Translate the keywords for the QL.

docs/query.md

@@ -11,11 +11,11 @@ Reference
 -----------
 
 Available fields:
- - `message`: the string with the main information
- - `app_name`: also known as "program" sometimes
+ - `msg`: the string with the main information
+ - `prog`: also known as "program" sometimes
  - `facility`: an integer describing auth, daemon, user, etc.
- - `hostname`: the hostname where the entry originated
- - `timestamp`: date in format `2019-01-07T15:28:58+01:00`
- - `severity`: an integer describing severity
+ - `host`: the hostname where the entry originated
+ - `time`: date in format `2019-01-07T15:28:58+01:00`
+ - `sev`: an integer describing severity
 
 

filtering/filter.go

@@ -39,10 +39,12 @@ func (e *ExprValue) Set(value string) error {
 	return nil
 }
 
-func (e *ExprValue) Validate(line map[string]interface{}) bool {
+// Validate answers the question wether to include a log line or not.
+func (e *ExprValue) Validate(lineInput map[string]interface{}) bool {
 	if e.node == nil {
 		return true
 	}
+	line := translateMap(lineInput)
 	context := datasource.NewContextSimpleNative(line)
 	val, ok := vm.Eval(context, e.node)
 	if !ok || val == nil { // errors when evaluating
@@ -54,3 +56,14 @@ func (e *ExprValue) Validate(line map[string]interface{}) bool {
 	fmt.Fprintln(os.Stderr, "WARNING: The 'where' expression doesn't return a boolean")
 	return false
 }
+
+func translateMap(lineInput map[string]interface{}) map[string]interface{} {
+	lineOutput := make(map[string]interface{})
+	lineOutput["prog"] = lineInput["app_name"]
+	lineOutput["msg"] = lineInput["message"]
+	lineOutput["facility"] = lineInput["facility"]
+	lineOutput["host"] = lineInput["hostname"]
+	lineOutput["time"] = lineInput["timestamp"]
+	lineOutput["sev"] = lineInput["severity"]
+	return lineOutput
+}