total uint64
Used uint64
// unique ID for this disk on this host
// essentially a hash of indexer UUID, Mount, and Partition
// this is used to uniquely identify a disk and mount on a specific host
// uses are for when multiple indexers have the same disk topology
// or docker clusters where everything is identical
ID string
}
Disk statistics as shown in the System Stats - Hardware and Disks view in Gravwell.
type Element ¶
type Element struct {
Module string
Args string `json:",omitempty"`
Name string
Path string
Value interface{}
SubElements []Element `json:",omitempty"`
Filters []string
}
An Element is an item which has been extracted from an entry using the data exploration system.
type EntryRange ¶
type EnumeratedPair ¶
type EnumeratedPair struct {
Name string
Value string `json:"ValueStr"`
RawValue RawEnumeratedValue `json:"Value"`
}
EnumeratedPair is the string representation of enumerated values.
func (EnumeratedPair) String ¶ added in v3.8.6
func (ep EnumeratedPair) String() string
type ErrorObject ¶ added in v3.8.6
ErrorObject is a basic error object with the error value and an optional info structure that has more info about the error
type Event ¶ added in v3.8.23
type Event struct {
Type EventType
Metadata EventMetadata `json:",omitempty"`
Contents map[string]interface{} `json:",omitempty"`
}
Event is the type produced by an Alert Dispatcher which gets ingested. The Type field should always be EVENTTYPE_EVENT, to indicate that this is a regular event.
type EventConsumerInfo ¶ added in v3.8.23
type EventConsumerInfo struct {
Type AlertConsumerType
ID string
Name string
Labels []string `json:",omitempty"`
}
EventConsumerInfo gives extended information about a consumer which will be launched to consume this event.
type EventDispatcherInfo ¶ added in v3.8.23
type EventDispatcherInfo struct {
Type AlertDispatcherType
ID string
Name string `json:",omitempty"`
SearchID string `json:",omitempty"`
Labels []string // any labels attached to this dispatcher
EventCount int // number of events that were generated by the dispatcher
EventsElided bool // true if we had to drop events because there were too many results
}
EventDispatcherInfo gives extended information about the thing which triggered the alert / created the event
type EventLog ¶ added in v3.8.23
type EventLog struct {
Type EventType
Level string
Message string `json:",omitempty"`
KV map[string]string `json:",omitempty"`
Trigger Event `json:",omitempty"`
}
EventLog gets generated when something happens during the execution of an alert that needs to be logged. The Type field should always be EVENTTYPE_LOG.
type EventMetadata ¶ added in v3.8.23
type EventMetadata struct {
UID int32
Username string
Created time.Time
AlertID string // ThingUUID of the Alert
AlertName string
AlertActivation string // uniquely identify the particular activation of the alert
EventIndex int // this event's index within the dispatcher results for the alert activation
TargetTag string // the tag this got sent to
AlertLabels []string
Dispatcher EventDispatcherInfo
Consumers []EventConsumerInfo `json:",omitempty"` // consmers which will be launched for this event
UserMetadata map[string]interface{} // this is arbitrary stuff that the user attached to the alert def.
ValidationProblems []ValidationProblem `json:",omitempty"`
}
EventMetadata tells us about the owner of this event definition and who created the event.
func BuildEventMetadata ¶ added in v3.8.23
func BuildEventMetadata(created time.Time, ud UserDetails, alertDef AlertDefinition, dispatcher EventDispatcherInfo) EventMetadata
BuildEventMetadata builds up a generic EventMetadata to be used with events for a specific firing of the given Alert via the given Dispatcher.
type ExploreRequest ¶ added in v3.8.8
ExploreRequest is used to request that the webserver perform a complete cracking of all entries in the given range, the webserver will return an array of ExploreResult
type ExploreResult ¶
type ExploreResult struct {
Elements []Element `json:",omitempty"`
// This represents the module which generated the result, but
// individual Elements may have a different module set for
// purposes of filtering.
Module string
Tag string
WordOffsets []WordOffset `json:",omitempty"`
}
type FdgRequest ¶
type FdgRequest struct {
BaseRequest
}
type FdgResponse ¶
type FdgResponse struct {
BaseResponse
Entries FdgSet
}
type FeatureOverride ¶
type FeatureOverride uint64
func NewFeatureOverride ¶
func NewFeatureOverride(name string) (fo FeatureOverride, err error)
func ParseFeatureOverrides ¶
func ParseFeatureOverrides(v string) (fo FeatureOverride, err error)
func (FeatureOverride) Set ¶
func (fo FeatureOverride) Set(t FeatureOverride) bool
func (FeatureOverride) String ¶
func (fo FeatureOverride) String() (r string)
func (*FeatureOverride) Update ¶
func (fo *FeatureOverride) Update(t FeatureOverride)
type Features ¶ added in v3.8.20
type Features struct {
Replication bool
SingleSignon bool
Overwatch bool
NoStats bool
UnlimitedCPU bool
CBAC bool
UnlimitedIngest bool
LogbotLLM bool
}
Features is a list of features present on this license. It's used in the /api/license path to report what features are available (but not necessarily in use).
type FilterRequest ¶
type FlowNodeResult ¶ added in v3.8.5
type FlowNodeResult struct {
Payload map[string]interface{}
ID int // the node ID
Type string // the type of node, e.g. RunQuery
Log string
Error string
Start int64 // unix nanoseconds
End int64 // unix nanoseconds
// The first node executed has sequence 0, the next is sequence 1, etc.
// Nodes which were not executed have Sequence = SEQ_NODE_NOT_EXECUTED
Sequence int
}
type FlowParseRequest ¶ added in v3.8.2
type FlowParseResponse ¶ added in v3.8.2
type FlowParseResponse struct {
OK bool
// Error and ErrorNode are now deprecated; look at the Failures map
// to see if there were parse problems. They are retained for compatibility.
Error string `json:",omitempty"`
ErrorNode int // the node which failed to parse (ignore if Error is empty)
OutputPayloads map[int]map[string]interface{}
InitialPayload map[string]interface{} // the payload which gets passed to nodes with no dependencies
Failures map[int]NodeParseFailure
}
type GUISettings ¶
type GUISettings struct {
DistributedWebservers bool
DisableMapTileProxy bool
MapTileUrl string
// If true, the UI shouldn't display any notifications about new features
DisableFeaturePopups bool
// Indicates that we're in cloud mode - changes some behaviors
CloudMode bool
ServerTime time.Time
ServerTimezone string
ServerTimezoneOffset int
MaxFileSize uint64 // the maximum size allowed for user file uploads
MaxResourceSize uint64 // the largest resource you're allowed to make
MaxJsonRequestSize uint64 // the largest object you're allowed to send in a JSON request body
IngestAllowed bool // set to true if the user is allowed to use the ingest APIs
NonCommercial bool // set to true if the license is a non-commercial license
}
type GaugeRequest ¶
type GaugeRequest struct {
BaseRequest
}
type GaugeResponse ¶
type GaugeResponse struct {
BaseResponse
Entries []GaugeValue
}
type GaugeValue ¶
Gauge renderer
type GenerateAXRequest ¶
type GenerateAXRequest struct {
Tag string
Entries []SearchEntry
}
A GenerateAXRequest contains a tag name and a set of entries. It is used by clients to request all possible extractions from the given entries. All entries should have the same tag.
type GenerateAXResponse ¶
type GenerateAXResponse struct {
Extractor AXDefinition
// Confidence is a range from 0 to 10, with 10 meaning "we are very confident"
// and 0 meaning "we didn't extract anything of worth".
// Some modules, like xml, will return values lower than 10 even if they extracted
// lots of data, because other modules like winlog should take precedence if they
// succeed.
Confidence float64
Entries []SearchEntry
Explore []ExploreResult
}
A GenerateAXResponse contains an autoextractor definition and corresponding Element extractions as gathered from a single extraction module
type Geofence ¶
type Geofence struct {
SouthWest Location `json:",omitempty"`
NorthEast Location `json:",omitempty"`
// contains filtered or unexported fields
}
func (*Geofence) CrossesAntimeridian ¶
type GroupDetails ¶
type HeatmapRequest ¶
type HeatmapRequest struct {
BaseRequest
Fence Geofence `json:",omitempty"`
}
type HeatmapResponse ¶
type HeatmapResponse struct {
BaseResponse
Entries []HeatmapValue `json:",omitempty"`
}
type HeatmapValue ¶
func (HeatmapValue) MarshalJSON ¶
func (hv HeatmapValue) MarshalJSON() ([]byte, error)
func (*HeatmapValue) UnmarshalJSON ¶
func (hv *HeatmapValue) UnmarshalJSON(data []byte) error
type HostSysStats ¶
type HostSysStats struct {
Uptime uint64 `json:",omitempty"`
TotalMemory uint64 `json:",omitempty"`
ProcessHeapAllocation uint64 `json:",omitempty"` // bytes allocated by this process's heap
ProcessSysReserved uint64 `json:",omitempty"` // total bytes obtained from the OS
MemoryUsedPercent float64 `json:",omitempty"`
Disks []DiskStats
CPUUsage float64
CPUCount int `json:",omitempty"`
HostHash string
Net NetworkUsage `json:",omitempty"`
IO []DiskIO
VirtSystem string `json:",omitempty"` // e.g. "kvm" or "xen"
VirtRole string `json:",omitempty"` // "host" or "guest"
BuildInfo BuildInfo `json:",omitempty"` // e.g. 3.3.1
LoadAverage load.AvgStat `json:",omitempty"`
Iowait float64
}
Host statistics, used by the System Stats view in Gravwell.
type IdKitState ¶
type IdKitState struct {
UUID uuid.UUID
UID int32
GIDs []int32
Global bool
WriteAccess Access
KitState
}
type that is used when sending back lists via a ADMIN request (show uid and gid)
type IdxStatResponse ¶
type IdxStats ¶
type IdxStats struct {
UUID uuid.UUID
Error string `json:",omitempty"`
IndexStats []IndexManagerStats `json:",omitempty"`
}
func (*IdxStats) MarshalJSON ¶
type ImportInfo ¶ added in v3.7.1
type IndexManagerStats ¶
type IndexManagerStats struct {
Name string
Stats []IndexerStats
}
func (*IndexManagerStats) MarshalJSON ¶
func (m *IndexManagerStats) MarshalJSON() ([]byte, error)
type IndexerPingResponse ¶
type IndexerPingResponse struct {
Error string `json:",omitempty"`
States map[string]string `json:",omitempty"`
}
IndexerPingResponse contains a map of states for all configured indexers.
type IndexerRequest ¶
type IndexerStats ¶
type IndexerWellData ¶
type IndexerWellData struct {
UUID uuid.UUID
Wells []WellInfo
//Key is the UUID of the remote system that we have replicated data for
//the value is the list of wells and their data
Replicated map[uuid.UUID][]WellInfo
}
func (IndexerWellData) MarshalJSON ¶
func (v IndexerWellData) MarshalJSON() ([]byte, error)
func (*IndexerWellData) Sort ¶
func (iwd *IndexerWellData) Sort()
type IngestResponse ¶
type IngestStats ¶
type IngestStats struct {
QuotaUsed uint64 // Quota used so far
QuotaMax uint64 // Total quota
EntriesPerSecond float64 // Entries per second over the last few seconds
BytesPerSecond float64 // Bytes per second over the last few seconds
TotalCount uint64 //Total Entries since the ingest server started
TotalSize uint64 //Total Data since the ingest server started
LastDayCount uint64 //total entries in last 24 hours
LastDaySize uint64 //total ingested in last 24 hours
EntriesHourTail [24]uint64 //entries per 1 hour bucket with 24 hours of tail
EntriesMinuteTail [60]uint64 //entries per 1 second bucket with 60s of tail
BytesHourTail [24]uint64 //bytes per 1 hour bucket with 24 hours of tail
BytesMinuteTail [60]uint64 //bytes per 1 second bucket with 60s of tail
Ingesters []IngesterStats
Missing []ingest.IngesterState //ingesters that have been seen before but not actively connected now
}
func (IngestStats) MarshalJSON ¶
func (is IngestStats) MarshalJSON() ([]byte, error)
type IngesterStats ¶
type IngesterStats struct {
RemoteAddress string
Count uint64
Size uint64
Uptime time.Duration
Tags []string
Name string
Version string
UUID string
State ingest.IngesterState
}
func (IngesterStats) Hash ¶
func (is IngesterStats) Hash() uint64
func (IngesterStats) MarshalJSON ¶
func (is IngesterStats) MarshalJSON() ([]byte, error)
type IngesterStatsResponse ¶
type IngesterStatsResponse struct {
Error string `json:",omitempty"`
Stats map[string]IngestStats `json:",omitempty"`
}
type InstallStatus ¶
type InstallStatus struct {
Owner int32
Done bool
Percentage float64
CurrentStep string
Error string
Log string
InstallID int32
Updated time.Time
// contains filtered or unexported fields
}
func NewInstallStatus ¶
func NewInstallStatus(itemcount int, installID int32, uid int32) *InstallStatus
func (*InstallStatus) ItemDone ¶
func (i *InstallStatus) ItemDone()
func (*InstallStatus) SetDone ¶
func (i *InstallStatus) SetDone()
func (*InstallStatus) SetError ¶
func (i *InstallStatus) SetError(err error)
func (*InstallStatus) UpdateCurrentStep ¶
func (i *InstallStatus) UpdateCurrentStep(step string)
type KeyComponents ¶
type KeyComponents struct {
Keys []string
}
type KitBuildRequest ¶
type KitBuildRequest struct {
ID string
Name string
Description string
Readme string
Version uint
MinVersion CanonicalVersion `json:",omitempty"`
MaxVersion CanonicalVersion `json:",omitempty"`
Dashboards []uint64 `json:",omitempty"`
Templates []uuid.UUID `json:",omitempty"`
Pivots []uuid.UUID `json:",omitempty"`
Resources []string `json:",omitempty"`
ScheduledSearches []int32 `json:",omitempty"`
Flows []int32 `json:",omitempty"`
Macros []uint64 `json:",omitempty"`
Extractors []uuid.UUID `json:",omitempty"`
Files []uuid.UUID `json:",omitempty"`
SearchLibraries []uuid.UUID `json:",omitempty"`
Playbooks []uuid.UUID `json:",omitempty"`
Alerts []uuid.UUID `json:",omitempty"`
EmbeddedItems []KitEmbeddedItem `json:",omitempty"`
Icon string `json:",omitempty"`
Banner string `json:",omitempty"`
Cover string `json:",omitempty"`
Dependencies []KitDependency `json:",omitempty"`
ConfigMacros []KitConfigMacro
ScriptDeployRules map[int32]ScriptDeployConfig
}
the type that is used to request a kit be built
func (*KitBuildRequest) Validate ¶
func (pbr *KitBuildRequest) Validate() error
type KitBuildResponse ¶
type KitConfig ¶
type KitConfig struct {
OverwriteExisting bool `json:",omitempty"`
Global bool `json:",omitempty"`
AllowExternalResource bool `json:",omitempty"`
AllowUnsigned bool `json:",omitempty"`
InstallationGroup int32 `json:",omitempty"` // deprecated, use InstallationGroups instead
InstallationGroups []int32
InstallationWriteAccess Access
Labels []string `json:",omitempty"` // labels applied to each *item*
KitLabels []string `json:",omitempty"` // labels applied to the *kit* itself
ConfigMacros []KitConfigMacro
ScriptDeployRules map[string]ScriptDeployConfig // overrides for defaults
}
KitConfig represents rules, labels, and other configuration options used during kit installation.
type KitConfigMacro ¶
type KitConfigMacro struct {
MacroName string // The name of the macro which will be created
Description string // a verbose description of what this *does*
DefaultValue string // Should be defined at kit creation time
Value string // Set by the UI when preparing for installation
Type string // "TAG" or "OTHER"
InstalledByID string // if the macro already exists, the ID of the kit that installed it
}
type KitDependency ¶
KitDependency declares a series of kits and minimum version requirements
type KitEmbeddedItem ¶
type KitItem ¶
type KitItem struct {
Name string
Type string
ID string `json:",omitempty"` //the UUID
AdditionalInfo json.RawMessage `json:",omitempty"`
Hash [sha256.Size]byte
}
Each item in a kit (dashboard, query, etc) is represented by a KitItem object.
func (*KitItem) DescriptionString ¶
type KitItemStatus ¶ added in v3.8.22
type KitManifest ¶
type KitManifest struct {
UID int32
GIDs []int32
Global bool
WriteAccess Access
UUID uuid.UUID
Data []byte
WebserverID uuid.UUID // which webserver created this manifest: needed to manage staged manifests & on-disk kit files
Synced bool
}
the type that handles the datastore system
func (*KitManifest) Decode ¶
func (pm *KitManifest) Decode(v interface{}) (err error)
func (*KitManifest) Encode ¶
func (pm *KitManifest) Encode(v interface{}) (err error)
type KitMetadata ¶
type KitMetadata struct {
ID string
Name string
GUID string `json:",omitempty"` // DEPRECATED, TODO: remove
UUID string
Version uint
Description string
Readme string
Signed bool
AdminRequired bool
MinVersion CanonicalVersion
MaxVersion CanonicalVersion
Size int64
Created time.Time
Ingesters []string //ingesters associated with the kit
Tags []string //tags associated with the kit
Assets []KitMetadataAsset
Dependencies []KitDependency
Items []KitItem
ConfigMacros []KitConfigMacro
}
KitMetadata is a struct that is primarily served by the kit server, we use this to record info about a kit so the GUI and hint to users what kits they shoudld install.
type KitMetadataAsset ¶
type KitMetadataAsset struct {
Type string
Source string //URL
Legend string //some description about the asset
Featured bool //should be an image, will be used for cover image
Banner bool //should be an image, will be used for upper banner image
}
KitMetadataAssets are items that might be associated with kits when hosting them we use these to enable pinning additional stuff to a kit.
func (KitMetadataAsset) String ¶
func (kma KitMetadataAsset) String() (s string)
type KitModifyReport ¶ added in v3.8.22
type KitModifyReport struct {
Statuses []KitItemStatus
WasError bool
}
type KitState ¶
type KitState struct {
ID string
Name string
Description string
Readme string
UUID string
Signed bool
AdminRequired bool
MinVersion CanonicalVersion `json:",omitempty"`
MaxVersion CanonicalVersion `json:",omitempty"`
UID int32 `json:",omitempty"`
Version uint
Items []KitItem
Labels []string
Icon string //use for icon when in the context of a kit
Banner string //use for banner in a kit
Cover string //use for cover image on a kit
ModifiedItems []SourcedKitItem // Items which were installed by a previous version of the kit and have been modified by the user
ConflictingItems []KitItem // items which will overwrite a user-created object
RequiredDependencies []KitMetadata
Installed bool //true means everything was pushed in, false means it is JUST staged
InstallationTime time.Time // the time at which this kit was installed
InstallationVersion CanonicalVersion // the Gravwell version in use when this kit was installed
ConfigMacros []KitConfigMacro
Metadata json.RawMessage `json:",omitempty"`
}
The kit data type that is actually stored in the datastore
func (*KitState) RemoveItem ¶ added in v3.8.0
func (*KitState) UpdateItem ¶
type LaunchRequest ¶ added in v3.8.23
type LaunchRequest struct {
StartSearchRequest
}
LaunchRequest is a new named type so that we can abstract away the websocket launch requests from the REST requests
type LaunchResponse ¶ added in v3.8.23
type LaunchResponse struct {
SearchSessionID uuid.UUID `json:",omitempty"`
// RefreshInterval is used to convey and optionally update the minimum interval
// required in between touching a search session. This value defines how often a client
// must refresh thier search session before a search may be expired due to inactivity
RefreshInterval uint //refresh interval in seconds
// unified info that is always needed
SearchID string `json:",omitempty"`
RenderModule string `json:",omitempty"`
RenderCmd string `json:",omitempty"`
Info SearchInfo `json:",omitempty"`
}
LaunchResponse is used to respond to both Launch and Attach requests the type returns metadata about the search as well as this contains all the embedded
type LicenseDistributionStatus ¶
type LicenseDistributionStatus struct {
Status string `json:"status"`
States []LicenseIndexerStatus `json:"states,omitempty"`
// information about whether the system is allowed to run in unlicensed/free mode
UnlicensedAllowed bool `json:"unlicensed_allowed"`
// if system cannot run in unlicensed mode, a list of reasons will be provided
// they may be things like "system is configured as a cluster" or "CBAC is enabled"
DisallowUnlicensedReasons []string `json:"disallow_unlicensed_reasons,omitempty"`
}
type LicenseIndexerInfo ¶
type LicenseIndexerInfo struct {
Indexer string `json:"indexer"`
Error error `json:"error,omitempty"`
Info LicenseInfo `json:"info,omitempty"`
}
type LicenseIndexerStatus ¶
type LicenseInfo ¶
type LicenseInfo struct {
Version uint64
CustomerUUID string `json:",omitempty"`
CustomerNumber uint64
Expiration entry.Timestamp
Type LicenseType
//MaxNodes is either maximum machines for cluster type, or sockets for single type
MaxNodes uint32
Overrides FeatureOverride
Metadata []byte
NFR bool //non-commercial license override
Hash []byte
}
A LicenseInfo block represents the overall configuration for a license - the type, customer information, expiration, etc.
func (LicenseInfo) CBACEnabled ¶ added in v3.8.20
func (li LicenseInfo) CBACEnabled() bool
func (LicenseInfo) Features ¶ added in v3.8.20
func (li LicenseInfo) Features() Features
func (LicenseInfo) Get ¶
func (li LicenseInfo) Get(key string) (val interface{}, err error)
func (LicenseInfo) LogbotLLMEnabled ¶ added in v3.8.54
func (li LicenseInfo) LogbotLLMEnabled() bool
func (LicenseInfo) NoStatsEnabled ¶ added in v3.8.20
func (li LicenseInfo) NoStatsEnabled() bool
func (LicenseInfo) OverwatchEnabled ¶ added in v3.8.20
func (li LicenseInfo) OverwatchEnabled() bool
func (LicenseInfo) ReplicationEnabled ¶
func (li LicenseInfo) ReplicationEnabled() bool
func (LicenseInfo) SKU ¶
func (li LicenseInfo) SKU() string
SKU is <version><license type><max nodes>
func (LicenseInfo) SSOEnabled ¶
func (li LicenseInfo) SSOEnabled() bool
func (LicenseInfo) Serial ¶
func (li LicenseInfo) Serial() string
Serial number is a hex string composed of the following <cust number>-<version>-<license type><max nodes>-<expiration>
func (LicenseInfo) UnlimitedCPUEnabled ¶ added in v3.8.20
func (li LicenseInfo) UnlimitedCPUEnabled() bool
func (LicenseInfo) UnlimitedIngestEnabled ¶ added in v3.8.20
func (li LicenseInfo) UnlimitedIngestEnabled() bool
func (LicenseInfo) Validate ¶
func (li LicenseInfo) Validate() error
Validate ensures the license info is valid.
type LicenseType ¶
type LicenseType uint64
func ParseType ¶
func ParseType(c string) (LicenseType, error)
func (LicenseType) Abbr ¶
func (lt LicenseType) Abbr() string
func (LicenseType) AllFeatures ¶
func (lt LicenseType) AllFeatures() (r bool)
func (LicenseType) MarshalJSON ¶
func (lt LicenseType) MarshalJSON() ([]byte, error)
func (LicenseType) SingleNode ¶
func (lt LicenseType) SingleNode() (r bool)
func (LicenseType) String ¶
func (lt LicenseType) String() string
func (*LicenseType) UnmarshalJSON ¶
func (lt *LicenseType) UnmarshalJSON(v []byte) error
func (LicenseType) Valid ¶
func (lt LicenseType) Valid() bool
type LicenseUpdateError ¶
structure for license updates and warnings
type LicenseUsage ¶ added in v3.8.12
type LicenseUsage struct {
Unlimited bool // license is unlimited, nothing else will be here
Quota uint64 // license ingest limitation
Used uint64 // license ingest usage
Entries uint64 // total count of entries (does not impact license)
History []LicenseUsageBucket `json:",omitempty"`
Error error `json:",omitempty"`
}
LicenseUsage is the data structure that is handed back to indicate how much of a license quota is used and what the usage looks like over the rolling windows. Unlimited licenses will return Unlimited = true with everything else empty
type LicenseUsageBucket ¶ added in v3.8.12
type LicenseUsageBucket struct {
Start time.Time //start of this bucket
End time.Time //end of this bucket
Size uint64 //ingest bucket size
Count uint64 //ingest bucket count
}
LicenseUsageBucket is a time bucket of license quota activity A typical license tracks a 24 hour rolling window with 1 hour buckets Unlimited licenses do not track ingest at all
type LicenseUsageReport ¶ added in v3.8.12
type LicenseUsageReport struct {
Unlimited bool //every single reporting indexer has unlimited ingest OR an error, nothing to report
Indexers map[string]LicenseUsage `json:",omitempty"` // if all indexers are unlimited this won't bbe included at all
}
LicenseUsageReport is the meta structure that contains all the license tracking data for potentially many indexers The typical use cases are a single cluster with unlimited ingest, a single indexer with unlimited ingest, or a single indexer with limited ingest however, overwatch topologies may have mixed licensing across the indexers
type LoggingLevels ¶
func (*LoggingLevels) MarshalJSON ¶
func (m *LoggingLevels) MarshalJSON() ([]byte, error)
type LoginRequest ¶
type LoginResponse ¶
type MFAAuthRequest ¶ added in v3.8.35
type MFAInfo ¶ added in v3.8.35
type MFAInfo struct {
UserConfig MFAUserConfig
MFARequired bool // If true, system requires MFA
}
MFAInfo describes system-wide MFA policies as well as the user's own MFA configuration.
type MFATOTPInstallResponse ¶ added in v3.8.35
type MFATOTPInstallResponse struct {
LoginResponse
RecoveryCodes []string
}
MFATOTPInstallResponse is returned when the user has successfully configured TOTP on the webserver.
type MFATOTPSetupResponse ¶ added in v3.8.35
type MFATOTPSetupResponse struct {
QRCode []byte // PNG-encoded image
Seed string // The secret key/seed
URL string // OTP URL
}
MFATOTPSetupResponse is returned by the webserver when the user requests parameters to configure TOTP.
type MFAUserConfig ¶ added in v3.8.35
type MFAUserConfig struct {
TOTP TOTPUserConfig
RecoveryCodes RecoveryCodes
}
func (*MFAUserConfig) ClearSecrets ¶ added in v3.8.35
func (c *MFAUserConfig) ClearSecrets()
ClearSecrets blanks out any sensitive stuff within the config. Call this if there's any concern over where the object will end up.
func (*MFAUserConfig) MFAEnabled ¶ added in v3.8.35
func (c *MFAUserConfig) MFAEnabled() bool
MFAEnabled returns true if *any* MFA option is configured
func (*MFAUserConfig) MFATypesEnabled ¶ added in v3.8.35
func (c *MFAUserConfig) MFATypesEnabled() (r []AuthType)
MFATypesEnabled gives a list of the types of MFA the user has set up.
type ModuleHint ¶
type ModuleHint struct {
Name string
ProducedEVs []string
ConsumedEVs []string
ResourcesNeeded []string
Condensing bool
}
ModuleHint contain "hints" about modules, populated during the init and parse phase. Hints contain information such as what enumerated values are used and produced and what resources are needed by a given module.
type ModuleStatsUpdate ¶
type ModuleStatsUpdate struct {
InputCount, OutputCount uint64
InputBytes, OutputBytes uint64
Duration time.Duration
ScratchWritten uint64 // Bytes of scratch written
}
func (*ModuleStatsUpdate) Add ¶ added in v3.8.17
func (sms *ModuleStatsUpdate) Add(v ModuleStatsUpdate)
func (*ModuleStatsUpdate) AddIn ¶
func (sms *ModuleStatsUpdate) AddIn(count, bts uint64)
func (*ModuleStatsUpdate) AddOut ¶
func (sms *ModuleStatsUpdate) AddOut(count, bts uint64)
func (ModuleStatsUpdate) Equal ¶
func (sms ModuleStatsUpdate) Equal(t ModuleStatsUpdate) bool
func (*ModuleStatsUpdate) Size ¶
func (m *ModuleStatsUpdate) Size() (sz int64)
type NetworkUsage ¶
type NodeParseError ¶ added in v3.8.6
NodeParseError represents a single problem encountered during the parse phase, e.g. an un-set config field. Field represents which config field, if any, was the source of the problem; if unset, the error was of a more general nature.
func (NodeParseError) Error ¶ added in v3.8.6
func (f NodeParseError) Error() string
func (NodeParseError) String ¶ added in v3.8.6
func (f NodeParseError) String() string
type NodeParseFailure ¶ added in v3.8.6
type NodeParseFailure struct {
Errors []NodeParseError
}
NodeParseFailure represents all problems encountered during a node's Parse phase
func (*NodeParseFailure) AddError ¶ added in v3.8.6
func (f *NodeParseFailure) AddError(e error)
AddError registers a new error. It can take regular errors, NodeParseError, or NodeParseFailure.
func (*NodeParseFailure) ErrCount ¶ added in v3.8.6
func (f *NodeParseFailure) ErrCount() int
ErrCount returns the number of errors registered.
func (NodeParseFailure) Error ¶ added in v3.8.6
func (f NodeParseFailure) Error() string
Error returns an error string for the NodeParseFailure. It just returns the first error if there are multiple errors; to handle it better, walk the Errors array yourself.
type Notification ¶
type Notification struct {
UID int32
GID int32
Sender int32 //who sent it
Type uint32 //ID which specifies the type of notification
Broadcast bool //was this a broadcast to multiple users
Sent time.Time //when was it sent
Expires time.Time //when does it expire
IgnoreUntil time.Time //Don't display until after this time
Msg string
Origin uuid.UUID // which device sent it (currently only used on indexers)
Level string `json:",omitempty"` //generic keyword indicating how bad this notification is
Link string `json:",omitempty"`
}
func (*Notification) Expired ¶
func (n *Notification) Expired() bool
func (*Notification) Ignored ¶ added in v3.8.37
func (n *Notification) Ignored() bool
type NotificationAction ¶
type NotificationAction uint32
var ( SetBackendNotification NotificationAction = 0 ClearBackendNotification NotificationAction = 1 )
type NotificationSet ¶
type NotificationSet map[uint64]Notification
type OverviewStats ¶ added in v3.8.23
type OverviewStats struct {
//indicates where in the search span the query currently is, can be used for progress
SearchPosition entry.Timestamp
//indicates if the search is finished
Finished bool
// Indicates that the query results exceeded the on-disk storage limits.
OverLimit bool
// Indicates the range of entries that were dropped due to storage limits.
LimitDroppedRange TimeRange
// Indicates that there is some warning about the query results the user should be aware of.
// Will be empty if no warning is present.
Warning string
// For some renderers, the EntryCount accurately represents the total
// number of results available. This field is set to 'true' in that case,
// meaning the EntryCount number can be displayed alongside the results
// without confusion.
EntryCountValid bool
Stats []OverviewStatSet `json:",omitempty"`
}
type P2PRequest ¶
type P2PRequest struct {
BaseRequest
Fence Geofence `json:",omitempty"`
}
type P2PResponse ¶
type P2PResponse struct {
BaseResponse
ValueNames []string
Entries []P2PValue `json:",omitempty"`
}
type PackedPivot ¶
type PackedPivot struct {
UUID string
Name string
Description string
Data RawObject
Labels []string
}
type used for pivots in packages
func (*PackedPivot) JSONMetadata ¶
func (put *PackedPivot) JSONMetadata() (json.RawMessage, error)
type PackedUserTemplate ¶
type PackedUserTemplate struct {
UUID string
Name string
Description string
Data TemplateContents
Labels []string
}
type used for templates in packages
func (*PackedUserTemplate) JSONMetadata ¶
func (put *PackedUserTemplate) JSONMetadata() (json.RawMessage, error)
func (*PackedUserTemplate) UnmarshalJSON ¶ added in v3.7.6
func (t *PackedUserTemplate) UnmarshalJSON(data []byte) error
type ParseSearchRequest ¶
type ParseSearchRequest struct {
SearchString string
Sequence uint64
Filters []FilterRequest
}
type ParseSearchResponse ¶
type PerWellStorageStats ¶ added in v3.8.25
type PerWellStorageStats struct {
StorageStats
Accelerator string `json:"accelerator"`
Engine string `json:"engine"`
PathCold string `json:"pathCold"`
PathHot string `json:"pathHot"`
ShardCountCold uint64 `json:"shardCountCold"`
ShardCountHot uint64 `json:"shardCountHot"`
Tags []string `json:"tags"`
WellName string `json:"wellName"`
}
type Pivot ¶
type Pivot struct {
GUID uuid.UUID
Name string
Description string
Contents RawObject
Labels []string
Disabled bool
}
Pivot is what is stored in the "thing" object, it is encoded into Contents
func (Pivot) Pack ¶
func (t Pivot) Pack() (put PackedPivot)
type Playbook ¶
type Playbook struct {
UUID uuid.UUID
GUID uuid.UUID // global identifier, used to uniquely identify a playbook rather than as a key in the webstore. Sorry.
UID int32
GIDs []int32
Global bool
WriteAccess Access
Name string
Desc string
Body []byte `json:",omitempty"`
Metadata []byte `json:",omitempty"`
Labels []string
LastUpdated time.Time
Author AuthorInfo
Synced bool
}
Playbook configuration, including ownership, description, etc., as well as the playbook content.
func (Playbook) JSONMetadata ¶
func (pb Playbook) JSONMetadata() (json.RawMessage, error)
type PointmapKV ¶
func (PointmapKV) IsEmpty ¶
func (pkv PointmapKV) IsEmpty() bool
func (PointmapKV) MarshalJSON ¶
func (pkv PointmapKV) MarshalJSON() (r []byte, err error)
type PointmapRequest ¶
type PointmapRequest struct {
BaseRequest
Fence Geofence `json:",omitempty"`
}
type PointmapResponse ¶
type PointmapResponse struct {
BaseResponse
Entries []PointmapValue `json:",omitempty"`
}
type PointmapValue ¶
type PointmapValue struct {
Loc Location
Metadata []PointmapKV `json:",omitempty"`
}
type RawEnumeratedValue ¶
func (RawEnumeratedValue) String ¶ added in v3.8.6
func (rev RawEnumeratedValue) String() string
type RawObject ¶
type RawObject json.RawMessage
func (RawObject) MarshalJSON ¶
marshalling and handlers for our raw object type
func (*RawObject) UnmarshalJSON ¶
type RawRequest ¶
type RawRequest struct {
BaseRequest
}
type RawResponse ¶
type RawResponse struct {
BaseResponse
ContainsBinaryEntries bool //just a flag to tell the GUI that we might have data that needs some help
Entries []SearchEntry `json:",omitempty"`
Explore []ExploreResult `json:",omitempty"`
}
func (RawResponse) MarshalJSON ¶
func (rr RawResponse) MarshalJSON() ([]byte, error)
type RecoveryCodes ¶ added in v3.8.35
type RecoveryCodes struct {
Enabled bool
Codes []string `json:"-"`
Remaining int // how many codes are left
Generated time.Time
}
func GenerateRecoveryCodes ¶ added in v3.8.35
func GenerateRecoveryCodes(count int) (RecoveryCodes, error)
type RenderModuleInfo ¶
func (*RenderModuleInfo) MarshalJSON ¶
func (m *RenderModuleInfo) MarshalJSON() ([]byte, error)
type ResourceContentType ¶
type ResourceList ¶
type ResourceList struct {
List []ResourceMetadata
Domain int16
}
This is used for client->server resource sync operations, basically "I am a webserver from domain <Domain>, here's what I have (<List>), delete anything in my domain that's not on the list".
type ResourceMetadata ¶
type ResourceMetadata struct {
UID int32 // owner
GUID string // unique ID for this resource
Domain int16 // The webserver domain of this resource. Only webservers in this domain can access it.
LastModified time.Time // time resource was modified, including metadata
VersionNumber int // resource version #, increment at each Write
GroupACL []int32 // GIDs which can access the resource
Global bool // if Global is set, any user can read the resource.
ResourceName string
Description string
Size uint64
Hash []byte
Synced bool // Set to true if this version is on the datastore, false otherwise
Labels []string // the backend doesn't really care about these, it's the GUI's problem
}
func (ResourceMetadata) Equal ¶
func (m1 ResourceMetadata) Equal(m2 ResourceMetadata) bool
Equal returns true of both ResourceMetadata objects are identical.
func (ResourceMetadata) String ¶
func (m ResourceMetadata) String() string
type ResourceUpdate ¶
type ResourceUpdate struct {
Metadata ResourceMetadata
Data []byte
// contains filtered or unexported fields
}
func (*ResourceUpdate) Bytes ¶ added in v3.8.1
func (ru *ResourceUpdate) Bytes() (b []byte)
Bytes returns a byte slice no matter what the underlying storage is if the ResourceUpdate is using a readCloser then it performs a complete read and returns a byte slice. If the reader points to a large resource this may require significant resources
func (*ResourceUpdate) Close ¶ added in v3.8.1
func (ru *ResourceUpdate) Close()
Close is a safe method to make sure that ReadClosers and Byte Buffers are wiped out
func (*ResourceUpdate) SetStream ¶ added in v3.8.1
func (ru *ResourceUpdate) SetStream(rc io.ReadCloser)
SetStream will set the resource update to use a read closer instead of static bytes we do not export the ReadCloser because gob can't handle it
func (*ResourceUpdate) Stream ¶ added in v3.8.1
func (ru *ResourceUpdate) Stream() io.Reader
Stream generates a io.Reader from either the underlying reader or the Data byte slice
type SaveSearchPatch ¶ added in v3.8.26
type SaveSearchPatch struct {
SearchLaunchInfo
// these are the supported fields in the free form search metadata; these are used by the GUI
Name string `json:"name,omitempty"`
Notes string `json:"notes,omitempty"`
}
func (SaveSearchPatch) GetMetadata ¶ added in v3.8.26
func (p SaveSearchPatch) GetMetadata() json.RawMessage
func (SaveSearchPatch) MergeLaunchInfo ¶ added in v3.8.26
func (p SaveSearchPatch) MergeLaunchInfo(li *SearchLaunchInfo) (changed bool)
type ScheduledError ¶ added in v3.8.16
type ScheduledSearch ¶
type ScheduledSearch struct {
Synced bool
ID int32
GUID uuid.UUID
Groups []int32
Global bool
WriteAccess Access
Name string // the name of this scheduled search
Description string // freeform description
Labels []string
Owner int32 // uid of owner
Schedule string // when to run: a cron spec
Timezone string // a location to use for the timezone, e.g. "America/New_York"
Updated time.Time
Disabled bool
// These values are used for debug/testing runs
OneShot bool // Set this flag to 'true' to make the search fire ONCE
DebugMode bool // set this to true to enable debug mode
DebugEvent *Event // If provided, this will be inserted as `event` into the flow payload.
// if true, search agent will attempt to "backfill" missed runs since
// the more recent of Updated or LastRun.
BackfillEnabled bool
// This sets what kind of scheduled "thing" it is: search, script, or flow
ScheduledType string
// Fields for scheduled searches
SearchReference uuid.UUID // A reference to a saved query item by UUID. If SearchString is populated on a GET, it represents the query referenced by SearchReference.
SearchString string // The actual search to run. If SearchReference is populated on a GET, SearchString represents the query referenced by SearchReference.
Duration int64 // How many seconds back to search, MUST BE NEGATIVE
SearchSinceLastRun bool // If set, ignore Duration and run from last run time to now.
TimeframeOffset int64 // How many seconds to offset the search timeframe, MUST BE NEGATIVE.
// For scheduled scripts
Script string // If set, execute the contents rather than running SearchString
ScriptLanguage ScriptLang // what script type is this: anko, go
// For scheduled flows
Flow string // The flow specification itself
FlowNodeResults map[int]FlowNodeResult // results for each node in the flow
// These fields are updated by the search agent after it runs a search
PersistentMaps map[string]map[string]interface{}
LastRun time.Time
LastRunDuration time.Duration // how many nanoseconds did it take
LastSearchIDs []string // the IDs of the most recently performed searches
LastError string // any error from the last run of the scheduled search
ErrorHistory []ScheduledError // a list of previously-occurring errors
DebugOutput []byte // output of the script if debugmode was enabled
}
ScheduledSearch represents a scheduled search, including rules, description, etc.
func FindMostRelevantAutomation ¶ added in v3.8.30
func FindMostRelevantAutomation(ud UserDetails, guid uuid.UUID, automations []ScheduledSearch) (result ScheduledSearch, ok bool)
FindMostRelevantAutomation resolves the appropriate ScheduledSearch automation (scheduled search, script, or flow) for the given user based on the specified GUID.
func (*ScheduledSearch) Dedup ¶
func (ss *ScheduledSearch) Dedup()
func (ScheduledSearch) Equal ¶
func (s ScheduledSearch) Equal(v ScheduledSearch) bool
func (*ScheduledSearch) TypeName ¶
func (ss *ScheduledSearch) TypeName() string
type ScriptDeployConfig ¶
type ScriptLang ¶ added in v3.8.3
type ScriptLang uint
func ParseScriptLang ¶ added in v3.8.3
func ParseScriptLang(v string) (l ScriptLang, err error)
func (ScriptLang) String ¶ added in v3.8.3
func (sl ScriptLang) String() string
func (ScriptLang) Valid ¶ added in v3.8.3
func (sl ScriptLang) Valid() (err error)
type SearchAgentCheckin ¶ added in v3.8.31
type SearchAgentConfig ¶
type SearchAgentConfig struct {
Searchagent_UUID string
Webserver_Address []string
Insecure_Skip_TLS_Verify bool
Insecure_Use_HTTP bool
Search_Agent_Auth string
Scratch_Path string
Max_Script_Run_Time int64 // minutes!
Log_File string
Log_Level string
Disable_Network_Script_Functions bool // disables "risky" scripting functions (network stuff)
Disable_Self_Ingest bool // disables ingesting search agent logs to indexers
HTTP_Proxy string
}
type SearchCtrlStatus ¶
type SearchCtrlStatus struct {
ID string
UID int32
GID int32 // deprecated, use GIDs instead
GIDs []int32
Global bool
State string
AttachedClients int
StoredData int64
UserQuery string
EffectiveQuery string
StartRange time.Time
EndRange time.Time
NoHistory bool
Import ImportInfo
LaunchInfo SearchLaunchInfo
Error string `json:",omitempty"`
}
type SearchEntry ¶
type SearchEntry struct {
TS entry.Timestamp
SRC net.IP
Tag entry.EntryTag
Data []byte
Enumerated []EnumeratedPair
}
Search entry is the entry that makes it out of the search pipeline.
func (SearchEntry) Equal ¶
func (se SearchEntry) Equal(v SearchEntry) bool
Return true if both SearchEntry objects are equal.
func (SearchEntry) GetEnumerated ¶
func (se SearchEntry) GetEnumerated(name string) (val string, ok bool)
Return the string representation of an enumerated value in a SearchEntry.
func (SearchEntry) String ¶ added in v3.8.6
func (se SearchEntry) String() string
String implements the Stringer interface
type SearchHints ¶
type SearchHints struct {
CollapsingIndex int // index of the first collapsed module
RenderModule string `json:",omitempty"`
TimeZoomDisabled bool //Renderer does not support zooming around data based on time
Tags []string //the tags involved in the search
ModuleHints []ModuleHint
}
type SearchInfo ¶
type SearchInfo struct {
ID string //ID of the search
UID int32 //UID of the user that actually kicked off the search
GID int32 `json:",omitempty"` //Group ID the search was assigned to, deprecated, use GIDs instead
GIDs []int32
Global bool
UserQuery string //query provided by the user on search
EffectiveQuery string //the effective query that was actually used
StartRange time.Time //start time range
EndRange time.Time //end time range
Descending bool //the direction the search is progressing (Descending is the standard)
Started time.Time //time when the search was kicked off
LastUpdate time.Time //last timestamp we saw (tells us where indexers are working)
Duration time.Duration //Amount of time required to complete the search
StoreSize int64 //size of the main storage file
IndexSize int64 //size of an extra index file
ItemCount int64 //How many items have been stored
TimeZoomDisabled bool //Renderer does not support zooming around data based on time
QueryTimeSpecified bool // True if the query contains start/end constraints
RenderDownloadFormats []string `json:",omitempty"`
Metadata json.RawMessage `json:",omitempty"` //additional metadata associated with a search
Name string `json:",omitempty"`
CollapsingIndex int
NoHistory bool // set to true if this search was launched with the "no history" flag, typically means it is an automated search.
Background bool // set to true if this search has been marked as backgrounded.
MinZoomWindow uint // what is the smallest minimum zoom window in seconds
Tags []string
Import ImportInfo `json:",omitempty"` //information attached if there this search is saved and from an external import
// Preview indicates that this search is a preview search
// this means that the query most likely did not cover the entire time range that was originally requested
// A preview search is used when a user is trying to understand what they have or establish AX relationships
Preview bool
// Error is set if the search ended in the ERROR state.
Error string `json:",omitempty"`
LaunchInfo SearchLaunchInfo // information about how a search was launched
}
SearchInfo contains information about a search, including the search parameters, status, and metadata.
func (SearchInfo) MarshalJSON ¶
func (si SearchInfo) MarshalJSON() ([]byte, error)
custom Marshallers
func (SearchInfo) StorageSize ¶
func (si SearchInfo) StorageSize() int64
func (*SearchInfo) UnmarshalJSON ¶
func (si *SearchInfo) UnmarshalJSON(data []byte) error
type SearchLaunchInfo ¶ added in v3.8.26
type SearchLaunchInfo struct {
//what launched the search, manual, directquery, scheduledsearch, etc...
Method string `json:"method,omitempty"`
// Reference is the UUID, ID, etc. of the thing that launched the search
// this is blank for manual queries
Reference string `json:"reference,omitempty"`
// Started is the timestamp of when the search was started. This is used to inform
// the GUI and/or clients on when the query was actually started.
Started time.Time `json:"started,omitempty"`
// Expires marks when when the search should expire/be deleted,
// it may be the zero value which means never
Expires time.Time `json:"expires,omitempty"`
}
type SearchLibrary ¶
type SearchLibrary struct {
Name string
Description string
Query string `json:",omitempty"`
GUID uuid.UUID
Labels []string `json:",omitempty"`
Metadata RawObject `json:",omitempty"`
}
SearchLibrary is a structure to store a search string and optional set of info The GUI uses this to build up a search library with info about a search
func (SearchLibrary) Equal ¶
func (psl SearchLibrary) Equal(other SearchLibrary) (ok bool)
func (SearchLibrary) JSONMetadata ¶
func (sl SearchLibrary) JSONMetadata() (json.RawMessage, error)
type SearchLog ¶
type SearchMacro ¶
type SearchMetadata ¶
type SearchMetadata struct {
ValueStats []SearchMetadataEntry `json:",omitempty"`
SourceStats []SourceMetadataEntry `json:",omitempty"`
TagStats map[string]uint `json:",omitempty"`
}
type SearchMetadataEntry ¶
type SearchMetadataEntry struct {
Name string
Type string
Number SearchMetadataNumber `json:",omitempty"`
Raw SearchMetadataRaw `json:",omitempty"`
}
type SearchMetadataNumber ¶
type SearchMetadataRaw ¶
type SearchModuleInfo ¶
type SearchModuleStats ¶
type SearchModuleStats struct {
ModuleStatsUpdate
Name, Args string
// contains filtered or unexported fields
}
func (SearchModuleStats) Equal ¶
func (sms SearchModuleStats) Equal(t SearchModuleStats) bool
func (SearchModuleStats) JSON ¶
func (sms SearchModuleStats) JSON() ([]byte, error)
func (*SearchModuleStats) ResetCounters ¶
func (s *SearchModuleStats) ResetCounters()
func (*SearchModuleStats) Size ¶
func (s *SearchModuleStats) Size() int64
type SearchModuleStatsUpdate ¶
type SearchModuleStatsUpdate struct {
Stats []SearchModuleStats
TS entry.Timestamp
}
func (*SearchModuleStatsUpdate) Add ¶
func (s *SearchModuleStatsUpdate) Add(smsu *SearchModuleStatsUpdate) error
func (*SearchModuleStatsUpdate) AddUpdate ¶
func (s *SearchModuleStatsUpdate) AddUpdate(mu []ModuleStatsUpdate) error
func (*SearchModuleStatsUpdate) Append ¶
func (s *SearchModuleStatsUpdate) Append(sms SearchModuleStats)
func (SearchModuleStatsUpdate) Copy ¶
func (s SearchModuleStatsUpdate) Copy() SearchModuleStatsUpdate
func (*SearchModuleStatsUpdate) CopyZero ¶
func (s *SearchModuleStatsUpdate) CopyZero() SearchModuleStatsUpdate
CopyZero hands back a SearchModuleStatsUpdate structure zeroed out with ONLY the TS and the module names we use this for one-off search modules that relay stats in a strange manner due to condensing
func (*SearchModuleStatsUpdate) IsNull ¶
func (s *SearchModuleStatsUpdate) IsNull() bool
func (*SearchModuleStatsUpdate) MarshalJSON ¶
func (m *SearchModuleStatsUpdate) MarshalJSON() ([]byte, error)
func (*SearchModuleStatsUpdate) ResetCounters ¶
func (s *SearchModuleStatsUpdate) ResetCounters()
func (*SearchModuleStatsUpdate) Size ¶
func (s *SearchModuleStatsUpdate) Size() (sz int64)
type SearchSessionIntervalUpdate ¶ added in v3.8.23
type SearchSessionIntervalUpdate struct {
Interval uint
}
type SearchStatsRequest ¶
type SearchStatsRequest struct {
SetCount int64 `json:",omitempty"`
SetStart entry.Timestamp `json:",omitempty"`
SetEnd entry.Timestamp `json:",omitempty"`
Addendum json.RawMessage `json:",omitempty"`
}
func (SearchStatsRequest) MarshalJSON ¶
func (ssr SearchStatsRequest) MarshalJSON() ([]byte, error)
type SearchStatsResponse ¶
type SearchStatsResponse struct {
Addendum json.RawMessage `json:",omitempty"`
RangeStart entry.Timestamp `json:",omitempty"`
RangeEnd entry.Timestamp `json:",omitempty"`
Current entry.Timestamp `json:",omitempty"`
Set []StatSet `json:",omitempty"`
OverviewSet []OverviewStatSet `json:",omitempty"`
Size int `json:",omitempty"`
}
func (SearchStatsResponse) MarshalJSON ¶
func (ssr SearchStatsResponse) MarshalJSON() ([]byte, error)
type Secret ¶ added in v3.8.8
type Secret struct {
ID uuid.UUID `json:"id"`
Name string `json:"name"`
Desc string `json:"description"`
UID int32 `json:"uid"`
Groups []int32 `json:"groups,omitempty"`
Global bool `json:"global"`
Created time.Time `json:"created"`
}
Secret is the metadata associated with a secret, it contains ownership information but not the associated value
type SecretCreate ¶ added in v3.8.8
type SecretCreate struct {
Name string `json:"name"`
Desc string `json:"description"`
Groups []int32 `json:"groups,omitempty"`
Global bool `json:"global"`
Value string `json:"value"`
}
SecretCreate is the structure used to ask the API to make a new secret, only the request parameters are present
type SecretFull ¶ added in v3.8.8
SecretFull represents the full secret including its value. This type is not sent through any traditional APIs
type Session ¶
type Session struct {
ID uint64 `json:",omitempty"`
JWT string `json:",omitempty"`
UID int32 `json:",omitempty"`
Origin net.IP
LastHit time.Time
UDets *UserDetails `json:",omitempty"`
TempSession bool
Synced bool
}
AuthSession contains all the information needed to authenticate.
func DecodeSession ¶
type ShardInfo ¶
type ShardInfo struct {
Name string
Start time.Time
End time.Time
Entries uint64 //number of entries in the shard
Size uint64 //raw size of data in the shard
Stored uint64 //actual disk usage of the shard
RemoteState ReplicationState `json:",omitempty"`
Cold bool //true if the shard is in the code storage
}
func (ShardInfo) MarshalJSON ¶ added in v3.8.2
custom marshaller to deal with the fact that the json marshaller can't handle the "empty" uuid value
type SortableSearchLog ¶
type SortableSearchLog []SearchLog
func (SortableSearchLog) Len ¶
func (s SortableSearchLog) Len() int
func (SortableSearchLog) Less ¶
func (s SortableSearchLog) Less(i, j int) bool
func (SortableSearchLog) Swap ¶
func (s SortableSearchLog) Swap(i, j int)
type SourceMetadataEntry ¶
type SourcedKitItem ¶
SourcedKitItem is wraps a KitItem with additional information regarding the kit's version and origin.
type StackGraphRequest ¶
type StackGraphRequest struct {
BaseRequest
}
type StackGraphResponse ¶
type StackGraphResponse struct {
BaseResponse
Entries []StackGraphSet
}
type StackGraphSet ¶
type StackGraphSet struct {
Key string
Values []StackGraphValue
}
func (*StackGraphSet) Magnitude ¶
func (sgs *StackGraphSet) Magnitude() (v int64)
type StackGraphValue ¶
type StartSearchAck ¶
type StartSearchAck struct {
Ok bool
OutputSearchSubproto string `json:",omitempty"`
OutputStatsSubproto string `json:",omitempty"`
}
Once a search has begin, an ACK is sent.
type StartSearchRequest ¶
type StartSearchRequest struct {
SearchString string
SearchStart string
SearchEnd string
Background bool
NoHistory bool `json:",omitempty"`
//Preview indicates that the renderer should only capture enough to show some usage of data
//A raw, text, hex renderer will grab a few hundred or thousand entries
//charts will grab enough to draw something useful
//everything else will get "enough"
Preview bool `json:",omitempty"`
//NonTemporal is used to hint that we do not want this query to be temporal IF POSSIBLE
//some queries cannot respect this, but things like table and some charts can
NonTemporal bool `json:",omitempty"`
Metadata json.RawMessage `json:",omitempty"`
Addendum json.RawMessage `json:",omitempty"`
Name string `json:",omitempty"`
Filters []FilterRequest
LaunchInfo SearchLaunchInfo // information about how a search was launched
// Sharing parameters
GIDs []int32
Global bool
}
StartSearchRequest represents a search that is sent to the search controller in the webserver.
type StartSearchResponse ¶
type StartSearchResponse struct {
Error string `json:",omitempty"`
// what the user typed
RawQuery string `json:",omitempty"`
//what the actual search being processed is after attaching render module
SearchString string `json:",omitempty"`
RenderModule string `json:",omitempty"`
RenderCmd string `json:",omitempty"`
OutputSearchSubproto string `json:",omitempty"`
SearchID string `json:",omitempty"`
SearchStartRange time.Time `json:",omitempty"`
SearchEndRange time.Time `json:",omitempty"`
Background bool `json:",omitempty"`
NonTemporal bool `json:",omitempty"`
CollapsingIndex int // index of the first collapsed module
Metadata json.RawMessage `json:",omitempty"`
Addendum json.RawMessage `json:",omitempty"`
LaunchInfo SearchLaunchInfo // information about how a search was launched
QueryTimeSpecified bool `json:",omitempty"` // True if the query itself specifies the time spec
SearchHints
// Sharing parameters
GIDs []int32
Global bool
}
The webserver responds yay/nay plus new subprotocols if the search is valid. SearchStartRange and SearchEndRange should be strings in RFC3339Nano format
type StatSet ¶
type StatSet struct {
Stats []SearchModuleStats
TS entry.Timestamp
// contains filtered or unexported fields
}
func (*StatSet) AddParts ¶
func (ss *StatSet) AddParts(ts entry.Timestamp, stats []SearchModuleStats)
func (*StatSet) AddStats ¶
func (ss *StatSet) AddStats(stats []SearchModuleStats)
func (*StatSet) MarshalJSON ¶
type StatsRequest ¶
type StatsRequest struct {
BaseRequest
}
We have a generic StatsRequest type that ONLY implements the BaseRequest. This is so that clients can ask about stats without knowing about specific renderers.
type StatsResponse ¶
type StatsResponse struct {
BaseResponse
}
type StatsUpdate ¶
type StatsUpdate struct {
Stats *SearchModuleStatsUpdate
ClientID string
}
type StorageStats ¶ added in v3.8.25
type StorageStats struct {
CoverageStart time.Time `json:"coverageStart"`
CoverageEnd time.Time `json:"coverageEnd"`
DataIngestedHot uint64 `json:"dataIngestedHot"`
DataIngestedCold uint64 `json:"dataIngestedCold"`
DataStoredHot uint64 `json:"dataStoredHot"`
DataStoredCold uint64 `json:"dataStoredCold"`
EntryCountHot uint64 `json:"entryCountHot"`
EntryCountCold uint64 `json:"entryCountCold"`
}
type StoredBuildRequest ¶
type StoredBuildRequest struct {
UID int32
KitBuildRequest
BuildDate time.Time
}
this is what we store in the datastore
type StringTagEntry ¶
type StringTagEntry struct {
TS time.Time
Tag string
SRC net.IP
Data []byte
Enumerated []EnumeratedPair
}
Used for scripting and ingesting entries via the webserver.
func (StringTagEntry) Equal ¶
func (se StringTagEntry) Equal(v StringTagEntry) bool
Return true if both StringTagEntry objects are equal.
func (StringTagEntry) GetEnumerated ¶
func (se StringTagEntry) GetEnumerated(name string) (val string, ok bool)
Return the string representation of an enumerated value in a StringTagEntry.
func (StringTagEntry) String ¶ added in v3.8.6
func (se StringTagEntry) String() string
String implements the fmt.Stringer
type SysDescResp ¶
type SysDescResp struct {
Error string `json:",omitempty"`
Descriptions map[string]SysInfo `json:",omitempty"`
}
SysDescResp contains a map of SysInfo (used in the System Overview) objects for each connected system in a Gravwell deployment.
type SysInfo ¶
type SysInfo struct {
VirtSystem string `json:",omitempty"` // e.g. "kvm" or "xen"
VirtRole string `json:",omitempty"` // "host" or "guest"
CPUCount int `json:",omitempty"`
CPUModel string `json:",omitempty"`
CPUMhz string `json:",omitempty"`
CPUCache string `json:",omitempty"`
TotalMemoryMB uint64 `json:",omitempty"`
SystemVersion string `json:",omitempty"`
Error string `json:",omitempty"`
}
System information as displayed in the System Overview in Gravwell.
func (SysInfo) MarshalJSON ¶
type SysStatResponse ¶
type SysStats ¶
type SysStats struct {
Error string `json:",omitempty"`
Stats *HostSysStats `json:",omitempty"`
}
type TOTPUserConfig ¶ added in v3.8.35
type TableRequest ¶
type TableRequest struct {
BaseRequest
}
type TableResponse ¶
type TableResponse struct {
BaseResponse
Entries TableValueSet
}
type TableRow ¶
func (TableRow) MarshalJSON ¶
type TableRowSet ¶
type TableRowSet []TableRow
type TableValueSet ¶
type TableValueSet struct {
Columns []string
Rows TableRowSet
}
func (*TableValueSet) Compare ¶
func (t *TableValueSet) Compare(u *TableValueSet) (cols bool, rows bool, idx int)
Compare a table to this one. Return false on cols/rows if they do not match. If rows do not match, idx will have the index of the first offending row.
func (TableValueSet) MarshalJSON ¶
func (t TableValueSet) MarshalJSON() ([]byte, error)
type TagAccess ¶
type TagAccess struct {
Grants []string //Grants specify tag names and/or globbing patterns which represent allowed tags
}
TagAccess is the structure that holds a set of grants to tags. a Grant can be a specific tag name or a globbing patttern
func AllTagAccess ¶ added in v3.8.20
func AllTagAccess() TagAccess
func (TagAccess) MarshalJSON ¶ added in v3.8.20
type TemplateContents ¶ added in v3.7.4
type TemplateContents struct {
Query string `json:"query,omitempty"`
Variables []TemplateVariable `json:"variables"`
}
TemplateContents is what goes in the template's Contents field. This is entirely the domain of the GUI.
type TemplateVariable ¶ added in v3.7.4
type TextRequest ¶
type TextRequest struct {
BaseRequest
}
type TextResponse ¶
type TextResponse struct {
BaseResponse
Entries []SearchEntry `json:",omitempty"`
Explore []ExploreResult `json:",omitempty"`
}
func (TextResponse) MarshalJSON ¶
func (tr TextResponse) MarshalJSON() ([]byte, error)
type Thing ¶
type Thing struct {
UUID uuid.UUID
UID int32
GIDs []int32
Global bool
WriteAccess Access
Contents []byte
Updated time.Time
Synced bool
}
Things are stored in the datastore, a common class of blobs.
func (*Thing) DecodeContents ¶
func (*Thing) EncodeContents ¶
func (*Thing) Header ¶
func (t *Thing) Header() ThingHeader
type ThingHeader ¶
type TimeRange ¶
type TimeRange struct {
StartTS entry.Timestamp `json:",omitempty"`
EndTS entry.Timestamp `json:",omitempty"`
}
func (*TimeRange) RoundToSecond ¶
func (tr *TimeRange) RoundToSecond()
func (*TimeRange) UnmarshalJSON ¶
type Token ¶ added in v3.8.5
type Token struct {
ID uuid.UUID `json:"id"`
Name string `json:"name"`
Desc string `json:"description"`
UID int32 `json:"uid"`
Created time.Time `json:"createdAt"`
Expires time.Time `json:"expiresAt,omitempty"`
Capabilities []string `json:"capabilities"`
}
Token is a complete API compatible token, it contains ownership information and all capabilities associated with the token
func (Token) CapabilitiesString ¶ added in v3.8.6
CapabilitiesString returns a human friendly space delimited list of capabilities
func (Token) Expired ¶ added in v3.8.6
Expired returns whether a token is expired or not, if no expiration is set then the token is not expired
func (Token) ExpiresString ¶ added in v3.8.6
ExpiresString returns a human friendly string of when a token expires
type TokenCreate ¶ added in v3.8.5
type TokenCreate struct {
Name string `json:"name"`
Desc string `json:"description"`
Expires time.Time `json:"expiresAt,omitempty"`
Capabilities []string `json:"capabilities"`
}
TokenCreate is the structure used to ask the API to make a new token, only the request parameters are present
type TokenFull ¶ added in v3.8.5
TokenFull represents the response value for a token create request this type is the only type that contains the token value and is ONLY provided when creating a new token
type TokenFullWire ¶ added in v3.8.5
TokenFullWire is the internal type for storing token values
type TokenSigningKey ¶
type UpdateUser ¶
type UserAddGroups ¶
type UserAddGroups struct {
GIDs []int32
}
func (*UserAddGroups) MarshalJSON ¶
func (uag *UserAddGroups) MarshalJSON() ([]byte, error)
type UserBackup ¶
type UserBackup struct {
Groups []GroupDetails
Users []UserDetails
}
func (*UserBackup) ClearSynced ¶
func (ub *UserBackup) ClearSynced()
type UserDefaultSearchGroup ¶
type UserDefaultSearchGroup struct {
GID int32
}
type UserDetails ¶
type UserDetails struct {
UID int32
User string
Name string
Email string
Admin bool
Locked bool
TS time.Time `json:",omitempty"`
DefaultGID int32 `json:",omitempty"`
Groups []GroupDetails
MFA MFAUserConfig
Hash []byte `json:"-"` //do not include in API responses
Synced bool
CBAC CBACRules `json:"-"` //do not include in API responses
SSOUser bool // set true if user is managed via SSO
}
func (*UserDetails) CanModify ¶
func (ud *UserDetails) CanModify(uid int32) bool
CanModify returns true if the user is allowed to modify or delete something with the specified UID ownership
func (*UserDetails) CanRead ¶
func (ud *UserDetails) CanRead(uid int32, gids []int32) bool
CanRead returns true if the user is allowed to read something with the specified UID and GID ownerships, taking into account the Admin flag on the user.
func (*UserDetails) CapabilityList ¶ added in v3.8.6
func (ud *UserDetails) CapabilityList() []CapabilityDesc
CapabilityList creates a comprehensive list of capabilities the user has access to based on their direct and group assignments
func (*UserDetails) ClearSecrets ¶ added in v3.8.35
func (ud *UserDetails) ClearSecrets()
ClearSecrets blanks out any sensitive stuff within the struct. Call this if there's any concern over where the object will end up.
func (*UserDetails) FilterTags ¶ added in v3.8.6
func (ud *UserDetails) FilterTags(all []string) (r []string)
func (*UserDetails) GIDs ¶
func (ud *UserDetails) GIDs() []int32
func (*UserDetails) GroupNames ¶
func (ud *UserDetails) GroupNames() (gps []string)
func (*UserDetails) GroupTagAccess ¶
func (ud *UserDetails) GroupTagAccess() (r []TagAccess)
func (*UserDetails) HasCapability ¶ added in v3.8.6
func (ud *UserDetails) HasCapability(c Capability) bool
HasCapability returns whether the user has access to a given capability
func (*UserDetails) HasTagAccess ¶ added in v3.8.6
func (ud *UserDetails) HasTagAccess(tg string) (allowed bool)
func (*UserDetails) InAllGroups ¶
func (ud *UserDetails) InAllGroups(gids []int32) bool
func (*UserDetails) InGroup ¶
func (ud *UserDetails) InGroup(gid int32) bool
func (UserDetails) MarshalJSON ¶
func (u UserDetails) MarshalJSON() ([]byte, error)
marshaller hacks to get it to return [] on empty lists
func (*UserDetails) UserCanRead ¶
func (ud *UserDetails) UserCanRead(uid int32, gids []int32) bool
UserCanRead returns true if the user is allowed to read something without respect to the admin, basically if owner or in groups
type UserFile ¶
type UserFile struct {
GUID uuid.UUID
Name string
Desc string
Contents []byte `json:",omitempty"`
Labels []string
}
UserFile is what is actually stored in the thing object, it is encoded into contents
func (*UserFile) JSONMetadata ¶
func (uf *UserFile) JSONMetadata() (json.RawMessage, error)
type UserFileDetails ¶
type UserFileDetails struct {
GUID uuid.UUID
ThingUUID uuid.UUID
UID int32
GIDs []int32
Global bool
WriteAccess Access
Size int64 //size of the file
Type string //content type as determined by the http content type detector
Name string
Desc string
Updated time.Time
Labels []string
}
UserFileDetails is a structure that is used to relay additional ownership information about a UserFile object This structure is populated via the things metadata, and does not contain any of the contents
func (*UserFileDetails) String ¶
func (ufd *UserFileDetails) String() string
type UserMail ¶
type UserMailAttachment ¶
func (UserMailAttachment) Validate ¶
func (uma UserMailAttachment) Validate() error
type UserMailConfig ¶
type UserPreference ¶
type UserPreferences ¶
type UserPreferences []UserPreference
func (UserPreferences) MarshalJSON ¶
func (ups UserPreferences) MarshalJSON() ([]byte, error)
type UserSessions ¶
func (*UserSessions) MarshalJSON ¶
func (s *UserSessions) MarshalJSON() ([]byte, error)
type UserTemplate ¶
type UserTemplate struct {
GUID uuid.UUID
Name string
Description string
Contents TemplateContents
Labels []string
}
UserTemplate is what is stored in the "thing" object, it is encoded into Contents
func (UserTemplate) Pack ¶
func (t UserTemplate) Pack() (put PackedUserTemplate)
func (UserTemplate) WireUserTemplate ¶
func (t UserTemplate) WireUserTemplate(thing Thing) WireUserTemplate
type ValidationProblem ¶ added in v3.8.23
type ValidationProblem struct {
Name string // the path in question
Type string // the type we were attempting to convert to
Error string // A descriptive message as to what went wrong
}
ValidationProblem describes a field which was specified in the schema but is either: 1. Missing from the dispatcher's output, or 2. Unable to be converted to the type specified in the schema
type VersionInfo ¶
type WellInfo ¶
type WellInfo struct {
ID string // unique identifier constructed from the indexer UUID and the well name
Name string
Tags []string
Shards []ShardInfo
Accelerator string `json:",omitempty"`
Engine string `json:",omitempty"`
Path string `json:",omitempty"` //hot storage location
ColdPath string `json:",omitempty"` //cold storage location
}
func (WellInfo) MarshalJSON ¶
type WirePivot ¶
type WirePivot struct {
ThingHeader
GUID uuid.UUID
Name string
Description string
Updated time.Time
Contents RawObject
Labels []string
Disabled bool
}
WirePivot is constructed from the Pivot and the details in the Thing struct. This is what we send to the user via the API.
type WireSearchLibrary ¶
type WireSearchLibrary struct {
ThingHeader
SearchLibrary
Can Actions
Updated time.Time
}
WireSearchLibrary is what we actually send back and forth over the API
func (WireSearchLibrary) Thing ¶
func (wsl WireSearchLibrary) Thing() (t Thing, err error)
type WireUserFile ¶
type WireUserFile struct {
ThingHeader
UserFile
Updated time.Time
}
func (WireUserFile) Thing ¶
func (w WireUserFile) Thing() (t Thing, err error)
type WireUserTemplate ¶
type WireUserTemplate struct {
ThingHeader
GUID uuid.UUID
Name string
Description string
Contents TemplateContents
Updated time.Time
Labels []string
}
WireUserTemplate is constructed from the UserTemplate and the details in the Thing struct. This is what we send to the user via the API.
func (WireUserTemplate) Thing ¶
func (w WireUserTemplate) Thing() (t Thing, err error)
func (WireUserTemplate) UserTemplate ¶
func (w WireUserTemplate) UserTemplate() (ut UserTemplate)
type WordOffset ¶ added in v3.8.12
type WordOffset [2]int
A WordOffset contains two byte indexes into a string, denoting the location of a "word" within that string. The usual substring convention is followed, so the WordOffset of "foo" in "foo bar" is WordOffset{0, 3}, or in standard notation [0, 3).
Source Files
¶
- ai.go
- alert.go
- api.go
- autoextract.go
- backup.go
- cbac.go
- cbac_templates.go
- chart.go
- dashboard.go
- event.go
- fdg.go
- host.go
- kits.go
- license.go
- manage.go
- maps.go
- playbooks.go
- render.go
- resource.go
- scheduledsearch.go
- search.go
- searchentry.go
- searchlog.go
- secrets.go
- stackgraph.go
- stats.go
- table.go
- text.go
- things.go
- users.go
Directories
Click to show internal directories.
Click to hide internal directories.