v3.8.24 Latest Latest

This package is not in the latest version of its module.

Go to latest
Published: Oct 12, 2023 License: BSD-2-Clause Imports: 25 Imported by: 0




View Source
const (
	//MAJOR API VERSIONS should always be compatible, there just may be
	//additional features
View Source
const (
	IngestCat         = `Data Ingest`
	SearchCat         = `Search`
	ActionablesCat    = `Actionables`
	DashboardsCat     = `Dashboards`
	ExtractorsCat     = `Extractors`
	FilesCat          = `Files`
	KitsCat           = `Kits`
	MacrosCat         = `Macros`
	NotificationsCat  = `Notifications`
	PlaybooksCat      = `Playbooks`
	QueryLibraryCat   = `Query Library`
	ResourcesCat      = `Resources`
	AutomationsCat    = `Automations`
	TemplatesCat      = `Templates`
	TokensCat         = `Tokens`
	UsersAndGroupsCat = `Users and Groups`
	SystemAndStatsCat = `System and Stats`
	SecretsCat        = `Secrets`
View Source
const (
	TemplateFullUserName = `Full User`
	TemplateReadOnlyName = `Read Only User`
View Source
const (
	EVENTTYPE_LOG   EventType = "log"
	EVENTTYPE_EVENT EventType = "event"

View Source
const (
	// request IDs
	FDG_REQ_GET_ENTRIES uint32 = 0x02000002
	FDG_REQ_STREAMING   uint32 = 0x02000005

	// response IDs
	FDG_RESP_GET_ENTRIES uint32 = 0x02000002
	FDG_RESP_STREAMING   uint32 = 0x02000005
View Source
const (
	// license type magic numbers
	Eval       LicenseType = 0xb7c489d229961f64 //single instance (backend and frontend must be on the same machine) but we throw a bunch of stuff up in the GUI
	Community  LicenseType = 0xa332f9b1f64789d2 // single instance, limited ingest per day
	Fractional LicenseType = 0xe5354cae719162c3 // single instance, full features, limited ingest per day
	Single     LicenseType = 0x6f848b5ce61db26a //single instance (backend and frontend must be on the same machine)
	Enterprise LicenseType = 0x6e67a154aa1d503e //single instance, but all features allowed
	Cluster    LicenseType = 0x16e6aac870ea32ee //MxN configuration (many headends, restricted backends)
	Unlimited  LicenseType = 0x387dd2c0faa6e1e3 //MxN configuration (many headends, many backends)

	// feature override bitmasks
	Replication     FeatureOverride = 1
	SingleSignon    FeatureOverride = 1 << 1
	Overwatch       FeatureOverride = 1 << 2
	NoStats         FeatureOverride = 1 << 3
	UnlimitedCPU    FeatureOverride = 1 << 4
	CBAC            FeatureOverride = 1 << 5
	UnlimitedIngest FeatureOverride = 1 << 6

	ReplicationName     string = `replication`
	SingleSignonName    string = `sso`
	OverwatchName       string = `overwatch`
	NoStatsName         string = `nostats`
	UnlimitedCPUName    string = `unlimitedcpu`
	CBACName            string = `abac`
	UnlimitedIngestName string = `unlimitedingest`
View Source
const (
	// base universal requests
	REQ_GET_ENTRIES     uint32 = 0x10
	REQ_STREAMING       uint32 = 0x11
	REQ_TS_RANGE        uint32 = 0x12
	REQ_GET_RAW_ENTRIES uint32 = 0x13

	// data exploration requests
	REQ_GET_EXPLORE_ENTRIES uint32 = 0xf010
	REQ_EXPLORE_TS_RANGE    uint32 = 0xf012

	// Stats Requests
	REQ_STATS_SIZE         uint32 = 0x7F000001 //how many values are there
	REQ_STATS_RANGE        uint32 = 0x7F000002 //give first and last stats values
	REQ_STATS_GET          uint32 = 0x7F000003 //get all stats available given a count
	REQ_STATS_GET_RANGE    uint32 = 0x7F000004 //get all stats over a time range
	REQ_STATS_GET_SUMMARY  uint32 = 0x7F000005 //get a single  stats entry
	REQ_STATS_GET_LOCATION uint32 = 0x7F000006 //get the current location of the search
	REQ_STATS_GET_OVERVIEW uint32 = 0x7F000007 //Get just an array of entry counts and byte counts over a time range
	// Search Metadata requests
	REQ_SEARCH_METADATA uint32 = 0x10001

	// base universal responses
	RESP_GET_ENTRIES     uint32 = 0x10
	RESP_STREAMING       uint32 = 0x11
	RESP_TS_RANGE        uint32 = 0x12
	RESP_GET_RAW_ENTRIES uint32 = 0x13

	// data exploration responses
	RESP_EXPLORE_TS_RANGE    uint32 = 0xf012

	// Stats Responses
	RESP_STATS_SIZE         uint32 = 0x7F000001
	RESP_STATS_RANGE        uint32 = 0x7F000002
	RESP_STATS_GET          uint32 = 0x7F000003
	RESP_STATS_GET_RANGE    uint32 = 0x7F000004
	RESP_STATS_GET_SUMMARY  uint32 = 0x7F000005
	RESP_STATS_GET_LOCATION uint32 = 0x7F000006
	RESP_STATS_GET_OVERVIEW uint32 = 0x7F000007

	// Search Metadata responses
	RESP_SEARCH_METADATA uint32 = 0x10001

	STATS_MASK    uint32 = 0xFF000000
	STATS_MASK_ID uint32 = 0x7F000000
View Source
const (
	DownloadJSON       string = `json`       //encode as JSON
	DownloadCSV        string = `csv`        //standard CSV file
	DownloadText       string = `text`       //just text...
	DownloadPCAP       string = `pcap`       //format as a full blown PCAP-NG file
	DownloadLookupData string = `lookupdata` //GOB encoded table that can be passed back to the "lookup" module
	DownloadIPExists   string = `ipexist`    //IPExist encoded bitblock (https://github.com/gravwell/ipexist)
	DownloadArchive    string = `archive`    //a reimportable archive that is the complete renderer dataset

	DownloadDataTypeString string = `string`
	DownloadDataTypeSlice  string = `slice`
	DownloadDataTypeIP     string = `IP`
	DownloadDataTypeEV     string = `EV`

	RenderNameRaw        string = `raw`
	RenderNameHex        string = `hex`
	RenderNameText       string = `text`
	RenderNamePcap       string = `pcap`
	RenderNameTable      string = `table`
	RenderNameGauge      string = `gauge`
	RenderNameNumbercard string = `numbercard`
	RenderNameChart      string = `chart`
	RenderNameFdg        string = `fdg`
	RenderNameStackGraph string = `stackgraph`
	RenderNamePointmap   string = `pointmap`
	RenderNameHeatmap    string = `heatmap`
	RenderNameP2P        string = `point2point`

	MetadataTypeRaw    string = `raw`
	MetadataTypeNumber string = `number`
View Source
const (
	ScriptAnko ScriptLang = 0 // default is anko
	ScriptGo   ScriptLang = 1 // new hotness is go

	ScheduledTypeSearch string = "search"
	ScheduledTypeScript string = "script"
	ScheduledTypeFlow   string = "flow"

View Source
const (
	// Universal requests
	REQ_CLOSE          uint32 = 0x1
	REQ_ENTRY_COUNT    uint32 = 0x3
	REQ_SEARCH_DETAILS uint32 = 0x4
	REQ_SEARCH_TAGS    uint32 = 0x5

	// Universal responses
	RESP_ERROR          uint32 = 0xFFFFFFFF
	RESP_CLOSE          uint32 = 0x1
	RESP_ENTRY_COUNT    uint32 = 0x3
	RESP_SEARCH_TAGS    uint32 = 0x5
View Source
const (
	NotificationLevelInfo     string = `info`
	NotificationLevelWarn     string = `warn`
	NotificationLevelError    string = `error`
	NotificationLevelCritical string = `critical`
View Source
const AllowedMacroChars = "ABCDCEFGHIJKLMNOPQRSTUVWXYZ1234567890_-"
View Source
const (
	TokenHeader string = `Gravwell-Token`


View Source
var (
	ErrMissingModule error = errors.New("extraction module name is missing")
	ErrMissingParams error = errors.New("extraction parameters missing")
	ErrMissingTag    error = errors.New("extraction tag assignment missing")
View Source
var (
	ErrNameChartableMismatch = errors.New("Name lengths do not match chartable lengths")
	ChartableNaN             = ChartableDataPoint(math.NaN())
View Source
var (
	ErrNoMetadata          = errors.New("No metadata available")
	ErrIngestNotRestricted = errors.New("Ingest is not restricted")
View Source
var (
	ErrIllegalMacroCharacter error = errors.New("Illegal character in macro name")
View Source
var (
	ErrInvalidGeofence = errors.New("Invalid geofence")
View Source
var (
	ErrUnknownCapability = errors.New("Unknown capability")
View Source
var (
	ErrUnknownScriptLanguage = errors.New("Unknown script language")
View Source
var (
	//essentially a never expires
	NeverExpires = time.Date(2099, 12, 31, 12, 0, 0, 0, time.UTC)


func AddCapability added in v3.8.6

func AddCapability(b []byte, cp Capability) (r []byte, err error)

AddCapability adds the capability c to the bitmask b

func CapabilityStringList added in v3.8.6

func CapabilityStringList() []string

func CheckApiVersion

func CheckApiVersion(remote ApiInfo) error

func CheckCapability added in v3.8.6

func CheckCapability(b []byte, c Capability) (r bool)

CheckCapability checks if the capability c is set in the bitmask b

func CheckMacroName

func CheckMacroName(name string) error

func CheckTagAccess

func CheckTagAccess(tg string, prime TagAccess, set []TagAccess) (allowed bool)

CheckTagAccess returns true if the tag tg is allowed in the given TagAccess object.

func CheckUserCapabilityAccess added in v3.8.6

func CheckUserCapabilityAccess(ud *UserDetails, c Capability) (allowed bool)

CheckUserCapabilityAccess checks if a user has access to a given capability based on their direct and group assignments

func EncodeCapabilities added in v3.8.6

func EncodeCapabilities(caps []Capability) (b []byte, err error)

Encode encodes a list of capabilities into a buffer

func EncodeMetadata

func EncodeMetadata(md map[string]interface{}) ([]byte, error)

func FeatureOverridesString

func FeatureOverridesString(fo FeatureOverride) (s string)

func FilterTags

func FilterTags(tags []string, prime TagAccess, set []TagAccess) (r []string)

Return the set of tags permitted within a given slice of tags.

func GenLine

func GenLine(wtr io.Writer, name, line string) (err error)

func RemoveCapability added in v3.8.6

func RemoveCapability(b []byte, c Capability) (r bool)

RemoveCapability removes the capability c in the bitmask b

func UniqueIngesters

func UniqueIngesters(sts []IngestStats) (r uint64)

func ValidateCapabilities added in v3.8.6

func ValidateCapabilities(cps []Capability) (err error)


type AXDefinition

type AXDefinition struct {
	Name        string    `toml:"name,omitempty" json:",omitempty"`
	Desc        string    `toml:"desc,omitempty" json:",omitempty"`
	Module      string    `toml:"module"`
	Params      string    `toml:"params" json:",omitempty"`
	Args        string    `toml:"args,omitempty" json:",omitempty"`
	Tag         string    `toml:"tag"`
	Labels      []string  `toml:"-"`
	UID         int32     `toml:"-"`
	GIDs        []int32   `toml:"-"`
	Global      bool      `toml:"-"`
	UUID        uuid.UUID `toml:"-"`
	Synced      bool      `toml:"-" json:"-"`
	LastUpdated time.Time `toml:"-"`

AutoExtractor object. When setting an AutoExtractor, only Name, Module, Params, and Tag must be set.

func (AXDefinition) Encode

func (dc AXDefinition) Encode(fout io.Writer, hdr string) (err error)

Encode the "config file" styled AX definition to the given io.Writer. hdr is an optional header comment.

func (AXDefinition) Equal

func (axd AXDefinition) Equal(v AXDefinition) bool

func (AXDefinition) JSONMetadata

func (dc AXDefinition) JSONMetadata() (ro json.RawMessage, err error)

func (*AXDefinition) Validate

func (dc *AXDefinition) Validate() error

Verify all required fields in an AXDefinition object are valid.

type AddGroup

type AddGroup struct {
	Name string
	Desc string

type AddUser

type AddUser struct {
	User  string
	Pass  string
	Name  string
	Email string
	Admin bool

type AdminActionResp

type AdminActionResp struct {
	UID   int32 `json:",omitempty"`
	Admin bool  `json:",omitempty"`

type AlertConsumer added in v3.8.23

type AlertConsumer struct {
	ID string `json:"ID"`

	Type AlertConsumerType `json:"Type"`

AlertConsumer - Something which consumes alerts.

type AlertConsumerType added in v3.8.23

type AlertConsumerType string

AlertConsumerType : Possible types for an Alert Consumer

const (
	ALERTCONSUMERTYPE_FLOW AlertConsumerType = "flow"

List of AlertConsumerType

type AlertConsumerValidateRequest added in v3.8.23

type AlertConsumerValidateRequest struct {
	Consumer AlertConsumer

	Alert AlertDefinition

AlertConsumerValidateRequest - Request to validate the given consumer for use with an alert

type AlertConsumerValidateResponse added in v3.8.23

type AlertConsumerValidateResponse struct {
	Valid bool

	Error string

AlertConsumerValidateResponse - Indicates whether a consumer is valid for a given alert or not.

type AlertDefinition added in v3.8.23

type AlertDefinition struct {

	// A list of flows which will be run when alerts are generated.
	Consumers []AlertConsumer `json:"Consumers"`

	Description string `json:"Description"`

	Disabled bool `json:"Disabled"`

	// A list of things which create alerts (currently only scheduled searches).
	Dispatchers []AlertDispatcher `json:"Dispatchers"`

	GIDs []int32 `json:"GIDs"`

	GUID uuid.UUID `json:"GUID"`

	Global bool `json:"Global"`

	Labels []string `json:"Labels"`

	LastUpdated time.Time `json:"LastUpdated"`

	// Maximum number of events allowed per firing of the alert. This is
	// intended as a safety valve to avoid thousands of emails. If zero,
	// a (low) default value will be used.
	MaxEvents int `json:"MaxEvents"`

	Name string `json:"Name"`

	// A JSON schema describing the expected fields in the alerts.
	Schemas AlertSchemas `json:"Schemas"`

	// The tag into which alerts will be ingested
	TargetTag string `json:"TargetTag"`

	ThingUUID uuid.UUID `json:"ThingUUID"`

	// The owner of the Alert
	UID int32 `json:"UID"`

	// Arbitrary user-defined metadata which will be injected into the events
	UserMetadata map[string]interface{} `json:"UserMetadata"`

AlertDefinition - A Gravwell Alert specification

func (*AlertDefinition) JSONMetadata added in v3.8.23

func (alert *AlertDefinition) JSONMetadata() (json.RawMessage, error)

type AlertDispatcher added in v3.8.23

type AlertDispatcher struct {
	ID string `json:"ID"`

	Type AlertDispatcherType `json:"Type"`

AlertDispatcher - Something which creates alerts.

type AlertDispatcherType added in v3.8.23

type AlertDispatcherType string

AlertDispatcherType : Possible types for an Alert Dispatcher

const (
	ALERTDISPATCHERTYPE_SCHEDULEDSEARCH AlertDispatcherType = "scheduledsearch"

List of AlertDispatcherType

type AlertDispatcherValidateError added in v3.8.23

type AlertDispatcherValidateError struct {

	// The path that led to the error
	Path string

	InvalidValue *interface{}

	// Human-friendly information as to why the item failed
	Message string

AlertDispatcherValidateError - Describes a failed validation item for a dispatcher

type AlertDispatcherValidateRequest added in v3.8.23

type AlertDispatcherValidateRequest struct {
	Dispatcher AlertDispatcher

	QueryString string

	Schema AlertSchemas

AlertDispatcherValidateRequest - Request to validate the given dispatcher against a schema. Populate the Dispatcher field to refer to an existing scheduled search, or set QueryString to test a query string

type AlertDispatcherValidateResponse added in v3.8.23

type AlertDispatcherValidateResponse struct {

	// If true, the dispatcher generates all required fields in the schema.
	Valid bool

	// Names of fields which were missing.
	ValidationErrors []AlertDispatcherValidateError

AlertDispatcherValidateResponse - Indicates which, if any, fields the given dispatcher failed to provide.

type AlertSchemas added in v3.8.23

type AlertSchemas struct {

	// The "simple" schema, if any is defined.
	Simple []AlertSchemasSimpleItem

	// A schema derived from an OCSF spec.
	OCSF AlertSchemasOcsf

	// A user-provided JSON schema.
	JSON map[string]interface{}

	ActiveSchema string

AlertSchema - Contains schema definitions for an alert and selects which one is to be used.

type AlertSchemasOcsf added in v3.8.23

type AlertSchemasOcsf struct {
	EventClass string

	Extensions []string

	Profiles []string

AlertSchemasOcsf defines an OCSF schema to use.

type AlertSchemasSimpleItem added in v3.8.23

type AlertSchemasSimpleItem struct {
	Name string

	Type string

AlertSchemasSimpleItem defines a single item in a Simple schema

type ApiInfo

type ApiInfo struct {
	Major uint32
	Minor uint32

func ApiVersion

func ApiVersion() ApiInfo

type AttachSearchRequest

type AttachSearchRequest struct {
	ID string

Request to reattach to a search.

type AttachSearchResponse

type AttachSearchResponse struct {
	Error       string      `json:",omitempty"` //error if not
	Subproto    string      `json:",omitempty"` //the new subprotocol
	RendererMod string      `json:",omitempty"` //the renderer in use
	RendererCmd string      `json:",omitempty"` //the renderer commands
	Info        *SearchInfo `json:",omitempty"` //info if available

AttachSearchResponse contains the subproto and SearchInfo object when attaching to a search.

type AuthorInfo

type AuthorInfo struct {
	Name    string
	Email   string
	Company string
	URL     string

type BackendNotification

type BackendNotification struct {
	Action NotificationAction
	GUID   uuid.UUID

type BackupConfig added in v3.8.18

type BackupConfig struct {
	IncludeSS     bool   // Include scheduled searches
	OmitSensitive bool   // Omit sensitive items
	Password      string // password to use when encrypting backup file

type BackupResponse added in v3.8.21

type BackupResponse struct {
	DownloadID string
	Expiration time.Time

type BaseRequest

type BaseRequest struct {
	ID         uint32
	Stats      *SearchStatsRequest `json:",omitempty"`
	EntryRange *EntryRange         `json:",omitempty"`
	Addendum   json.RawMessage     `json:",omitempty"`

BaseRequest contains elements common to all renderer requests.

type BaseResponse

type BaseResponse struct {
	ID         uint32
	Stats      *SearchStatsResponse      `json:",omitempty"`
	Addendum   json.RawMessage           `json:",omitempty"`
	SearchInfo *SearchInfo               `json:",omitempty"`
	EntryRange *EntryRange               `json:",omitempty"`
	Metadata   *SearchMetadata           `json:",omitempty"`
	Tags       map[string]entry.EntryTag `json:",omitempty"`
	Error      string                    `json:",omitempty"`

	// Finished is true when the query has completed.
	Finished bool

	// EntryCount is the number of entries which *entered* the renderer.
	EntryCount uint64
	// For some renderers, the EntryCount accurately represents the total
	// number of results available. This field is set to 'true' in that case,
	// meaning the EntryCount number can be displayed alongside the results
	// without confusion.
	EntryCountValid bool

	// If set, there are more entries for the given timeframe available.
	// For non-condensing this means EntryCount > request.Last
	// For condensing, this means that given the range, there are values
	// available after the Last range.
	AdditionalEntries bool

	// Indicates that the query results exceeded the on-disk storage limits.
	OverLimit bool
	// Indicates the range of entries that were dropped due to storage limits.
	LimitDroppedRange TimeRange

BaseResponse contains elements common to all renderer request responses.

func (BaseResponse) Err added in v3.8.6

func (br BaseResponse) Err() error

type BuildInfo

type BuildInfo struct {
	BuildDate  time.Time `json:",omitempty"`
	BuildID    string    `json:",omitempty"`
	GUIBuildID string    `json:",omitempty"`

func (BuildInfo) NewerVersion

func (bi BuildInfo) NewerVersion(nbi BuildInfo) bool

func (BuildInfo) String

func (bi BuildInfo) String() string

func (BuildInfo) Version

func (bi BuildInfo) Version() string

Return the full build version of Gravwell eg "4.1.2"

type CBACRules added in v3.8.20

type CBACRules struct {
	Capabilities CapabilitySet
	Tags         TagAccess

CBACRules is the main structure that holds default stats and grants for for API and tag access the Capabilities and Tags sub structures handle access independently

func (*CBACRules) CapabilityList added in v3.8.20

func (abr *CBACRules) CapabilityList() (r []CapabilityDesc)

CapabilityList returns a comprehensive set of capability descriptions that the given ruleset has access to

func (*CBACRules) CapabilityState added in v3.8.20

func (abr *CBACRules) CapabilityState() (r CapabilityState)

export a CapabilityState from the underlying capability rules

func (*CBACRules) HasCapability added in v3.8.20

func (abr *CBACRules) HasCapability(c Capability) (allowed bool)

HasCapability checks if a given CBACRules set has a capability

type CanonicalVersion

type CanonicalVersion struct {
	Major uint32
	Minor uint32
	Point uint32

The full version of Gravwell in this build - eg 4.1.2

func ParseCanonicalVersion

func ParseCanonicalVersion(s string) (r CanonicalVersion, err error)

Return a CanonicalVersion object containing the given version string. Must be in the form of "X.Y.Z".

func (CanonicalVersion) Compare

func (cv CanonicalVersion) Compare(ncv CanonicalVersion) int

Compare returns the following:

0	- equal versions
<0	- incoming is older than existing
>0	- incoming is newer then existing

func (CanonicalVersion) Compatible

func (cv CanonicalVersion) Compatible(min, max CanonicalVersion) bool

func (CanonicalVersion) Enabled

func (cv CanonicalVersion) Enabled() bool

func (CanonicalVersion) NewerVersion

func (cv CanonicalVersion) NewerVersion(ncv CanonicalVersion) bool

NewerVersion returns true if the incoming version is newer than coming

func (CanonicalVersion) String

func (cv CanonicalVersion) String() string

type CapError

type CapError struct {
	Cap   string
	Error string

CapError is an enhanced error that will return why an API told you know Typically its an error message and the capability you would need in order to use the API

type Capability

type Capability uint16
const (
	Search           Capability = 0
	Download         Capability = 1
	SaveSearch       Capability = 2
	AttachSearch     Capability = 3
	BackgroundSearch Capability = 4

	SetSearchGroup     Capability = 6
	SearchHistory      Capability = 7
	SearchGroupHistory Capability = 8
	SearchAllHistory   Capability = 9
	DashboardRead      Capability = 10
	DashboardWrite     Capability = 11
	ResourceRead       Capability = 12
	ResourceWrite      Capability = 13
	TemplateRead       Capability = 14
	TemplateWrite      Capability = 15
	PivotRead          Capability = 16
	PivotWrite         Capability = 17
	MacroRead          Capability = 18
	MacroWrite         Capability = 19
	LibraryRead        Capability = 20
	LibraryWrite       Capability = 21
	ExtractorRead      Capability = 22
	ExtractorWrite     Capability = 23
	UserFileRead       Capability = 24
	UserFileWrite      Capability = 25
	KitRead            Capability = 26
	KitWrite           Capability = 27
	KitBuild           Capability = 28
	KitDownload        Capability = 29
	ScheduleRead       Capability = 30
	ScheduleWrite      Capability = 31
	SOARLibs           Capability = 32
	SOAREmail          Capability = 33
	PlaybookRead       Capability = 34
	PlaybookWrite      Capability = 35

	//management capabilities
	LicenseRead       Capability = 36
	Stats             Capability = 37
	Ingest            Capability = 38
	ListUsers         Capability = 39
	ListGroups        Capability = 40
	ListGroupMembers  Capability = 41
	NotificationRead  Capability = 42
	NotificationWrite Capability = 43
	SystemInfoRead    Capability = 44
	TokenRead         Capability = 45
	TokenWrite        Capability = 46
	SecretRead        Capability = 47
	SecretWrite       Capability = 48
	AlertRead         Capability = 49
	AlertWrite        Capability = 50

func CapabilityList added in v3.8.6

func CapabilityList() []Capability

func (Capability) CapabilityDesc

func (c Capability) CapabilityDesc() CapabilityDesc

CapabilityDesc converts a Capability into a CapabilityDescription

func (Capability) Category added in v3.8.18

func (c Capability) Category() CapabilityCategory

Name returns the ASCII name of a capability

func (Capability) Description

func (c Capability) Description() string

Description returns an ASCII description of a capability value

func (Capability) Name added in v3.8.5

func (c Capability) Name() string

Name returns the ASCII name of a capability

func (*Capability) Parse added in v3.8.5

func (c *Capability) Parse(v string) (err error)

Parse attempts to resolve a capability value from a name Parse will ignore case and trim surrounding whitespace

func (Capability) String

func (c Capability) String() string

String implements the stringer interface, it does not return a parsable name but rather a shorthand description

func (Capability) Valid added in v3.8.6

func (c Capability) Valid() bool

Check if the capability value is valid/known

type CapabilityCategory added in v3.8.18

type CapabilityCategory string

type CapabilityDesc

type CapabilityDesc struct {
	Cap      Capability
	Name     string
	Desc     string
	Category CapabilityCategory

CapabilityDesc is an enhanced structure containing a capability value, its name, and a brief description

func CapabilityDescriptions added in v3.8.6

func CapabilityDescriptions() (r []CapabilityDesc)

func CreateUserCapabilityList added in v3.8.6

func CreateUserCapabilityList(ud *UserDetails) (r []CapabilityDesc)

CreateUserCapabilityList creates a comprehensive list of capabilities the user has access to based on their direct and group assignments

type CapabilityExplanation added in v3.8.21

type CapabilityExplanation struct {
	Granted     bool           // True if the user has this capability
	UserGrant   bool           // True if the capability was explicitly granted to the user
	GroupGrants []GroupDetails // An array of groups to which the user belongs that grant the capability.

CapabilityExplanation wraps a CapabilityDesc with information about if and how the user *obtained* that capability.

type CapabilitySet added in v3.8.6

type CapabilitySet struct {
	Grants []byte

CapabilitySet is the compacted set of default values and grants The CapabilitySet is translated from the CapabilityState and held internally for faster operations

func (*CapabilitySet) CapabilityList added in v3.8.6

func (cs *CapabilitySet) CapabilityList() (r []CapabilityDesc)

CapabilityList returns a list of capability descrptions that are in this set

func (*CapabilitySet) Clear added in v3.8.20

func (cs *CapabilitySet) Clear(c Capability) (r bool)

Clear removes a capability grant from the CapabilitySet

func (CapabilitySet) Has added in v3.8.6

func (cs CapabilitySet) Has(c Capability) bool

Has checks if a capability is allowed given the default value and grants

func (CapabilitySet) IsSet added in v3.8.6

func (cs CapabilitySet) IsSet(c Capability) bool

IsSet checks if a capability grant is set

func (*CapabilitySet) Set added in v3.8.20

func (cs *CapabilitySet) Set(c Capability) (r bool)

Set sets an grant on the capability set

type CapabilityState added in v3.8.6

type CapabilityState struct {
	Grants []string

CapabilityState is the expanded set of capabilities that is exchanged between clients the the API The grants specified using the full name of a capability to make the API more explicit

func AllCapabilityAccess added in v3.8.20

func AllCapabilityAccess() CapabilityState

func (CapabilityState) CapabilityList added in v3.8.6

func (st CapabilityState) CapabilityList() (lst []CapabilityDesc, err error)

CapabilityList returns a list of capability descriptions that this capability state has access to

func (CapabilityState) CapabilitySet added in v3.8.6

func (st CapabilityState) CapabilitySet() (cs CapabilitySet, err error)

CapabilitySet converts the human friendly CapabilityState into an optimized and encoded CapabilitySet for internal use

func (CapabilityState) MarshalJSON added in v3.8.20

func (cs CapabilityState) MarshalJSON() ([]byte, error)

type CapabilityTemplate

type CapabilityTemplate struct {
	Name string
	Desc string
	Caps []Capability

CapabilityTemplate is group of capabilities with a name and description, this is used to build up a simplified set of macro capabilities like "can run all searches" or "can read results but not write them"

func TemplateList added in v3.8.6

func TemplateList() []CapabilityTemplate

func (CapabilityTemplate) CapabilityState added in v3.8.6

func (ct CapabilityTemplate) CapabilityState() (s CapabilityState)

CapabilityState takes a capability template and converts it into a capability set that can be sent to the API This defaults to a state with default deny and explicit allow

type ChangePassword

type ChangePassword struct {
	OrigPass string
	NewPass  string

type ChartRequest

type ChartRequest struct {

type ChartResponse

type ChartResponse struct {
	Entries ChartableValueSet

type Chartable

type Chartable struct {
	Data []ChartableDataPoint
	TS   entry.Timestamp

type ChartableDataPoint

type ChartableDataPoint float64

func (ChartableDataPoint) IsNaN added in v3.8.0

func (cdp ChartableDataPoint) IsNaN() bool

func (ChartableDataPoint) MarshalJSON

func (cdp ChartableDataPoint) MarshalJSON() ([]byte, error)

type ChartableSet

type ChartableSet []Chartable

func (*ChartableSet) Add

func (cs *ChartableSet) Add(c Chartable)

func (ChartableSet) Len

func (cs ChartableSet) Len() int

func (*ChartableSet) Reset

func (cs *ChartableSet) Reset()

func (ChartableSet) Sec

func (cs ChartableSet) Sec(i int) int64

func (ChartableSet) TS

func (cs ChartableSet) TS(i int) entry.Timestamp

type ChartableValueSet

type ChartableValueSet struct {
	Names      []string
	KeyComps   []KeyComponents `json:",omitempty"`
	Categories []string        `json:",omitempty"`
	Values     ChartableSet

ChartableValueSet is what is returned when we have a request for data the length of Names MUST BE the same length as each set of Values in each Set

func (*ChartableValueSet) AddKeyComponents

func (cvs *ChartableValueSet) AddKeyComponents(name, cat string, keys []string) error

AddKeyComponents preps the ChartableValueSet with the appropriate key material

func (ChartableValueSet) MarshalJSON

func (cvs ChartableValueSet) MarshalJSON() ([]byte, error)

func (*ChartableValueSet) Sort added in v3.8.16

func (cvs *ChartableValueSet) Sort() error

Sort is a little helper that picks the right sort based on the data types exposed if there is only one set (one time slice for things like non time-series charts) it sorts by value if there is more than one time slice, it sortsby name

func (*ChartableValueSet) SortByNames

func (cvs *ChartableValueSet) SortByNames() error

SortByNames will sort the chartable data by name, keeping values coordinated

func (*ChartableValueSet) SortByValue added in v3.8.16

func (cvs *ChartableValueSet) SortByValue() error

SortByValues will sort the series by the the first value in the chartable data set this will return an error if there is more than one time slice of data

type Dashboard

type Dashboard struct {
	ID          uint64
	Name        string
	UID         int32
	GIDs        []int32
	Global      bool
	Description string
	Created     time.Time
	Updated     time.Time
	Data        RawObject
	Labels      []string
	GUID        string `json:",omitempty"`
	Trivial     bool   `json:",omitempty"`
	Synced      bool

Dashboard type used for relaying data back and forth to frontend.

func (Dashboard) Equal

func (d Dashboard) Equal(v Dashboard) bool

func (*Dashboard) UnmarshalObject

func (d *Dashboard) UnmarshalObject(obj interface{}) error

type DashboardAdd

type DashboardAdd struct {
	Name        string
	Description string
	Data        RawObject
	Labels      []string
	UID         int32
	GIDs        []int32
	Global      bool

DashboardAdd is used to push new dashboards.

func EncodeDashboardAdd

func EncodeDashboardAdd(name, desc string, obj interface{}) (*DashboardAdd, error)

func (DashboardAdd) MarshalJSON

func (d DashboardAdd) MarshalJSON() ([]byte, error)

func (*DashboardAdd) UnmarshalObject

func (d *DashboardAdd) UnmarshalObject(obj interface{}) error

type DashboardComment

type DashboardComment struct {
	ID      int
	UID     int
	Name    string
	Comment string

DashboardComment is used to send and retrieve comments.

type DashboardGet

type DashboardGet struct {
	Name     string
	Desc     string
	JSON     []byte
	User     string
	Score    int `json:",omitempty"`
	Version  int `json:",omitempty"`
	GUID     string
	Created  time.Time
	Updated  time.Time
	Customer string
	Tags     []string

DashboardGet is used to get a dashboard from the marketplace.

type DashboardPost

type DashboardPost struct {
	Name string
	Desc string
	JSON []byte
	User string
	Tags []string

DashboardPost is used in sending a new dashboard to the marketplace.

type Dashboards

type Dashboards []Dashboard

func (Dashboards) MarshalJSON

func (d Dashboards) MarshalJSON() ([]byte, error)

type DeploymentInfo

type DeploymentInfo struct {
	Distributed     bool //distributed webservers, meaning more than one
	CBACEnabled     bool //whether CBAC is enabled on the system
	DefaultLanguage string

type DiskIO

type DiskIO struct {
	Device string
	Read   uint64
	Write  uint64

Disk statistics as shown in the System Stats - Hardware and Disks view in Gravwell.

type DiskStats

type DiskStats struct {
	Mount     string
	Partition string
	Total     uint64
	Used      uint64
	// unique ID for this disk on this host
	// essentially a hash of indexer UUID, Mount, and Partition
	// this is used to uniquely identify a disk and mount on a specific host
	// uses are for when multiple indexers have the same disk topology
	// or docker clusters where everything is identical
	ID string

Disk statistics as shown in the System Stats - Hardware and Disks view in Gravwell.

type Edge

type Edge struct {
	Value int64 `json:"value"`
	// Source and Destination nodes for an edge are represented by an index
	// into the parent node set
	Src int `json:"source"` // index into the source node list
	Dst int `json:"target"` // index into the destination node list

type Element

type Element struct {
	Module      string
	Args        string `json:",omitempty"`
	Name        string
	Path        string
	Value       interface{}
	SubElements []Element `json:",omitempty"`
	Filters     []string

An Element is an item which has been extracted from an entry using the data exploration system.

type EntryRange

type EntryRange struct {
	StartTS entry.Timestamp `json:",omitempty"`
	EndTS   entry.Timestamp `json:",omitempty"`
	First   uint64
	Last    uint64

type EnumeratedPair

type EnumeratedPair struct {
	Name     string
	Value    string             `json:"ValueStr"`
	RawValue RawEnumeratedValue `json:"Value"`

EnumeratedPair is the string representation of enumerated values.

func (EnumeratedPair) String added in v3.8.6

func (ep EnumeratedPair) String() string

type ErrorObject added in v3.8.6

type ErrorObject struct {
	Err  string `json:"error"`
	Info string `json:"info,omitempty"`

ErrorObject is a basic error object with the error value and an optional info structure that has more info about the error

type Event added in v3.8.23

type Event struct {
	Type     EventType
	Metadata EventMetadata          `json:",omitempty"`
	Contents map[string]interface{} `json:",omitempty"`

Event is the type produced by an Alert Dispatcher which gets ingested. The Type field should always be EVENTTYPE_EVENT, to indicate that this is a regular event.

type EventConsumerInfo added in v3.8.23

type EventConsumerInfo struct {
	Type   AlertConsumerType
	ID     string
	Name   string
	Labels []string `json:",omitempty"`

EventConsumerInfo gives extended information about a consumer which will be launched to consume this event.

type EventDispatcherInfo added in v3.8.23

type EventDispatcherInfo struct {
	Type         AlertDispatcherType
	ID           string
	Name         string   `json:",omitempty"`
	SearchID     string   `json:",omitempty"`
	Labels       []string // any labels attached to this dispatcher
	EventCount   int      // number of events that were generated by the dispatcher
	EventsElided bool     // true if we had to drop events because there were too many results

EventDispatcherInfo gives extended information about the thing which triggered the alert / created the event

type EventLog added in v3.8.23

type EventLog struct {
	Type    EventType
	Level   string
	Message string            `json:",omitempty"`
	KV      map[string]string `json:",omitempty"`
	Trigger Event             `json:",omitempty"`

EventLog gets generated when something happens during the execution of an alert that needs to be logged. The Type field should always be EVENTTYPE_LOG.

type EventMetadata added in v3.8.23

type EventMetadata struct {
	UID                int32
	Username           string
	Created            time.Time
	AlertID            string // ThingUUID
	AlertName          string
	TargetTag          string // the tag this got sent to
	AlertLabels        []string
	Dispatcher         EventDispatcherInfo
	Consumers          []EventConsumerInfo    `json:",omitempty"` // consmers which will be launched for this event
	UserMetadata       map[string]interface{} // this is arbitrary stuff that the user attached to the alert def.
	ValidationProblems []ValidationProblem    `json:",omitempty"`

EventMetadata tells us about the owner of this event definition and who created the event.

func BuildEventMetadata added in v3.8.23

func BuildEventMetadata(created time.Time, ud UserDetails, alertDef AlertDefinition, dispatcher EventDispatcherInfo) EventMetadata

type EventType added in v3.8.23

type EventType string

type ExploreRequest added in v3.8.8

type ExploreRequest struct {
	Start int64
	End   int64

ExploreRequest is used to request that the webserver perform a complete cracking of all entries in the given range, the webserver will return an array of ExploreResult

type ExploreResult

type ExploreResult struct {
	Elements []Element `json:",omitempty"`
	// This represents the module which generated the result, but
	// individual Elements may have a different module set for
	// purposes of filtering.
	Module      string
	Tag         string
	WordOffsets []WordOffset `json:",omitempty"`

type FdgRequest

type FdgRequest struct {

type FdgResponse

type FdgResponse struct {
	Entries FdgSet

type FdgSet

type FdgSet struct {
	Nodes  []Node   `json:"nodes"`
	Edges  []Edge   `json:"links"`
	Groups []string `json:"groups"`

type FeatureOverride

type FeatureOverride uint64

func NewFeatureOverride

func NewFeatureOverride(name string) (fo FeatureOverride, err error)

func ParseFeatureOverrides

func ParseFeatureOverrides(v string) (fo FeatureOverride, err error)

func (FeatureOverride) Set

func (FeatureOverride) String

func (fo FeatureOverride) String() (r string)

func (*FeatureOverride) Update

func (fo *FeatureOverride) Update(t FeatureOverride)

type Features added in v3.8.20

type Features struct {
	Replication     bool
	SingleSignon    bool
	Overwatch       bool
	NoStats         bool
	UnlimitedCPU    bool
	CBAC            bool
	UnlimitedIngest bool

Features is a list of features present on this license. It's used in the /api/license path to report what features are available (but not necessarily in use).

type FilterRequest

type FilterRequest struct {
	Tag    string
	Module string
	Args   string `json:",omitempty"`
	Path   string // The path to extract
	Name   string // The desired output name
	Op     string
	Value  string

type FlowNodeResult added in v3.8.5

type FlowNodeResult struct {
	Payload map[string]interface{}
	ID      int    // the node ID
	Type    string // the type of node, e.g. RunQuery
	Log     string
	Error   string
	Start   int64 // unix nanoseconds
	End     int64 // unix nanoseconds
	// The first node executed has sequence 0, the next is sequence 1, etc.
	// Nodes which were not executed have Sequence = SEQ_NODE_NOT_EXECUTED
	Sequence int

type FlowParseRequest added in v3.8.2

type FlowParseRequest struct {
	Flow       string
	DebugEvent *Event // If provided, this will be set as `event` in the flow payload for parsing.

type FlowParseResponse added in v3.8.2

type FlowParseResponse struct {
	OK bool

	// Error and ErrorNode are now deprecated; look at the Failures map
	// to see if there were parse problems. They are retained for compatibility.
	Error     string `json:",omitempty"`
	ErrorNode int    // the node which failed to parse (ignore if Error is empty)

	OutputPayloads map[int]map[string]interface{}
	InitialPayload map[string]interface{} // the payload which gets passed to nodes with no dependencies
	Failures       map[int]NodeParseFailure

type GUISettings

type GUISettings struct {
	DistributedWebservers bool
	DisableMapTileProxy   bool
	MapTileUrl            string

	// If true, the UI shouldn't display any notifications about new features
	DisableFeaturePopups bool

	// Indicates that we're in cloud mode - changes some behaviors
	CloudMode bool

	ServerTime           time.Time
	ServerTimezone       string
	ServerTimezoneOffset int

	MaxFileSize        uint64 // the maximum size allowed for user file uploads
	MaxResourceSize    uint64 // the largest resource you're allowed to make
	MaxJsonRequestSize uint64 // the largest object you're allowed to send in a JSON request body

	IngestAllowed bool // set to true if the user is allowed to use the ingest APIs
	NonCommercial bool // set to true if the license is a non-commercial license

type GaugeRequest

type GaugeRequest struct {

type GaugeResponse

type GaugeResponse struct {
	Entries []GaugeValue

type GaugeValue

type GaugeValue struct {
	Name      string
	Magnitude float64
	Min       float64
	Max       float64

Gauge renderer

type GenerateAXRequest

type GenerateAXRequest struct {
	Tag     string
	Entries []SearchEntry

A GenerateAXRequest contains a tag name and a set of entries. It is used by clients to request all possible extractions from the given entries. All entries should have the same tag.

type GenerateAXResponse

type GenerateAXResponse struct {
	Extractor AXDefinition
	// Confidence is a range from 0 to 10, with 10 meaning "we are very confident"
	// and 0 meaning "we didn't extract anything of worth".
	// Some modules, like xml, will return values lower than 10 even if they extracted
	// lots of data, because other modules like winlog should take precedence if they
	// succeed.
	Confidence float64
	Entries    []SearchEntry
	Explore    []ExploreResult

A GenerateAXResponse contains an autoextractor definition and corresponding Element extractions as gathered from a single extraction module

type Geofence

type Geofence struct {
	SouthWest Location `json:",omitempty"`
	NorthEast Location `json:",omitempty"`
	// contains filtered or unexported fields

func (*Geofence) CrossesAntimeridian

func (gf *Geofence) CrossesAntimeridian() bool

func (*Geofence) InFence

func (gf *Geofence) InFence(loc Location) bool

func (*Geofence) Validate

func (gf *Geofence) Validate() error

type GroupDetails

type GroupDetails struct {
	GID    int32
	Name   string
	Desc   string
	Synced bool
	CBAC   CBACRules `json:"-"` //do not include in API responses

type HeatmapRequest

type HeatmapRequest struct {
	Fence Geofence `json:",omitempty"`

type HeatmapResponse

type HeatmapResponse struct {
	Entries []HeatmapValue `json:",omitempty"`

type HeatmapValue

type HeatmapValue struct {
	Magnitude float64 `json:",omitempty"`

func (HeatmapValue) MarshalJSON

func (hv HeatmapValue) MarshalJSON() ([]byte, error)

func (*HeatmapValue) UnmarshalJSON

func (hv *HeatmapValue) UnmarshalJSON(data []byte) error

type HostSysStats

type HostSysStats struct {
	Uptime                uint64  `json:",omitempty"`
	TotalMemory           uint64  `json:",omitempty"`
	ProcessHeapAllocation uint64  `json:",omitempty"` // bytes allocated by this process's heap
	ProcessSysReserved    uint64  `json:",omitempty"` // total bytes obtained from the OS
	MemoryUsedPercent     float64 `json:",omitempty"`
	Disks                 []DiskStats
	CPUUsage              float64
	CPUCount              int          `json:",omitempty"`
	HostHash              string       `json:",omitempty"`
	Net                   NetworkUsage `json:",omitempty"`
	IO                    []DiskIO
	VirtSystem            string       `json:",omitempty"` // e.g. "kvm" or "xen"
	VirtRole              string       `json:",omitempty"` // "host" or "guest"
	BuildInfo             BuildInfo    `json:",omitempty"` // e.g. 3.3.1
	LoadAverage           load.AvgStat `json:",omitempty"`
	Iowait                float64

Host statistics, used by the System Stats view in Gravwell.

type IdKitState

type IdKitState struct {
	UUID   uuid.UUID
	UID    int32
	GIDs   []int32
	Global bool

type that is used when sending back lists via a ADMIN request (show uid and gid)

type IdxStatResponse

type IdxStatResponse struct {
	Error string              `json:",omitempty"`
	Stats map[string]IdxStats `json:",omitempty"`

type IdxStats

type IdxStats struct {
	UUID       uuid.UUID           `json:",omitempty"`
	Error      string              `json:",omitempty"`
	IndexStats []IndexManagerStats `json:",omitempty"`

func (*IdxStats) MarshalJSON

func (m *IdxStats) MarshalJSON() ([]byte, error)

type ImportInfo added in v3.7.1

type ImportInfo struct {
	Imported  bool
	Time      time.Time //timestamp of when the results were imported
	BatchName string    //potential import batch name
	BatchInfo string    //potential import batch notes


type IndexManagerStats

type IndexManagerStats struct {
	Name  string
	Stats []IndexerStats

func (*IndexManagerStats) MarshalJSON

func (m *IndexManagerStats) MarshalJSON() ([]byte, error)

type IndexerPingResponse

type IndexerPingResponse struct {
	Error  string            `json:",omitempty"`
	States map[string]string `json:",omitempty"`

IndexerPingResponse contains a map of states for all configured indexers.

type IndexerRequest

type IndexerRequest struct {
	DialString string

	Forwarded bool // If set, do NOT propagate this message to other webservers

type IndexerStats

type IndexerStats struct {
	Data        uint64
	Entries     uint64
	Path        string
	Cold        bool
	Accelerator string `json:",omitempty"`
	Extractor   string `json:",omitempty"`

type IndexerWellData

type IndexerWellData struct {
	UUID  uuid.UUID
	Wells []WellInfo
	//Key is the UUID of the remote system that we have replicated data for
	//the value is the list of wells and their data
	Replicated map[uuid.UUID][]WellInfo

func (IndexerWellData) MarshalJSON

func (v IndexerWellData) MarshalJSON() ([]byte, error)

func (*IndexerWellData) Sort

func (iwd *IndexerWellData) Sort()

type IngestResponse

type IngestResponse struct {
	Count int64
	Size  int64
	Tags  []string

type IngestStats

type IngestStats struct {
	QuotaUsed    uint64 // Quota used so far
	QuotaMax     uint64 // Total quota
	TotalCount   uint64 //Total Entries since the ingest server started
	TotalSize    uint64 //Total Data since the ingest server started
	LastDayCount uint64 //total entries in last 24 hours
	LastDaySize  uint64 //total ingested in last 24 hours
	Ingesters    []IngesterStats
	Missing      []ingest.IngesterState //ingesters that have been seen before but not actively connected now

func (IngestStats) MarshalJSON

func (is IngestStats) MarshalJSON() ([]byte, error)

type IngesterStats

type IngesterStats struct {
	RemoteAddress string
	Count         uint64
	Size          uint64
	Uptime        time.Duration
	Tags          []string
	Name          string
	Version       string
	UUID          string
	State         ingest.IngesterState

func (IngesterStats) Hash

func (is IngesterStats) Hash() uint64

func (IngesterStats) MarshalJSON

func (is IngesterStats) MarshalJSON() ([]byte, error)

type IngesterStatsResponse

type IngesterStatsResponse struct {
	Error string                 `json:",omitempty"`
	Stats map[string]IngestStats `json:",omitempty"`

type InstallStatus

type InstallStatus struct {
	Owner int32
	Done  bool

	Percentage  float64
	CurrentStep string
	Error       string
	Log         string
	InstallID   int32
	Updated     time.Time
	// contains filtered or unexported fields

func NewInstallStatus

func NewInstallStatus(itemcount int, installID int32, uid int32) *InstallStatus

func (*InstallStatus) ItemDone

func (i *InstallStatus) ItemDone()

func (*InstallStatus) SetDone

func (i *InstallStatus) SetDone()

func (*InstallStatus) SetError

func (i *InstallStatus) SetError(err error)

func (*InstallStatus) UpdateCurrentStep

func (i *InstallStatus) UpdateCurrentStep(step string)

type KeyComponents

type KeyComponents struct {
	Keys []string

type KitBuildRequest

type KitBuildRequest struct {
	ID                string
	Name              string
	Description       string
	Readme            string
	Version           uint
	MinVersion        CanonicalVersion  `json:",omitempty"`
	MaxVersion        CanonicalVersion  `json:",omitempty"`
	Dashboards        []uint64          `json:",omitempty"`
	Templates         []uuid.UUID       `json:",omitempty"`
	Pivots            []uuid.UUID       `json:",omitempty"`
	Resources         []string          `json:",omitempty"`
	ScheduledSearches []int32           `json:",omitempty"`
	Flows             []int32           `json:",omitempty"`
	Macros            []uint64          `json:",omitempty"`
	Extractors        []uuid.UUID       `json:",omitempty"`
	Files             []uuid.UUID       `json:",omitempty"`
	SearchLibraries   []uuid.UUID       `json:",omitempty"`
	Playbooks         []uuid.UUID       `json:",omitempty"`
	Alerts            []uuid.UUID       `json:",omitempty"`
	EmbeddedItems     []KitEmbeddedItem `json:",omitempty"`
	Icon              string            `json:",omitempty"`
	Banner            string            `json:",omitempty"`
	Cover             string            `json:",omitempty"`
	Dependencies      []KitDependency   `json:",omitempty"`
	ConfigMacros      []KitConfigMacro
	ScriptDeployRules map[int32]ScriptDeployConfig

the type that is used to request a kit be built

func (*KitBuildRequest) Validate

func (pbr *KitBuildRequest) Validate() error

type KitBuildResponse

type KitBuildResponse struct {
	UUID string
	Size int64
	UID  int32 `json:",omitempty"`

type KitConfig

type KitConfig struct {
	OverwriteExisting     bool  `json:",omitempty"`
	Global                bool  `json:",omitempty"`
	AllowExternalResource bool  `json:",omitempty"`
	AllowUnsigned         bool  `json:",omitempty"`
	InstallationGroup     int32 `json:",omitempty"` // deprecated, use InstallationGroups instead
	InstallationGroups    []int32
	Labels                []string `json:",omitempty"` // labels applied to each *item*
	KitLabels             []string `json:",omitempty"` // labels applied to the *kit* itself
	ConfigMacros          []KitConfigMacro
	ScriptDeployRules     map[string]ScriptDeployConfig // overrides for defaults

KitConfig represents rules, labels, and other configuration options used during kit installation.

type KitConfigMacro

type KitConfigMacro struct {
	MacroName     string // The name of the macro which will be created
	Description   string // a verbose description of what this *does*
	DefaultValue  string // Should be defined at kit creation time
	Value         string // Set by the UI when preparing for installation
	Type          string // "TAG" or "OTHER"
	InstalledByID string // if the macro already exists, the ID of the kit that installed it

type KitDependency

type KitDependency struct {
	ID         string
	MinVersion uint

KitDependency declares a series of kits and minimum version requirements

type KitEmbeddedItem

type KitEmbeddedItem struct {
	Content []byte `json:",omitempty"` //the actual contents of the kit

type KitItem

type KitItem struct {
	Name           string
	Type           string
	ID             string          `json:",omitempty"` //the UUID
	AdditionalInfo json.RawMessage `json:",omitempty"`
	Hash           [sha256.Size]byte

Each item in a kit (dashboard, query, etc) is represented by a KitItem object.

func (*KitItem) DescriptionString

func (ki *KitItem) DescriptionString() (s string)

func (KitItem) String

func (ki KitItem) String() (r string)

type KitItemStatus added in v3.8.22

type KitItemStatus struct {
	Item  KitItem
	Error string

type KitManifest

type KitManifest struct {
	UID         int32
	GIDs        []int32
	Global      bool
	UUID        uuid.UUID
	Data        []byte
	WebserverID uuid.UUID // which webserver created this manifest: needed to manage staged manifests & on-disk kit files
	Synced      bool

the type that handles the datastore system

func (*KitManifest) Decode

func (pm *KitManifest) Decode(v interface{}) (err error)

func (*KitManifest) Encode

func (pm *KitManifest) Encode(v interface{}) (err error)

type KitMetadata

type KitMetadata struct {
	ID            string
	Name          string
	GUID          string `json:",omitempty"` // DEPRECATED, TODO: remove
	UUID          string
	Version       uint
	Description   string
	Readme        string
	Signed        bool
	AdminRequired bool
	MinVersion    CanonicalVersion
	MaxVersion    CanonicalVersion
	Size          int64
	Created       time.Time
	Ingesters     []string //ingesters associated with the kit
	Tags          []string //tags associated with the kit
	Assets        []KitMetadataAsset
	Dependencies  []KitDependency
	Items         []KitItem
	ConfigMacros  []KitConfigMacro

KitMetadata is a struct that is primarily served by the kit server, we use this to record info about a kit so the GUI and hint to users what kits they shoudld install.

type KitMetadataAsset

type KitMetadataAsset struct {
	Type     string
	Source   string //URL
	Legend   string //some description about the asset
	Featured bool   //should be an image, will be used for cover image
	Banner   bool   //should be an image, will be used for upper banner image

KitMetadataAssets are items that might be associated with kits when hosting them we use these to enable pinning additional stuff to a kit.

func (KitMetadataAsset) String

func (kma KitMetadataAsset) String() (s string)

type KitModifyReport added in v3.8.22

type KitModifyReport struct {
	Statuses []KitItemStatus
	WasError bool

type KitState

type KitState struct {
	ID                   string
	Name                 string
	Description          string
	Readme               string
	UUID                 string
	Signed               bool
	AdminRequired        bool
	MinVersion           CanonicalVersion `json:",omitempty"`
	MaxVersion           CanonicalVersion `json:",omitempty"`
	UID                  int32            `json:",omitempty"`
	Version              uint
	Items                []KitItem
	Labels               []string
	Icon                 string           //use for icon when in the context of a kit
	Banner               string           //use for banner in a kit
	Cover                string           //use for cover image on a kit
	ModifiedItems        []SourcedKitItem // Items which were installed by a previous version of the kit and have been modified by the user
	ConflictingItems     []KitItem        // items which will overwrite a user-created object
	RequiredDependencies []KitMetadata
	Installed            bool             //true means everything was pushed in, false means it is JUST staged
	InstallationTime     time.Time        // the time at which this kit was installed
	InstallationVersion  CanonicalVersion // the Gravwell version in use when this kit was installed
	ConfigMacros         []KitConfigMacro
	Metadata             json.RawMessage `json:",omitempty"`

The kit data type that is actually stored in the datastore

func (*KitState) AddItem added in v3.8.0

func (ps *KitState) AddItem(itm KitItem) error

func (*KitState) GetItem added in v3.8.0

func (ps *KitState) GetItem(name, tp string) (KitItem, error)

func (*KitState) RemoveItem added in v3.8.0

func (ps *KitState) RemoveItem(name, tp string) error

func (*KitState) UpdateItem

func (ps *KitState) UpdateItem(name, tp, id string) error

type LaunchRequest added in v3.8.23

type LaunchRequest struct {

LaunchRequest is a new named type so that we can abstract away the websocket launch requests from the REST requests

type LaunchResponse added in v3.8.23

type LaunchResponse struct {
	SearchSessionID uuid.UUID `json:",omitempty"`
	// RefreshInterval is used to convey and optionally update the minimum interval
	// required in between touching a search session.  This value defines how often a client
	// must refresh thier search session before a search may be expired due to inactivity
	RefreshInterval uint //refresh interval in seconds

	// unified info that is always needed
	SearchID     string     `json:",omitempty"`
	RenderModule string     `json:",omitempty"`
	RenderCmd    string     `json:",omitempty"`
	Info         SearchInfo `json:",omitempty"`

LaunchResponse is used to respond to both Launch and Attach requests the type returns metadata about the search as well as this contains all the embedded

type LicenseDistributionStatus

type LicenseDistributionStatus struct {
	Status string                 `json:"status"`
	States []LicenseIndexerStatus `json:"states,omitempty"`

type LicenseIndexerInfo

type LicenseIndexerInfo struct {
	Indexer string      `json:"indexer"`
	Error   error       `json:"error,omitempty"`
	Info    LicenseInfo `json:"info,omitempty"`

type LicenseIndexerStatus

type LicenseIndexerStatus struct {
	Indexer  string `json:"indexer"`
	Serviced bool   `json:"ready"`
	Error    string `json:"error,omitempty"`

type LicenseInfo

type LicenseInfo struct {
	Version        uint64
	CustomerUUID   string `json:",omitempty"`
	CustomerNumber uint64
	Expiration     entry.Timestamp
	Type           LicenseType
	//MaxNodes is either maximum machines for cluster type, or sockets for single type
	MaxNodes  uint32
	Overrides FeatureOverride
	Metadata  []byte
	NFR       bool //non-commercial license override
	Hash      []byte

A LicenseInfo block represents the overall configuration for a license - the type, customer information, expiration, etc.

func (LicenseInfo) CBACEnabled added in v3.8.20

func (li LicenseInfo) CBACEnabled() bool

func (LicenseInfo) Features added in v3.8.20

func (li LicenseInfo) Features() Features

func (LicenseInfo) Get

func (li LicenseInfo) Get(key string) (val interface{}, err error)

func (LicenseInfo) NoStatsEnabled added in v3.8.20

func (li LicenseInfo) NoStatsEnabled() bool

func (LicenseInfo) OverwatchEnabled added in v3.8.20

func (li LicenseInfo) OverwatchEnabled() bool

func (LicenseInfo) ReplicationEnabled

func (li LicenseInfo) ReplicationEnabled() bool

func (LicenseInfo) SKU

func (li LicenseInfo) SKU() string

SKU is <version><license type><max nodes>

func (LicenseInfo) SSOEnabled

func (li LicenseInfo) SSOEnabled() bool

func (LicenseInfo) Serial

func (li LicenseInfo) Serial() string

Serial number is a hex string composed of the following <cust number>-<version>-<license type><max nodes>-<expiration>

func (LicenseInfo) UnlimitedCPUEnabled added in v3.8.20

func (li LicenseInfo) UnlimitedCPUEnabled() bool

func (LicenseInfo) UnlimitedIngestEnabled added in v3.8.20

func (li LicenseInfo) UnlimitedIngestEnabled() bool

func (LicenseInfo) Validate

func (li LicenseInfo) Validate() error

Validate ensures the license info is valid.

type LicenseType

type LicenseType uint64

func ParseType

func ParseType(c string) (LicenseType, error)

func (LicenseType) Abbr

func (lt LicenseType) Abbr() string

func (LicenseType) AllFeatures

func (lt LicenseType) AllFeatures() (r bool)

func (LicenseType) MarshalJSON

func (lt LicenseType) MarshalJSON() ([]byte, error)

func (LicenseType) SingleNode

func (lt LicenseType) SingleNode() (r bool)

func (LicenseType) String

func (lt LicenseType) String() string

func (*LicenseType) UnmarshalJSON

func (lt *LicenseType) UnmarshalJSON(v []byte) error

func (LicenseType) Valid

func (lt LicenseType) Valid() bool

type LicenseUpdateError

type LicenseUpdateError struct {
	Name string
	Err  string

structure for license updates and warnings

type LicenseUsage added in v3.8.12

type LicenseUsage struct {
	Unlimited bool                 // license is unlimited, nothing else will be here
	Quota     uint64               // license ingest limitation
	Used      uint64               // license ingest usage
	Entries   uint64               // total count of entries (does not impact license)
	History   []LicenseUsageBucket `json:",omitempty"`
	Error     error                `json:",omitempty"`

LicenseUsage is the data structure that is handed back to indicate how much of a license quota is used and what the usage looks like over the rolling windows. Unlimited licenses will return Unlimited = true with everything else empty

type LicenseUsageBucket added in v3.8.12

type LicenseUsageBucket struct {
	Start time.Time //start of this bucket
	End   time.Time //end of this bucket
	Size  uint64    //ingest bucket size
	Count uint64    //ingest bucket count

LicenseUsageBucket is a time bucket of license quota activity A typical license tracks a 24 hour rolling window with 1 hour buckets Unlimited licenses do not track ingest at all

type LicenseUsageReport added in v3.8.12

type LicenseUsageReport struct {
	Unlimited bool                    //every single reporting indexer has unlimited ingest OR an error, nothing to report
	Indexers  map[string]LicenseUsage `json:",omitempty"` // if all indexers are unlimited this won't bbe included at all

LicenseUsageReport is the meta structure that contains all the license tracking data for potentially many indexers The typical use cases are a single cluster with unlimited ingest, a single indexer with unlimited ingest, or a single indexer with limited ingest however, overwatch topologies may have mixed licensing across the indexers

type Location

type Location struct {
	Lat  float64
	Long float64

func (*Location) Decode

func (loc *Location) Decode(v []byte) bool

func (Location) Encode

func (loc Location) Encode() (v []byte)

func (Location) String

func (loc Location) String() string

func (Location) Valid

func (loc Location) Valid() bool

type LogLevel

type LogLevel struct {
	Level string

type LoggingLevels

type LoggingLevels struct {
	Levels  []string
	Current string

func (*LoggingLevels) MarshalJSON

func (m *LoggingLevels) MarshalJSON() ([]byte, error)

type LoginRequest

type LoginRequest struct {
	User string
	Pass string

type LoginResponse

type LoginResponse struct {
	LoginStatus bool
	Reason      string `json:",omitempty"`
	Admin       bool   `json:",omitempty"`
	JWT         string `json:",omitempty"`

type ModuleHint

type ModuleHint struct {
	Name            string
	ProducedEVs     []string
	ConsumedEVs     []string
	ResourcesNeeded []string
	Condensing      bool

ModuleHint contain "hints" about modules, populated during the init and parse phase. Hints contain information such as what enumerated values are used and produced and what resources are needed by a given module.

type ModuleStatsUpdate

type ModuleStatsUpdate struct {
	InputCount, OutputCount uint64
	InputBytes, OutputBytes uint64
	Duration                time.Duration

func (*ModuleStatsUpdate) Add added in v3.8.17

func (*ModuleStatsUpdate) AddIn

func (sms *ModuleStatsUpdate) AddIn(count, bts uint64)

func (*ModuleStatsUpdate) AddOut

func (sms *ModuleStatsUpdate) AddOut(count, bts uint64)

func (ModuleStatsUpdate) Equal

func (*ModuleStatsUpdate) Size

func (m *ModuleStatsUpdate) Size() (sz int64)

type NetworkUsage

type NetworkUsage struct {
	Up   uint64
	Down uint64

type Node

type Node struct {
	Name  string `json:"name"`
	Group int    `json:"group"`

type NodeParseError added in v3.8.6

type NodeParseError struct {
	Err   string
	Field string `json:",omitempty"`

NodeParseError represents a single problem encountered during the parse phase, e.g. an un-set config field. Field represents which config field, if any, was the source of the problem; if unset, the error was of a more general nature.

func (NodeParseError) Error added in v3.8.6

func (f NodeParseError) Error() string

func (NodeParseError) String added in v3.8.6

func (f NodeParseError) String() string

type NodeParseFailure added in v3.8.6

type NodeParseFailure struct {
	Errors []NodeParseError

NodeParseFailure represents all problems encountered during a node's Parse phase

func (*NodeParseFailure) AddError added in v3.8.6

func (f *NodeParseFailure) AddError(e error)

AddError registers a new error. It can take regular errors, NodeParseError, or NodeParseFailure.

func (*NodeParseFailure) ErrCount added in v3.8.6

func (f *NodeParseFailure) ErrCount() int

ErrCount returns the number of errors registered.

func (NodeParseFailure) Error added in v3.8.6

func (f NodeParseFailure) Error() string

Error returns an error string for the NodeParseFailure. It just returns the first error if there are multiple errors; to handle it better, walk the Errors array yourself.

type Notification

type Notification struct {
	UID         int32
	GID         int32
	Sender      int32     //who sent it
	Type        uint32    //ID which specifies the type of notification
	Broadcast   bool      //was this a broadcast to multiple users
	Sent        time.Time //when was it sent
	Expires     time.Time //when does it expire
	IgnoreUntil time.Time //Don't display until after this time
	Msg         string
	Origin      uuid.UUID // which device sent it (currently only used on indexers)
	Level       string    `json:",omitempty"` //generic keyword indicating how bad this notification is
	Link        string    `json:",omitempty"`

func (*Notification) Expired

func (n *Notification) Expired() bool

type NotificationAction

type NotificationAction uint32
var (
	SetBackendNotification   NotificationAction = 0
	ClearBackendNotification NotificationAction = 1

type NotificationSet

type NotificationSet map[uint64]Notification

type OverviewStatSet

type OverviewStatSet struct {
	Count uint64
	Bytes uint64
	TS    entry.Timestamp

type OverviewStats added in v3.8.23

type OverviewStats struct {
	//indicates where in the search span the query currently is, can be used for progress
	SearchPosition entry.Timestamp
	//indicates if the search is finished
	Finished bool
	// Indicates that the query results exceeded the on-disk storage limits.
	OverLimit bool
	// Indicates the range of entries that were dropped due to storage limits.
	LimitDroppedRange TimeRange
	// For some renderers, the EntryCount accurately represents the total
	// number of results available. This field is set to 'true' in that case,
	// meaning the EntryCount number can be displayed alongside the results
	// without confusion.
	EntryCountValid bool
	Stats           []OverviewStatSet `json:",omitempty"`

type P2PRequest

type P2PRequest struct {
	Fence Geofence `json:",omitempty"`

type P2PResponse

type P2PResponse struct {
	ValueNames []string
	Entries    []P2PValue `json:",omitempty"`

type P2PValue

type P2PValue struct {
	Src       Location
	Dst       Location
	Magnitude float64  `json:",omitempty"`
	Values    []string `json:",omitempty"`

type PackedPivot

type PackedPivot struct {
	UUID        string
	Name        string
	Description string
	Data        RawObject
	Labels      []string

type used for pivots in packages

func (*PackedPivot) JSONMetadata

func (put *PackedPivot) JSONMetadata() (json.RawMessage, error)

type PackedUserTemplate

type PackedUserTemplate struct {
	UUID        string
	Name        string
	Description string
	Data        TemplateContents
	Labels      []string

type used for templates in packages

func (*PackedUserTemplate) JSONMetadata

func (put *PackedUserTemplate) JSONMetadata() (json.RawMessage, error)

func (*PackedUserTemplate) UnmarshalJSON added in v3.7.6

func (t *PackedUserTemplate) UnmarshalJSON(data []byte) error

type ParseSearchRequest

type ParseSearchRequest struct {
	SearchString string
	Sequence     uint64
	Filters      []FilterRequest

type ParseSearchResponse

type ParseSearchResponse struct {
	Sequence    uint64
	GoodQuery   bool
	ParseError  string `json:",omitempty"`
	ParsedQuery string `json:",omitempty"`
	RawQuery    string `json:",omitempty"`
	ModuleIndex int

type PingReq

type PingReq struct {
	X error `json:",omitempty"`

type Pivot

type Pivot struct {
	GUID        uuid.UUID
	Name        string
	Description string
	Contents    RawObject
	Labels      []string
	Disabled    bool

Pivot is what is stored in the "thing" object, it is encoded into Contents

func (Pivot) Pack

func (t Pivot) Pack() (put PackedPivot)

func (Pivot) WirePivot

func (pivot Pivot) WirePivot(thing Thing) WirePivot

type Playbook

type Playbook struct {
	UUID        uuid.UUID
	GUID        uuid.UUID // global identifier, used to uniquely identify a playbook rather than as a key in the webstore. Sorry.
	UID         int32
	GIDs        []int32
	Global      bool
	Name        string
	Desc        string
	Body        []byte `json:",omitempty"`
	Metadata    []byte `json:",omitempty"`
	Labels      []string
	LastUpdated time.Time
	Author      AuthorInfo
	Synced      bool

Playbook configuration, including ownership, description, etc., as well as the playbook content.

func (Playbook) JSONMetadata

func (pb Playbook) JSONMetadata() (json.RawMessage, error)

type PointmapKV

type PointmapKV struct {
	Key   string
	Value string

func (PointmapKV) IsEmpty

func (pkv PointmapKV) IsEmpty() bool

func (PointmapKV) MarshalJSON

func (pkv PointmapKV) MarshalJSON() (r []byte, err error)

type PointmapRequest

type PointmapRequest struct {
	Fence Geofence `json:",omitempty"`

type PointmapResponse

type PointmapResponse struct {
	Entries []PointmapValue `json:",omitempty"`

type PointmapValue

type PointmapValue struct {
	Loc      Location
	Metadata []PointmapKV `json:",omitempty"`

type RawEnumeratedValue

type RawEnumeratedValue struct {
	Type uint16
	Data []byte

func (RawEnumeratedValue) String added in v3.8.6

func (rev RawEnumeratedValue) String() string

type RawObject

type RawObject json.RawMessage

func (RawObject) MarshalJSON

func (o RawObject) MarshalJSON() ([]byte, error)

marshalling and handlers for our raw object type

func (RawObject) String

func (o RawObject) String() string

func (*RawObject) UnmarshalJSON

func (o *RawObject) UnmarshalJSON(buff []byte) error

type RawRequest

type RawRequest struct {

type RawResponse

type RawResponse struct {
	Entries []SearchEntry   `json:",omitempty"`
	Explore []ExploreResult `json:",omitempty"`

func (RawResponse) MarshalJSON

func (rr RawResponse) MarshalJSON() ([]byte, error)

type RenderModuleInfo

type RenderModuleInfo struct {
	Name        string
	Description string
	Examples    []string

func (*RenderModuleInfo) MarshalJSON

func (m *RenderModuleInfo) MarshalJSON() ([]byte, error)

type ReplicationState

type ReplicationState struct {
	UUID    uuid.UUID
	Entries uint64
	Size    uint64

type ResourceContentType

type ResourceContentType struct {
	ContentType string
	Body        []byte

type ResourceList

type ResourceList struct {
	List   []ResourceMetadata
	Domain int16

This is used for client->server resource sync operations, basically "I am a webserver from domain <Domain>, here's what I have (<List>), delete anything in my domain that's not on the list".

type ResourceMetadata

type ResourceMetadata struct {
	UID           int32     // owner
	GUID          string    // unique ID for this resource
	Domain        int16     // The webserver domain of this resource. Only webservers in this domain can access it.
	LastModified  time.Time // time resource was modified, including metadata
	VersionNumber int       // resource version #, increment at each Write
	GroupACL      []int32   // GIDs which can access the resource
	Global        bool      // if Global is set, any user can read the resource.
	ResourceName  string
	Description   string
	Size          uint64
	Hash          []byte
	Synced        bool     // Set to true if this version is on the datastore, false otherwise
	Labels        []string // the backend doesn't really care about these, it's the GUI's problem

func (ResourceMetadata) Equal

func (m1 ResourceMetadata) Equal(m2 ResourceMetadata) bool

Equal returns true of both ResourceMetadata objects are identical.

func (ResourceMetadata) String

func (m ResourceMetadata) String() string

type ResourceUpdate

type ResourceUpdate struct {
	Metadata ResourceMetadata
	Data     []byte
	// contains filtered or unexported fields

func (*ResourceUpdate) Bytes added in v3.8.1

func (ru *ResourceUpdate) Bytes() (b []byte)

Bytes returns a byte slice no matter what the underlying storage is if the ResourceUpdate is using a readCloser then it performs a complete read and returns a byte slice. If the reader points to a large resource this may require significant resources

func (*ResourceUpdate) Close added in v3.8.1

func (ru *ResourceUpdate) Close()

Close is a safe method to make sure that ReadClosers and Byte Buffers are wiped out

func (*ResourceUpdate) SetStream added in v3.8.1

func (ru *ResourceUpdate) SetStream(rc io.ReadCloser)

SetStream will set the resource update to use a read closer instead of static bytes we do not export the ReadCloser because gob can't handle it

func (*ResourceUpdate) Stream added in v3.8.1

func (ru *ResourceUpdate) Stream() io.Reader

Stream generates a io.Reader from either the underlying reader or the Data byte slice

type RespError

type RespError struct {
	Error string `json:",omitempty"`

type SSOStatus added in v3.8.5

type SSOStatus struct {
	Enabled bool `json:"enabled"`

type ScheduledError added in v3.8.16

type ScheduledError struct {
	Error     string
	Timestamp time.Time

type ScheduledSearch

type ScheduledSearch struct {
	Synced      bool
	ID          int32
	GUID        uuid.UUID
	Groups      []int32
	Global      bool
	Name        string // the name of this scheduled search
	Description string // freeform description
	Labels      []string
	Owner       int32  // uid of owner
	Schedule    string // when to run: a cron spec
	Timezone    string // a location to use for the timezone, e.g. "America/New_York"
	Updated     time.Time
	Disabled    bool

	// These values are used for debug/testing runs
	OneShot    bool   // Set this flag to 'true' to make the search fire ONCE
	DebugMode  bool   // set this to true to enable debug mode
	DebugEvent *Event // If provided, this will be inserted as `event` into the flow payload.

	// if true, search agent will attempt to "backfill" missed runs since
	// the more recent of Updated or LastRun.
	BackfillEnabled bool

	// This sets what kind of scheduled "thing" it is: search, script, or flow
	ScheduledType string

	// Fields for scheduled searches
	SearchString       string // The actual search to run
	Duration           int64  // How many seconds back to search, MUST BE NEGATIVE
	SearchSinceLastRun bool   // If set, ignore Duration and run from last run time to now.
	TimeframeOffset    int64  // How many seconds to offset the search timeframe, MUST BE NEGATIVE.

	// For scheduled scripts
	Script         string     // If set, execute the contents rather than running SearchString
	ScriptLanguage ScriptLang // what script type is this: anko, go

	// For scheduled flows
	Flow            string                 // The flow specification itself
	FlowNodeResults map[int]FlowNodeResult // results for each node in the flow

	// These fields are updated by the search agent after it runs a search
	PersistentMaps  map[string]map[string]interface{}
	LastRun         time.Time
	LastRunDuration time.Duration    // how many nanoseconds did it take
	LastSearchIDs   []string         // the IDs of the most recently performed searches
	LastError       string           // any error from the last run of the scheduled search
	ErrorHistory    []ScheduledError // a list of previously-occurring errors
	DebugOutput     []byte           // output of the script if debugmode was enabled

ScheduledSearch represents a scheduled search, including rules, description, etc.

func (*ScheduledSearch) Dedup

func (ss *ScheduledSearch) Dedup()

func (ScheduledSearch) Equal

func (*ScheduledSearch) TypeName

func (ss *ScheduledSearch) TypeName() string

type ScheduledSearchParseRequest

type ScheduledSearchParseRequest struct {
	Version int
	Script  string

type ScheduledSearchParseResponse

type ScheduledSearchParseResponse struct {
	OK          bool
	Error       string `json:",omitempty"`
	ErrorLine   int
	ErrorColumn int

type ScriptDeployConfig

type ScriptDeployConfig struct {
	Disabled       bool
	RunImmediately bool

type ScriptLang added in v3.8.3

type ScriptLang uint

func ParseScriptLang added in v3.8.3

func ParseScriptLang(v string) (l ScriptLang, err error)

func (ScriptLang) String added in v3.8.3

func (sl ScriptLang) String() string

func (ScriptLang) Valid added in v3.8.3

func (sl ScriptLang) Valid() (err error)

type SearchAgentConfig

type SearchAgentConfig struct {
	Searchagent_UUID                 string
	Webserver_Address                []string
	Insecure_Skip_TLS_Verify         bool
	Insecure_Use_HTTP                bool
	Search_Agent_Auth                string
	Scratch_Path                     string
	Max_Script_Run_Time              int64 // minutes!
	Log_File                         string
	Log_Level                        string
	Disable_Network_Script_Functions bool // disables "risky" scripting functions (network stuff)
	Disable_Self_Ingest              bool // disables ingesting search agent logs to indexers
	HTTP_Proxy                       string

type SearchCtrlStatus

type SearchCtrlStatus struct {
	ID              string
	UID             int32
	GID             int32
	State           string
	AttachedClients int
	StoredData      int64

type SearchEntry

type SearchEntry struct {
	TS         entry.Timestamp
	SRC        net.IP
	Tag        entry.EntryTag
	Data       []byte
	Enumerated []EnumeratedPair

Search entry is the entry that makes it out of the search pipeline.

func (SearchEntry) Equal

func (se SearchEntry) Equal(v SearchEntry) bool

Return true if both SearchEntry objects are equal.

func (SearchEntry) GetEnumerated

func (se SearchEntry) GetEnumerated(name string) (val string, ok bool)

Return the string representation of an enumerated value in a SearchEntry.

func (SearchEntry) String added in v3.8.6

func (se SearchEntry) String() string

String implements the Stringer interface

type SearchHints

type SearchHints struct {
	CollapsingIndex  int      // index of the first collapsed module
	RenderModule     string   `json:",omitempty"`
	TimeZoomDisabled bool     //Renderer does not support zooming around data based on time
	Tags             []string //the tags involved in the search
	ModuleHints      []ModuleHint

type SearchInfo

type SearchInfo struct {
	ID                    string          //ID of the search
	UID                   int32           //UID of the user that actually kicked off the search
	GID                   int32           `json:",omitempty"` //Group ID the search was assigned to
	UserQuery             string          //query provided by the user on search
	EffectiveQuery        string          //the effective query that was actually used
	StartRange            time.Time       //start time range
	EndRange              time.Time       //end time range
	Descending            bool            //the direction the search is progressing (Descending is the standard)
	Started               time.Time       //time when the search was kicked off
	LastUpdate            time.Time       //last timestamp we saw (tells us where indexers are working)
	Duration              time.Duration   //Amount of time required to complete the search
	StoreSize             int64           //size of the main storage file
	IndexSize             int64           //size of an extra index file
	ItemCount             int64           //How many items have been stored
	TimeZoomDisabled      bool            //Renderer does not support zooming around data based on time
	RenderDownloadFormats []string        `json:",omitempty"`
	Metadata              json.RawMessage `json:",omitempty"` //additional metadata associated with a search
	Name                  string          `json:",omitempty"`
	CollapsingIndex       int
	NoHistory             bool // set to true if this search was launched with the "no history" flag, typically means it is an automated search.
	Background            bool // set to true if this search has been marked as backgrounded.
	MinZoomWindow         uint // what is the smallest minimum zoom window in seconds
	Tags                  []string
	Import                ImportInfo `json:",omitempty"` //information attached if there this search is saved and from an external import
	// Preview indicates that this search is a preview search
	// this means that the query most likely did not cover the entire time range that was originally requested
	// A preview search is used when a user is trying to understand what they have or establish AX relationships
	Preview bool

SearchInfo contains information about a search, including the search parameters, status, and metadata.

func (SearchInfo) MarshalJSON

func (si SearchInfo) MarshalJSON() ([]byte, error)

custom Marshallers

func (SearchInfo) StorageSize

func (si SearchInfo) StorageSize() int64

func (*SearchInfo) UnmarshalJSON

func (si *SearchInfo) UnmarshalJSON(data []byte) error

type SearchLibrary

type SearchLibrary struct {
	Name        string
	Description string
	Query       string `json:",omitempty"`
	GUID        uuid.UUID
	Labels      []string  `json:",omitempty"`
	Metadata    RawObject `json:",omitempty"`

SearchLibrary is a structure to store a search string and optional set of info The GUI uses this to build up a search library with info about a search

func (SearchLibrary) Equal

func (psl SearchLibrary) Equal(other SearchLibrary) (ok bool)

func (SearchLibrary) JSONMetadata

func (sl SearchLibrary) JSONMetadata() (json.RawMessage, error)

type SearchLog

type SearchLog struct {
	UID            int32  //who started the search
	GID            int32  //what group the search was assigned to, if any
	UserQuery      string //what the user actually typed
	EffectiveQuery string //what was actually run
	Launched       time.Time
	Synced         bool

func (SearchLog) Equal

func (sl SearchLog) Equal(v SearchLog) bool

type SearchMacro

type SearchMacro struct {
	ID          uint64
	UID         int32
	GIDs        []int32
	Global      bool
	Name        string
	Description string
	Expansion   string
	Labels      []string
	LastUpdated time.Time
	Synced      bool

type SearchMetadata

type SearchMetadata struct {
	ValueStats  []SearchMetadataEntry `json:",omitempty"`
	SourceStats []SourceMetadataEntry `json:",omitempty"`
	TagStats    map[string]uint       `json:",omitempty"`

type SearchMetadataEntry

type SearchMetadataEntry struct {
	Name   string
	Type   string
	Number SearchMetadataNumber `json:",omitempty"`
	Raw    SearchMetadataRaw    `json:",omitempty"`

type SearchMetadataNumber

type SearchMetadataNumber struct {
	Count uint
	Min   float64
	Max   float64

type SearchMetadataRaw

type SearchMetadataRaw struct {
	Map   map[string]uint
	Other uint

type SearchModuleInfo

type SearchModuleInfo struct {
	Name         string
	Info         string
	Examples     []string
	Collapsing   func(string) bool `json:"-"`
	FrontendOnly bool              // true if this module MUST run on frontend (anko)
	Sorting      bool

type SearchModuleStats

type SearchModuleStats struct {
	Name, Args string
	// contains filtered or unexported fields

func (SearchModuleStats) Equal

func (SearchModuleStats) JSON

func (sms SearchModuleStats) JSON() ([]byte, error)

func (*SearchModuleStats) ResetCounters

func (s *SearchModuleStats) ResetCounters()

func (*SearchModuleStats) Size

func (s *SearchModuleStats) Size() int64

type SearchModuleStatsUpdate

type SearchModuleStatsUpdate struct {
	Stats []SearchModuleStats
	TS    entry.Timestamp

func (*SearchModuleStatsUpdate) Add

func (*SearchModuleStatsUpdate) AddUpdate

func (s *SearchModuleStatsUpdate) AddUpdate(mu []ModuleStatsUpdate) error

func (*SearchModuleStatsUpdate) Append

func (SearchModuleStatsUpdate) Copy

func (*SearchModuleStatsUpdate) CopyZero

CopyZero hands back a SearchModuleStatsUpdate structure zeroed out with ONLY the TS and the module names we use this for one-off search modules that relay stats in a strange manner due to condensing

func (*SearchModuleStatsUpdate) IsNull

func (s *SearchModuleStatsUpdate) IsNull() bool

func (*SearchModuleStatsUpdate) MarshalJSON

func (m *SearchModuleStatsUpdate) MarshalJSON() ([]byte, error)

func (*SearchModuleStatsUpdate) ResetCounters

func (s *SearchModuleStatsUpdate) ResetCounters()

func (*SearchModuleStatsUpdate) Size

func (s *SearchModuleStatsUpdate) Size() (sz int64)

type SearchSessionIntervalUpdate added in v3.8.23

type SearchSessionIntervalUpdate struct {
	Interval uint

type SearchStatsRequest

type SearchStatsRequest struct {
	SetCount int64           `json:",omitempty"`
	SetStart entry.Timestamp `json:",omitempty"`
	SetEnd   entry.Timestamp `json:",omitempty"`
	Addendum json.RawMessage `json:",omitempty"`

func (SearchStatsRequest) MarshalJSON

func (ssr SearchStatsRequest) MarshalJSON() ([]byte, error)

type SearchStatsResponse

type SearchStatsResponse struct {
	Addendum    json.RawMessage   `json:",omitempty"`
	RangeStart  entry.Timestamp   `json:",omitempty"`
	RangeEnd    entry.Timestamp   `json:",omitempty"`
	Current     entry.Timestamp   `json:",omitempty"`
	Set         []StatSet         `json:",omitempty"`
	OverviewSet []OverviewStatSet `json:",omitempty"`
	Size        int               `json:",omitempty"`

func (SearchStatsResponse) MarshalJSON

func (ssr SearchStatsResponse) MarshalJSON() ([]byte, error)

type Secret added in v3.8.8

type Secret struct {
	ID      uuid.UUID `json:"id"`
	Name    string    `json:"name"`
	Desc    string    `json:"description"`
	UID     int32     `json:"uid"`
	Groups  []int32   `json:"groups,omitempty"`
	Global  bool      `json:"global"`
	Created time.Time `json:"created"`

Secret is the metadata associated with a secret, it contains ownership information but not the associated value

type SecretCreate added in v3.8.8

type SecretCreate struct {
	Name   string  `json:"name"`
	Desc   string  `json:"description"`
	Groups []int32 `json:"groups,omitempty"`
	Global bool    `json:"global"`
	Value  string  `json:"value"`

SecretCreate is the structure used to ask the API to make a new secret, only the request parameters are present

type SecretFull added in v3.8.8

type SecretFull struct {
	Value string `json:"value"`

SecretFull represents the full secret including its value. This type is not sent through any traditional APIs

type Session

type Session struct {
	ID          uint64 `json:",omitempty"`
	JWT         string `json:",omitempty"`
	UID         int32  `json:",omitempty"`
	Origin      net.IP
	LastHit     time.Time
	UDets       *UserDetails `json:",omitempty"`
	TempSession bool
	Synced      bool

AuthSession contains all the information needed to authenticate.

func DecodeSession

func DecodeSession(b []byte) (*Session, error)

func (*Session) Encode

func (s *Session) Encode() ([]byte, error)

type ShardInfo

type ShardInfo struct {
	Name        string
	Start       time.Time
	End         time.Time
	Entries     uint64           //number of entries in the shard
	Size        uint64           //raw size of data in the shard
	Stored      uint64           //actual disk usage of the shard
	RemoteState ReplicationState `json:",omitempty"`
	Cold        bool             //true if the shard is in the code storage

func (ShardInfo) MarshalJSON added in v3.8.2

func (si ShardInfo) MarshalJSON() ([]byte, error)

custom marshaller to deal with the fact that the json marshaller can't handle the "empty" uuid value

type SortableSearchLog

type SortableSearchLog []SearchLog

func (SortableSearchLog) Len

func (s SortableSearchLog) Len() int

func (SortableSearchLog) Less

func (s SortableSearchLog) Less(i, j int) bool

func (SortableSearchLog) Swap

func (s SortableSearchLog) Swap(i, j int)

type SourceMetadataEntry

type SourceMetadataEntry struct {
	IP    string
	Count uint

type SourcedKitItem

type SourcedKitItem struct {
	KitID      string
	KitVersion uint
	KitName    string

SourcedKitItem is wraps a KitItem with additional information regarding the kit's version and origin.

type StackGraphRequest

type StackGraphRequest struct {

type StackGraphResponse

type StackGraphResponse struct {
	Entries []StackGraphSet

type StackGraphSet

type StackGraphSet struct {
	Key    string
	Values []StackGraphValue

func (*StackGraphSet) Magnitude

func (sgs *StackGraphSet) Magnitude() (v int64)

type StackGraphValue

type StackGraphValue struct {
	Label string
	Value int64

type StartSearchAck

type StartSearchAck struct {
	Ok                   bool
	OutputSearchSubproto string `json:",omitempty"`
	OutputStatsSubproto  string `json:",omitempty"`

Once a search has begin, an ACK is sent.

type StartSearchRequest

type StartSearchRequest struct {
	SearchString string
	SearchStart  string
	SearchEnd    string
	Background   bool
	NoHistory    bool `json:",omitempty"`
	//Preview indicates that the renderer should only capture enough to show some usage of data
	//A raw, text, hex renderer will grab a few hundred or thousand entries
	//charts will grab enough to draw something useful
	//everything else will get "enough"
	Preview bool `json:",omitempty"`
	//NonTemporal is used to hint that we do not want this query to be temporal IF POSSIBLE
	//some queries cannot respect this, but things like table and some charts can
	NonTemporal bool            `json:",omitempty"`
	Metadata    json.RawMessage `json:",omitempty"`
	Addendum    json.RawMessage `json:",omitempty"`
	Name        string          `json:",omitempty"`
	Filters     []FilterRequest

StartSearchRequest represents a search that is sent to the search controller in the webserver.

type StartSearchResponse

type StartSearchResponse struct {
	Error string `json:",omitempty"`
	// what the user typed
	RawQuery string `json:",omitempty"`
	//what the actual search being processed is after attaching render module
	SearchString         string          `json:",omitempty"`
	RenderModule         string          `json:",omitempty"`
	RenderCmd            string          `json:",omitempty"`
	OutputSearchSubproto string          `json:",omitempty"`
	SearchID             string          `json:",omitempty"`
	SearchStartRange     time.Time       `json:",omitempty"`
	SearchEndRange       time.Time       `json:",omitempty"`
	Background           bool            `json:",omitempty"`
	NonTemporal          bool            `json:",omitempty"`
	CollapsingIndex      int             // index of the first collapsed module
	Metadata             json.RawMessage `json:",omitempty"`
	Addendum             json.RawMessage `json:",omitempty"`

The webserver responds yay/nay plus new subprotocols if the search is valid. SearchStartRange and SearchEndRange should be strings in RFC3339Nano format

type StatSet

type StatSet struct {
	Stats []SearchModuleStats
	TS    entry.Timestamp
	// contains filtered or unexported fields

func (*StatSet) Add

func (ss *StatSet) Add(s *StatSet)

func (*StatSet) AddParts

func (ss *StatSet) AddParts(ts entry.Timestamp, stats []SearchModuleStats)

func (*StatSet) AddStats

func (ss *StatSet) AddStats(stats []SearchModuleStats)

func (*StatSet) MarshalJSON

func (m *StatSet) MarshalJSON() ([]byte, error)

func (*StatSet) Populated

func (ss *StatSet) Populated() bool

type StatsRequest

type StatsRequest struct {

We have a generic StatsRequest type that ONLY implements the BaseRequest. This is so that clients can ask about stats without knowing about specific renderers.

type StatsResponse

type StatsResponse struct {

type StatsUpdate

type StatsUpdate struct {
	Stats    *SearchModuleStatsUpdate
	ClientID string

type StoredBuildRequest

type StoredBuildRequest struct {
	UID int32
	BuildDate time.Time

this is what we store in the datastore

type StringTagEntry

type StringTagEntry struct {
	TS         time.Time
	Tag        string
	SRC        net.IP
	Data       []byte
	Enumerated []EnumeratedPair

Used for scripting and ingesting entries via the webserver.

func (StringTagEntry) Equal

func (se StringTagEntry) Equal(v StringTagEntry) bool

Return true if both StringTagEntry objects are equal.

func (StringTagEntry) GetEnumerated

func (se StringTagEntry) GetEnumerated(name string) (val string, ok bool)

Return the string representation of an enumerated value in a StringTagEntry.

func (StringTagEntry) String added in v3.8.6

func (se StringTagEntry) String() string

String implements the fmt.Stringer

type SysDescResp

type SysDescResp struct {
	Error        string             `json:",omitempty"`
	Descriptions map[string]SysInfo `json:",omitempty"`

SysDescResp contains a map of SysInfo (used in the System Overview) objects for each connected system in a Gravwell deployment.

type SysInfo

type SysInfo struct {
	VirtSystem    string `json:",omitempty"` // e.g. "kvm" or "xen"
	VirtRole      string `json:",omitempty"` // "host" or "guest"
	CPUCount      int    `json:",omitempty"`
	CPUModel      string `json:",omitempty"`
	CPUMhz        string `json:",omitempty"`
	CPUCache      string `json:",omitempty"`
	TotalMemoryMB uint64 `json:",omitempty"`
	SystemVersion string `json:",omitempty"`
	Error         string `json:",omitempty"`

System information as displayed in the System Overview in Gravwell.

func (SysInfo) Empty

func (si SysInfo) Empty() bool

func (SysInfo) MarshalJSON

func (si SysInfo) MarshalJSON() ([]byte, error)

type SysStatResponse

type SysStatResponse struct {
	Error string              `json:",omitempty"`
	Stats map[string]SysStats `json:",omitempty"`

type SysStats

type SysStats struct {
	Error string        `json:",omitempty"`
	Stats *HostSysStats `json:",omitempty"`

type TableRequest

type TableRequest struct {

type TableResponse

type TableResponse struct {
	Entries TableValueSet

type TableRow

type TableRow struct {
	TS  entry.Timestamp
	Row []string

func (TableRow) MarshalJSON

func (r TableRow) MarshalJSON() ([]byte, error)

type TableRowSet

type TableRowSet []TableRow

type TableValueSet

type TableValueSet struct {
	Columns []string
	Rows    TableRowSet

func (*TableValueSet) Compare

func (t *TableValueSet) Compare(u *TableValueSet) (cols bool, rows bool, idx int)

Compare a table to this one. Return false on cols/rows if they do not match. If rows do not match, idx will have the index of the first offending row.

func (TableValueSet) MarshalJSON

func (t TableValueSet) MarshalJSON() ([]byte, error)

type TagAccess

type TagAccess struct {
	Grants []string //Grants specify tag names and/or globbing patterns which represent allowed tags

TagAccess is the structure that holds a set of grants to tags. a Grant can be a specific tag name or a globbing patttern

func AllTagAccess added in v3.8.20

func AllTagAccess() TagAccess

func (TagAccess) MarshalJSON added in v3.8.20

func (ta TagAccess) MarshalJSON() ([]byte, error)

func (*TagAccess) Validate

func (ta *TagAccess) Validate() (err error)

Validate walks all tags in a TagAccess object, ensuring they meet all length and formatting rules:

  1. Length cannot be greater than 4096 characters.
  2. The tag cannot contain any of the following characters: !@#$%^&*()=+<>,.:;`\"'{[}]|
  3. You cannot specify more than 65536 tags.

type TemplateContents added in v3.7.4

type TemplateContents struct {
	Query     string             `json:"query,omitempty"`
	Variables []TemplateVariable `json:"variables"`

TemplateContents is what goes in the template's Contents field. This is entirely the domain of the GUI.

type TemplateVariable added in v3.7.4

type TemplateVariable struct {
	Name         string `json:"name"`
	Label        string `json:"label"`
	Description  string `json:"description"`
	Required     bool   `json:"required"`
	DefaultValue string `json:"defaultValue"`
	PreviewValue string `json:"previewValue"`

type TextRequest

type TextRequest struct {

type TextResponse

type TextResponse struct {
	Entries []SearchEntry   `json:",omitempty"`
	Explore []ExploreResult `json:",omitempty"`

func (TextResponse) MarshalJSON

func (tr TextResponse) MarshalJSON() ([]byte, error)

type Thing

type Thing struct {
	UUID     uuid.UUID
	UID      int32
	GIDs     []int32
	Global   bool
	Contents []byte

	Updated time.Time
	Synced  bool

Things are stored in the datastore, a common class of blobs.

func (*Thing) Decode

func (t *Thing) Decode(v []byte) error

func (*Thing) DecodeContents

func (t *Thing) DecodeContents(obj interface{}) error

func (*Thing) Encode

func (t *Thing) Encode() ([]byte, error)

func (*Thing) EncodeContents

func (t *Thing) EncodeContents(obj interface{}) error

func (*Thing) Header

func (t *Thing) Header() ThingHeader

type ThingHeader

type ThingHeader struct {
	ThingUUID uuid.UUID `json:",omitempty"`
	UID       int32
	GIDs      []int32 `json:",omitempty"`
	Global    bool

type TimeRange

type TimeRange struct {
	StartTS entry.Timestamp `json:",omitempty"`
	EndTS   entry.Timestamp `json:",omitempty"`

func (*TimeRange) DecodeJSON

func (tr *TimeRange) DecodeJSON(r io.Reader) error

func (TimeRange) IsEmpty

func (tr TimeRange) IsEmpty() bool

func (*TimeRange) RoundToSecond

func (tr *TimeRange) RoundToSecond()

func (*TimeRange) Swap

func (tr *TimeRange) Swap()

func (*TimeRange) UnmarshalJSON

func (tr *TimeRange) UnmarshalJSON(d []byte) error

type Token added in v3.8.5

type Token struct {
	ID           uuid.UUID `json:"id"`
	Name         string    `json:"name"`
	Desc         string    `json:"description"`
	UID          int32     `json:"uid"`
	Created      time.Time `json:"createdAt"`
	Expires      time.Time `json:"expiresAt,omitempty"`
	Capabilities []string  `json:"capabilities"`

Token is a complete API compatible token, it contains ownership information and all capabilities associated with the token

func (Token) CapabilitiesString added in v3.8.6

func (t Token) CapabilitiesString() string

CapabilitiesString returns a human friendly space delimited list of capabilities

func (Token) Expired added in v3.8.6

func (t Token) Expired() bool

Expired returns whether a token is expired or not, if no expiration is set then the token is not expired

func (Token) ExpiresString added in v3.8.6

func (t Token) ExpiresString() string

ExpiresString returns a human friendly string of when a token expires

type TokenCreate added in v3.8.5

type TokenCreate struct {
	Name         string    `json:"name"`
	Desc         string    `json:"description"`
	Expires      time.Time `json:"expiresAt,omitempty"`
	Capabilities []string  `json:"capabilities"`

TokenCreate is the structure used to ask the API to make a new token, only the request parameters are present

type TokenFull added in v3.8.5

type TokenFull struct {
	Value string `json:"token"`

TokenFull represents the response value for a token create request this type is the only type that contains the token value and is ONLY provided when creating a new token

type TokenFullWire added in v3.8.5

type TokenFullWire struct {
	Caps []byte

TokenFullWire is the internal type for storing token values

type TokenSigningKey

type TokenSigningKey struct {
	Key        []byte
	Expiration time.Time

type UpdateUser

type UpdateUser struct {
	User   string
	Name   string
	Email  string
	Admin  bool
	Locked bool

type UserAddGroups

type UserAddGroups struct {
	GIDs []int32

func (*UserAddGroups) MarshalJSON

func (uag *UserAddGroups) MarshalJSON() ([]byte, error)

type UserBackup

type UserBackup struct {
	Groups []GroupDetails
	Users  []UserDetails

func (*UserBackup) ClearSynced

func (ub *UserBackup) ClearSynced()

type UserDefaultSearchGroup

type UserDefaultSearchGroup struct {
	GID int32

type UserDetails

type UserDetails struct {
	UID        int32
	User       string
	Name       string
	Email      string
	Admin      bool
	Locked     bool
	TS         time.Time `json:",omitempty"`
	DefaultGID int32     `json:",omitempty"`
	Groups     []GroupDetails
	Hash       []byte `json:"-"` //do not include in API responses
	Synced     bool
	CBAC       CBACRules `json:"-"` //do not include in API responses

func (*UserDetails) CanModify

func (ud *UserDetails) CanModify(uid int32) bool

CanModify returns true if the user is allowed to modify or delete something with the specified UID ownership

func (*UserDetails) CanRead

func (ud *UserDetails) CanRead(uid int32, gids []int32) bool

CanRead returns true if the user is allowed to read something with the specified UID and GID ownerships, taking into account the Admin flag on the user.

func (*UserDetails) CapabilityList added in v3.8.6

func (ud *UserDetails) CapabilityList() []CapabilityDesc

CapabilityList creates a comprehensive list of capabilities the user has access to based on their direct and group assignments

func (*UserDetails) FilterTags added in v3.8.6

func (ud *UserDetails) FilterTags(all []string) (r []string)

func (*UserDetails) GIDs

func (ud *UserDetails) GIDs() []int32

func (*UserDetails) GroupNames

func (ud *UserDetails) GroupNames() (gps []string)

func (*UserDetails) GroupTagAccess

func (ud *UserDetails) GroupTagAccess() (r []TagAccess)

func (*UserDetails) HasCapability added in v3.8.6

func (ud *UserDetails) HasCapability(c Capability) bool

HasCapability returns whether the user has access to a given capability

func (*UserDetails) HasTagAccess added in v3.8.6

func (ud *UserDetails) HasTagAccess(tg string) (allowed bool)

func (*UserDetails) InAllGroups

func (ud *UserDetails) InAllGroups(gids []int32) bool

func (*UserDetails) InGroup

func (ud *UserDetails) InGroup(gid int32) bool

func (UserDetails) MarshalJSON

func (u UserDetails) MarshalJSON() ([]byte, error)

marshaller hacks to get it to return [] on empty lists

func (*UserDetails) UserCanRead

func (ud *UserDetails) UserCanRead(uid int32, gids []int32) bool

UserCanRead returns true if the user is allowed to read something without respect to the admin, basically if owner or in groups

type UserFile

type UserFile struct {
	GUID     uuid.UUID
	Name     string
	Desc     string
	Contents []byte `json:",omitempty"`
	Labels   []string

UserFile is what is actually stored in the thing object, it is encoded into contents

func (*UserFile) Info

func (uf *UserFile) Info() (sz int64, tp string)

func (*UserFile) JSONMetadata

func (uf *UserFile) JSONMetadata() (json.RawMessage, error)

type UserFileDetails

type UserFileDetails struct {
	GUID      uuid.UUID
	ThingUUID uuid.UUID
	UID       int32
	GIDs      []int32
	Global    bool
	Size      int64  //size of the file
	Type      string //content type as determined by the http content type detector
	Name      string
	Desc      string
	Updated   time.Time
	Labels    []string

UserFileDetails is a structure that is used to relay additional ownership information about a UserFile object This structure is populated via the things metadata, and does not contain any of the contents

func (*UserFileDetails) String

func (ufd *UserFileDetails) String() string

type UserMail

type UserMail struct {
	From        string
	To          []string
	Cc          []string
	Bcc         []string
	Subject     string
	Body        string
	Attachments []UserMailAttachment

func (UserMail) Validate

func (um UserMail) Validate() error

type UserMailAttachment

type UserMailAttachment struct {
	Name    string
	Content []byte

func (UserMailAttachment) Validate

func (uma UserMailAttachment) Validate() error

type UserMailConfig

type UserMailConfig struct {
	Server             string
	Port               int
	Username           string
	Password           string
	UseTLS             bool
	InsecureSkipVerify bool

type UserPreference

type UserPreference struct {
	UID     int32
	Name    string
	Updated time.Time
	Data    []byte
	Synced  bool

type UserPreferences

type UserPreferences []UserPreference

func (UserPreferences) MarshalJSON

func (ups UserPreferences) MarshalJSON() ([]byte, error)

type UserSessions

type UserSessions struct {
	UID      int32
	User     string
	Sessions []Session

func (*UserSessions) MarshalJSON

func (s *UserSessions) MarshalJSON() ([]byte, error)

type UserTemplate

type UserTemplate struct {
	GUID        uuid.UUID
	Name        string
	Description string
	Contents    TemplateContents
	Labels      []string

UserTemplate is what is stored in the "thing" object, it is encoded into Contents

func (UserTemplate) Pack

func (t UserTemplate) Pack() (put PackedUserTemplate)

func (UserTemplate) WireUserTemplate

func (t UserTemplate) WireUserTemplate(thing Thing) WireUserTemplate

type ValidationProblem added in v3.8.23

type ValidationProblem struct {
	Name  string // the path in question
	Type  string // the type we were attempting to convert to
	Error string // A descriptive message as to what went wrong

ValidationProblem describes a field which was specified in the schema but is either: 1. Missing from the dispatcher's output, or 2. Unable to be converted to the type specified in the schema

type VersionInfo

type VersionInfo struct {
	API   ApiInfo
	Build BuildInfo

type WarnResp

type WarnResp struct {
	Name string
	Err  error `json:",omitempty"`

func (WarnResp) MarshalJSON

func (wr WarnResp) MarshalJSON() ([]byte, error)

func (*WarnResp) UnmarshalJSON

func (wr *WarnResp) UnmarshalJSON(buff []byte) error

type WellInfo

type WellInfo struct {
	Name        string
	Tags        []string
	Shards      []ShardInfo
	Accelerator string `json:",omitempty"`
	Engine      string `json:",omitempty"`
	Path        string `json:",omitempty"` //hot storage location
	ColdPath    string `json:",omitempty"` //cold storage location

func (*WellInfo) Empty

func (wi *WellInfo) Empty() bool

func (WellInfo) MarshalJSON

func (wi WellInfo) MarshalJSON() ([]byte, error)

type WirePivot

type WirePivot struct {
	GUID        uuid.UUID
	Name        string
	Description string
	Updated     time.Time
	Contents    RawObject
	Labels      []string
	Disabled    bool

WirePivot is constructed from the Pivot and the details in the Thing struct. This is what we send to the user via the API.

func (WirePivot) Pivot

func (wp WirePivot) Pivot() Pivot

Pivot creates a Pivot structure from the WiredPivot

func (WirePivot) Thing

func (wp WirePivot) Thing() (t Thing, err error)

Thing Generates an encoded Thing from the WirePivot structure

type WireSearchLibrary

type WireSearchLibrary struct {

WireSearchLibrary is what we actually send back and forth over the API

func (WireSearchLibrary) Thing

func (wsl WireSearchLibrary) Thing() (t Thing, err error)

type WireUserFile

type WireUserFile struct {

func (WireUserFile) Thing

func (w WireUserFile) Thing() (t Thing, err error)

type WireUserTemplate

type WireUserTemplate struct {
	GUID        uuid.UUID
	Name        string
	Description string
	Contents    TemplateContents
	Updated     time.Time
	Labels      []string

WireUserTemplate is constructed from the UserTemplate and the details in the Thing struct. This is what we send to the user via the API.

func (WireUserTemplate) Thing

func (w WireUserTemplate) Thing() (t Thing, err error)

func (WireUserTemplate) UserTemplate

func (w WireUserTemplate) UserTemplate() (ut UserTemplate)

type WordOffset added in v3.8.12

type WordOffset [2]int

A WordOffset contains two byte indexes into a string, denoting the location of a "word" within that string. The usual substring convention is followed, so the WordOffset of "foo" in "foo bar" is WordOffset{0, 3}, or in standard notation [0, 3).


Path Synopsis
Package kits provides tools for interacting with kit archives directly.
Package kits provides tools for interacting with kit archives directly.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL