metron-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ali Nazemian <alinazem...@gmail.com>
Subject Re: Stellar post-parsing transformation conditional statement
Date Wed, 14 Feb 2018 07:38:11 GMT
Any example would be appreciated.

On 9 Feb. 2018 15:37, "Ali Nazemian" <alinazemian@gmail.com> wrote:

> Match is not available in our version. What about MAP_GET? How can I use
> it for this matter? I couldn't understand what the solution is.
>
> On Fri, Feb 9, 2018 at 3:02 PM, Simon Elliston Ball <
> simon@simonellistonball.com> wrote:
>
>> You either want a MAP_GET in your IF or a match statement in there I
>> expect. See the match statement at https://github.com/apache/m
>> etron/blob/master/metron-stellar/stellar-common/README.md under core
>> functions (it’s relatively new)
>>
>> Simon
>>
>> Sent from my iPhone
>>
>> On 9 Feb 2018, at 03:55, Ali Nazemian <alinazemian@gmail.com> wrote:
>>
>> Hi All,
>>
>> I was wondering how we can address if statement in the config section to
>> have a different mapping in certain conditions. The following syntax is not
>> acceptable.
>>
>> {
>> "parserClassName": "org.apache.metron.parsers.asa.BasicAsaParser",
>> "filterClassName": null,
>> "sensorTopic": "test-asa",
>> "writerClassName": null,
>> "errorWriterClassName": null,
>> "invalidWriterClassName": null,
>> "parserConfig": {},
>> "fieldTransformations": [
>> {
>> "input": [],
>> "output": [
>> "x",
>> "y",
>> "z",
>> ],
>> "transformation": "STELLAR",
>> "config": {
>>   IF "ip_src_port" == 39296 THEN
>> "x": "something",
>> "y": "something else"
>>
>>   ELSE
>> "y": "something",
>> "z": "something else"
>> }
>> }
>> ]
>> }
>>
>> Regards,
>> Ali
>>
>>
>
>
> --
> A.Nazemian
>

Mime
View raw message