Class: Mu::Xtractr::Field::Value

Inherits:

Object

• Object
• Mu::Xtractr::Field::Value

Defined in:

lib/mu/xtractr/field.rb

Overview

Field::Value

Field::Value represents an instance of a field with a concrete value that can further used for fine grained searches.

Instance Attribute Summary

• #field ⇒ Object readonly

  Return the field object.

• #value ⇒ Object readonly

  Return the value of the field object.

• #xtractr ⇒ Object readonly

  :nodoc:.

Instance Method Summary

• #count(_field) ⇒ Object

  Count the unique values of the specified field amongst all the packets that matched the query.

• #each_packet(_q = nil, &blk) ⇒ Object

  Iterate over each packet that contains this field value.

• #initialize(xtractr, json) ⇒ Value constructor

  :nodoc:.

• #inspect ⇒ Object

  :nodoc:.

• #packets(_q = nil) ⇒ Object

  Fetch the list of packets that contain this Field::Value.

• #q ⇒ Object

  :nodoc:.

• #sum(kfield, vfield) ⇒ Object

  Sum the unique numeric values of vfield, keyed by the unique values of kfield.

Constructor Details

#initialize(xtractr, json) ⇒ Value

:nodoc:

# File 'lib/mu/xtractr/field.rb', line 52

def initialize xtractr, json # :nodoc:
    @xtractr = xtractr
    @field = Field.new(xtractr, json['key'])
    @value = json['value']
end

Instance Attribute Details

#field ⇒ Object (readonly)

Return the field object.

# File 'lib/mu/xtractr/field.rb', line 47

def field
  @field
end

#value ⇒ Object (readonly)

Return the value of the field object.

# File 'lib/mu/xtractr/field.rb', line 50

def value
  @value
end

#xtractr ⇒ Object (readonly)

:nodoc:

# File 'lib/mu/xtractr/field.rb', line 44

def xtractr
  @xtractr
end

Instance Method Details

#count(_field) ⇒ Object

Count the unique values of the specified field amongst all the packets that matched the query.

value.count('http.request.method')

# File 'lib/mu/xtractr/field.rb', line 83

def count _field
    which = field.name =~ /^flow\./ ? 'flows' : 'packets'
    Views.count xtractr, _field, "/api/#{which}/report", :q => q
end

#each_packet(_q = nil, &blk) ⇒ Object

Iterate over each packet that contains this field value. This is a convenience function used primiarily in method chaining.

# File 'lib/mu/xtractr/field.rb', line 75

def each_packet(_q=nil, &blk) # :yields: packet
    packets(_q).each(&blk)
    return self
end

#inspect ⇒ Object

:nodoc:

# File 'lib/mu/xtractr/field.rb', line 96

def inspect # :nodoc:
    "#<value:#{field.name} #{value}>"
end

#packets(_q = nil) ⇒ Object

Fetch the list of packets that contain this Field::Value. If the optional query is given, it’s AND’d to the query that matches this Field::Value.

value.packets.each { |pkt| ... }
value.packets('dns.qry.name:apple').each { |pkt| ... }

# File 'lib/mu/xtractr/field.rb', line 67

def packets _q=nil
    q2 = q
    q2 << " #{_q}" if _q
    Packets.new xtractr, :q => q2
end

#q ⇒ Object

:nodoc:

# File 'lib/mu/xtractr/field.rb', line 58

def q # :nodoc:
    "#{field.name}:\"#{value}\""
end

#sum(kfield, vfield) ⇒ Object

Sum the unique numeric values of vfield, keyed by the unique values of kfield.

value.sum('flow.src', 'flow.bytes')

# File 'lib/mu/xtractr/field.rb', line 91

def sum kfield, vfield
    which = field.name =~ /^flow\./ ? 'flows' : 'packets'
    Views.sum xtractr, kfield, vfield, "/api/#{which}/report", :q => q
end