diff options
| author | doufenghu <[email protected]> | 2024-04-15 17:25:28 +0800 |
|---|---|---|
| committer | doufenghu <[email protected]> | 2024-04-15 17:25:28 +0800 |
| commit | 5f690e5522a046121627c560279aa915d91496bf (patch) | |
| tree | 82f9e72d5c0d1e9f222c4eb1f200058d75c888ed | |
| parent | 2cd93a8e843a75f3c962eded8d823f8020fc9a42 (diff) | |
Add udf examples for grootstream_job_template.yaml
| -rw-r--r-- | config/template/grootstream_job_template.yaml | 23 |
1 files changed, 9 insertions, 14 deletions
diff --git a/config/template/grootstream_job_template.yaml b/config/template/grootstream_job_template.yaml index af73704..58d0abc 100644 --- a/config/template/grootstream_job_template.yaml +++ b/config/template/grootstream_job_template.yaml @@ -148,9 +148,8 @@ processing_pipelines: # [object] Define Processors for processing pipelines. - function: SNOWFLAKE_ID lookup_fields: [ '' ] output_fields: [ log_id ] - filter: parameters: - data_center_id_num: 1 + data_center_id_num: 1 # [number] Data Center ID, Default is 0, range is 0-31. Multi-data center deployment, each data center has a unique ID. - function: JSON_EXTRACT lookup_fields: [ device_tag ] @@ -183,16 +182,12 @@ processing_pipelines: # [object] Define Processors for processing pipelines. value_expression: recv_time - function: DOMAIN - lookup_fields: [ http_host,ssl_sni,dtls_sni,quic_sni ] + lookup_fields: [ http_host, ssl_sni, dtls_sni, quic_sni ] output_fields: [ server_domain ] parameters: option: FIRST_SIGNIFICANT_SUBDOMAIN - function: BASE64_DECODE_TO_STRING - lookup_fields: [ mail_subject,mail_subject_charset ] - output_fields: [ mail_subject ] - - - function: BASE64_DECODE_TO_STRING output_fields: [ mail_subject ] parameters: value_field: mail_subject @@ -205,16 +200,10 @@ processing_pipelines: # [object] Define Processors for processing pipelines. charset_field: mail_attachment_name_charset - function: PATH_COMBINE - lookup_fields: [ packet_capture_file ] - output_fields: [ packet_capture_file ] - parameters: - path: [ props.hos.path, props.hos.bucket.name.traffic_file, packet_capture_file] - - - function: PATH_COMBINE lookup_fields: [ rtp_pcap_path ] output_fields: [ rtp_pcap_path ] parameters: - path: [ props.hos.path, props.hos.bucket.name.troubleshooting_file, rtp_pcap_path ] + path: [ props.hos.path, props.hos.bucket.name.traffic_file, rtp_pcap_path ] - function: PATH_COMBINE lookup_fields: [ http_request_body ] @@ -234,6 +223,12 @@ processing_pipelines: # [object] Define Processors for processing pipelines. parameters: path: [ props.hos.path, props.hos.bucket.name.traffic_file, mail_eml_file ] + - function: PATH_COMBINE + lookup_fields: [ packet_capture_file ] + output_fields: [ packet_capture_file ] + parameters: + path: [ props.hos.path, props.hos.bucket.name.traffic_file, packet_capture_file ] + - function: STRING_JOINER lookup_fields: [ server_ip,client_ip ] output_fields: [ ip_string ] |