Class: Mu::Xtractr::Field::Value
- Inherits:
-
Object
- Object
- Mu::Xtractr::Field::Value
- Defined in:
- lib/mu/xtractr/field.rb
Overview
Field::Value
Field::Value represents an instance of a field with a concrete value that can further used for fine grained searches.
Instance Attribute Summary collapse
-
#field ⇒ Object
readonly
Return the field object.
-
#value ⇒ Object
readonly
Return the value of the field object.
-
#xtractr ⇒ Object
readonly
:nodoc:.
Instance Method Summary collapse
-
#count(_field) ⇒ Object
Count the unique values of the specified field amongst all the packets that matched the query.
-
#each_packet(_q = nil, &blk) ⇒ Object
Iterate over each packet that contains this field value.
-
#initialize(xtractr, json) ⇒ Value
constructor
:nodoc:.
-
#inspect ⇒ Object
:nodoc:.
-
#packets(_q = nil) ⇒ Object
Fetch the list of packets that contain this Field::Value.
-
#q ⇒ Object
:nodoc:.
-
#sum(kfield, vfield) ⇒ Object
Sum the unique numeric values of vfield, keyed by the unique values of kfield.
Constructor Details
Instance Attribute Details
#field ⇒ Object (readonly)
Return the field object.
47 48 49 |
# File 'lib/mu/xtractr/field.rb', line 47 def field @field end |
#value ⇒ Object (readonly)
Return the value of the field object.
50 51 52 |
# File 'lib/mu/xtractr/field.rb', line 50 def value @value end |
#xtractr ⇒ Object (readonly)
:nodoc:
44 45 46 |
# File 'lib/mu/xtractr/field.rb', line 44 def xtractr @xtractr end |
Instance Method Details
#count(_field) ⇒ Object
Count the unique values of the specified field amongst all the packets that matched the query.
value.count('http.request.method')
83 84 85 86 |
# File 'lib/mu/xtractr/field.rb', line 83 def count _field which = field.name =~ /^flow\./ ? 'flows' : 'packets' Views.count xtractr, _field, "/api/#{which}/report", :q => q end |
#each_packet(_q = nil, &blk) ⇒ Object
Iterate over each packet that contains this field value. This is a convenience function used primiarily in method chaining.
75 76 77 78 |
# File 'lib/mu/xtractr/field.rb', line 75 def each_packet(_q=nil, &blk) # :yields: packet packets(_q).each(&blk) return self end |
#inspect ⇒ Object
:nodoc:
96 97 98 |
# File 'lib/mu/xtractr/field.rb', line 96 def inspect # :nodoc: "#<value:#{field.name} #{value}>" end |
#packets(_q = nil) ⇒ Object
Fetch the list of packets that contain this Field::Value. If the optional query is given, it’s AND’d to the query that matches this Field::Value.
value.packets.each { |pkt| ... }
value.packets('dns.qry.name:apple').each { |pkt| ... }
67 68 69 70 71 |
# File 'lib/mu/xtractr/field.rb', line 67 def packets _q=nil q2 = q q2 << " #{_q}" if _q Packets.new xtractr, :q => q2 end |
#q ⇒ Object
:nodoc:
58 59 60 |
# File 'lib/mu/xtractr/field.rb', line 58 def q # :nodoc: "#{field.name}:\"#{value}\"" end |
#sum(kfield, vfield) ⇒ Object
Sum the unique numeric values of vfield, keyed by the unique values of kfield.
value.sum('flow.src', 'flow.bytes')
91 92 93 94 |
# File 'lib/mu/xtractr/field.rb', line 91 def sum kfield, vfield which = field.name =~ /^flow\./ ? 'flows' : 'packets' Views.sum xtractr, kfield, vfield, "/api/#{which}/report", :q => q end |