Class: Mu::Xtractr::Views::Count

Inherits:

Object

• Object
• Mu::Xtractr::Views::Count

Defined in:

lib/mu/xtractr/views.rb,
lib/mu/xtractr/test/tc_views.rb

Overview

Count

Count contains the results of doing a map/reduce on either flows or packets. Each count contains the field on which the map/reduce was performed, the unique value as all as the count of that value in the flows or packets. For example to count the unique source IP address of HTTP flows in the first five minutes of the index, you would do:

xtractr.flows('flow.service:HTTP flow.duration:[1 300]').count('flow.src')

Defined Under Namespace

Classes: Test

Instance Attribute Summary

• #count ⇒ Object readonly

  Returns the count of the field/value.

• #field ⇒ Object readonly

  Returns the field used for counting.

• #value ⇒ Object readonly

  Returns the unique value of the field.

• #xtractr ⇒ Object readonly

  :nodoc:.

Instance Method Summary

• #each_packet(q = nil, &blk) ⇒ Object

  Iterate over each packet that contains this field value.

• #initialize(xtractr, field, value, count) ⇒ Count constructor

  :nodoc:.

• #inspect ⇒ Object

  :nodoc:.

• #object ⇒ Object

  Returns a Field::Value object that can be used for further method chaining.

• #packets(q = nil) ⇒ Object

  Fetch the list of packets that contain this field value.

• #sum(kfield, vfield) ⇒ Object

  Sum the numeric values of vfield, keyed by the unique values of kfield.

Constructor Details

#initialize(xtractr, field, value, count) ⇒ Count

:nodoc:

# File 'lib/mu/xtractr/views.rb', line 40

def initialize xtractr, field, value, count # :nodoc:
    @xtractr = xtractr
    @field   = field
    @value   = value
    @count   = count
end

Instance Attribute Details

#count ⇒ Object (readonly)

Returns the count of the field/value.

# File 'lib/mu/xtractr/views.rb', line 38

def count
  @count
end

#field ⇒ Object (readonly)

Returns the field used for counting.

# File 'lib/mu/xtractr/views.rb', line 32

def field
  @field
end

#value ⇒ Object (readonly)

Returns the unique value of the field.

# File 'lib/mu/xtractr/views.rb', line 35

def value
  @value
end

#xtractr ⇒ Object (readonly)

:nodoc:

# File 'lib/mu/xtractr/views.rb', line 29

def xtractr
  @xtractr
end

Instance Method Details

#each_packet(q = nil, &blk) ⇒ Object

Iterate over each packet that contains this field value.

xtractr.flows.count('flow.src').first.each_packet { |pkt ... }

# File 'lib/mu/xtractr/views.rb', line 62

def each_packet(q=nil, &blk) # :yields: packet
    packets(q).each(&blk)
    return self
end

#inspect ⇒ Object

:nodoc:

# File 'lib/mu/xtractr/views.rb', line 74

def inspect # :nodoc:
    "#<count #{value} #{count}>"
end

#object ⇒ Object

Returns a Field::Value object that can be used for further method chaining.

xtractr.flows.count('flow.src').first.object.count('flow.service')

# File 'lib/mu/xtractr/views.rb', line 50

def object
    Field::Value.new xtractr, "key" => field.name, "value" => value
end

#packets(q = nil) ⇒ Object

Fetch the list of packets that contain this field value.

xtractr.flows.count('flow.src').first.packets.each { |pkt ... }

# File 'lib/mu/xtractr/views.rb', line 56

def packets q=nil
    object.packets q
end

#sum(kfield, vfield) ⇒ Object

Sum the numeric values of vfield, keyed by the unique values of kfield. This is used for method chaining.

xtractr.flows.count('flow.src').first.sum('flow.service', 'flow.bytes')

# File 'lib/mu/xtractr/views.rb', line 70

def sum kfield, vfield
    object.sum kfield, vfield
end