diff --git a/docs/query.md b/docs/query.md index 0ad1173..5f49fda 100644 --- a/docs/query.md +++ b/docs/query.md @@ -11,11 +11,11 @@ Reference ----------- Available fields: - - `message`: the string with the main information - - `app_name`: also known as "program" sometimes + - `msg`: the string with the main information + - `prog`: also known as "program" sometimes - `facility`: an integer describing auth, daemon, user, etc. - - `hostname`: the hostname where the entry originated - - `timestamp`: date in format `2019-01-07T15:28:58+01:00` - - `severity`: an integer describing severity + - `host`: the hostname where the entry originated + - `time`: date in format `2019-01-07T15:28:58+01:00` + - `sev`: an integer describing severity diff --git a/filtering/filter.go b/filtering/filter.go index bc3f825..24291cc 100644 --- a/filtering/filter.go +++ b/filtering/filter.go @@ -39,10 +39,12 @@ func (e *ExprValue) Set(value string) error { return nil } -func (e *ExprValue) Validate(line map[string]interface{}) bool { +// Validate answers the question wether to include a log line or not. +func (e *ExprValue) Validate(lineInput map[string]interface{}) bool { if e.node == nil { return true } + line := translateMap(lineInput) context := datasource.NewContextSimpleNative(line) val, ok := vm.Eval(context, e.node) if !ok || val == nil { // errors when evaluating @@ -54,3 +56,14 @@ func (e *ExprValue) Validate(line map[string]interface{}) bool { fmt.Fprintln(os.Stderr, "WARNING: The 'where' expression doesn't return a boolean") return false } + +func translateMap(lineInput map[string]interface{}) map[string]interface{} { + lineOutput := make(map[string]interface{}) + lineOutput["prog"] = lineInput["app_name"] + lineOutput["msg"] = lineInput["message"] + lineOutput["facility"] = lineInput["facility"] + lineOutput["host"] = lineInput["hostname"] + lineOutput["time"] = lineInput["timestamp"] + lineOutput["sev"] = lineInput["severity"] + return lineOutput +}