Moved EventBuffer into psort engine log2timeline#771

joachimmetz · Jul 9, 2017 · 77816dc · 77816dc
1 parent e808fc0
commit 77816dc
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 4 deletions.
diff --git a/test_data/end_to_end/json.log b/test_data/end_to_end/json.log
@@ -5,13 +5,13 @@
 , "event_4": {"body": "(root) CMD (touch /var/run/crond.somecheck)", "username": "root", "sha256_hash": "1f0105612f6ad2d225d6bd9ba631148740e312598878adcd2b74098a3dab50c4", "display_name": "OS:/tmp/test/test_data/syslog", "severity": {"__type__": "bytes", "stream": ""}, "data_type": "syslog:cron:task_run", "reporter": "CRON", "__type__": "AttributeContainer", "parser": "syslog", "pid": 31068, "offset": 0, "filename": "/tmp/test/test_data/syslog", "timestamp_desc": "Content Modification Time", "command": "touch /var/run/crond.somecheck", "timestamp": 1327218841000000, "pathspec": {"type_indicator": "OS", "__type__": "PathSpec", "location": "/tmp/test/test_data/syslog"}, "inode": 0, "hostname": "myhostname.myhost.com", "__container_type__": "event"}
 , "event_5": {"body": "`cron.daily' terminated", "hostname": "myhostname.myhost.com", "display_name": "OS:/tmp/test/test_data/syslog", "data_type": "syslog:line", "timestamp_desc": "Content Modification Time", "reporter": "Job", "timestamp": 1327218872000000, "pid": {"__type__": "bytes", "stream": ""}, "parser": "syslog", "__type__": "AttributeContainer", "filename": "/tmp/test/test_data/syslog", "sha256_hash": "1f0105612f6ad2d225d6bd9ba631148740e312598878adcd2b74098a3dab50c4", "offset": 0, "pathspec": {"type_indicator": "OS", "__type__": "PathSpec", "location": "/tmp/test/test_data/syslog"}, "inode": 0, "__container_type__": "event", "severity": {"__type__": "bytes", "stream": ""}}
 , "event_6": {"body": "testing leap year in parsing, events take place in 2012 ---", "hostname": ":", "display_name": "OS:/tmp/test/test_data/syslog", "data_type": "syslog:line", "timestamp_desc": "Content Modification Time", "reporter": "---", "timestamp": 1330478143000000, "pid": {"__type__": "bytes", "stream": ""}, "parser": "syslog", "__type__": "AttributeContainer", "filename": "/tmp/test/test_data/syslog", "sha256_hash": "1f0105612f6ad2d225d6bd9ba631148740e312598878adcd2b74098a3dab50c4", "offset": 0, "pathspec": {"type_indicator": "OS", "__type__": "PathSpec", "location": "/tmp/test/test_data/syslog"}, "inode": 0, "__container_type__": "event", "severity": {"__type__": "bytes", "stream": ""}}
-, "event_7": {"body": "No true exit can exist (124 job run)", "hostname": "myhostname.myhost.com", "display_name": "OS:/tmp/test/test_data/syslog", "data_type": "syslog:line", "timestamp_desc": "Content Modification Time", "reporter": "anacron", "timestamp": 1355853272000000, "pid": 1234, "parser": "syslog", "__type__": "AttributeContainer", "filename": "/tmp/test/test_data/syslog", "sha256_hash": "1f0105612f6ad2d225d6bd9ba631148740e312598878adcd2b74098a3dab50c4", "offset": 0, "pathspec": {"type_indicator": "OS", "__type__": "PathSpec", "location": "/tmp/test/test_data/syslog"}, "tag": {"comment": "Tag applied by tagging analysis plugin.Tag applied by tagging analysis plugin.", "event_stream_number": 2, "labels": [{"__type__": "bytes", "stream": "exit"}], "__type__": "AttributeContainer", "event_entry_index": 7, "__container_type__": "event_tag"}, "inode": 0, "__container_type__": "event", "severity": {"__type__": "bytes", "stream": ""}}
+, "event_7": {"body": "No true exit can exist (124 job run)", "hostname": "myhostname.myhost.com", "display_name": "OS:/tmp/test/test_data/syslog", "data_type": "syslog:line", "timestamp_desc": "Content Modification Time", "reporter": "anacron", "timestamp": 1355853272000000, "pid": 1234, "parser": "syslog", "__type__": "AttributeContainer", "filename": "/tmp/test/test_data/syslog", "sha256_hash": "1f0105612f6ad2d225d6bd9ba631148740e312598878adcd2b74098a3dab50c4", "offset": 0, "pathspec": {"type_indicator": "OS", "__type__": "PathSpec", "location": "/tmp/test/test_data/syslog"}, "tag": {"comment": "Tag applied by tagging analysis plugin.Tag applied by tagging analysis plugin.", "event_stream_number": 1, "labels": [{"__type__": "bytes", "stream": "exit"}], "__type__": "AttributeContainer", "event_entry_index": 7, "__container_type__": "event_tag"}, "inode": 0, "__container_type__": "event", "severity": {"__type__": "bytes", "stream": ""}}
 , "event_8": {"body": "This syslog message has a fractional value for seconds.", "hostname": "myhostname.myhost.com", "display_name": "OS:/tmp/test/test_data/syslog", "data_type": "syslog:line", "timestamp_desc": "Content Modification Time", "reporter": "somrandomexe", "timestamp": 1364079678000000, "pid": 19, "parser": "syslog", "__type__": "AttributeContainer", "filename": "/tmp/test/test_data/syslog", "sha256_hash": "1f0105612f6ad2d225d6bd9ba631148740e312598878adcd2b74098a3dab50c4", "offset": 0, "pathspec": {"type_indicator": "OS", "__type__": "PathSpec", "location": "/tmp/test/test_data/syslog"}, "inode": 0, "__container_type__": "event", "severity": {"__type__": "bytes", "stream": ""}}
 , "event_9": {"body": "This syslog message is brought to you by me (and not the other guy)", "hostname": "myhostname.myhost.com", "display_name": "OS:/tmp/test/test_data/syslog", "data_type": "syslog:line", "timestamp_desc": "Content Modification Time", "reporter": "somrandomexe", "timestamp": 1364079678000000, "pid": 1915, "parser": "syslog", "__type__": "AttributeContainer", "filename": "/tmp/test/test_data/syslog", "sha256_hash": "1f0105612f6ad2d225d6bd9ba631148740e312598878adcd2b74098a3dab50c4", "offset": 0, "pathspec": {"type_indicator": "OS", "__type__": "PathSpec", "location": "/tmp/test/test_data/syslog"}, "inode": 0, "__container_type__": "event", "severity": {"__type__": "bytes", "stream": ""}}
 , "event_10": {"body": "This is a multi-line message that screws up\n\tmany syslog parsers.", "hostname": "myhostname.myhost.com", "display_name": "OS:/tmp/test/test_data/syslog", "data_type": "syslog:line", "timestamp_desc": "Content Modification Time", "reporter": "aprocess", "timestamp": 1384737320000000, "pid": 10100, "parser": "syslog", "__type__": "AttributeContainer", "filename": "/tmp/test/test_data/syslog", "sha256_hash": "1f0105612f6ad2d225d6bd9ba631148740e312598878adcd2b74098a3dab50c4", "offset": 0, "pathspec": {"type_indicator": "OS", "__type__": "PathSpec", "location": "/tmp/test/test_data/syslog"}, "inode": 0, "__container_type__": "event", "severity": {"__type__": "bytes", "stream": ""}}
 , "event_11": {"body": "Another one just like this (124 job run)", "hostname": "myhostname.myhost.com", "display_name": "OS:/tmp/test/test_data/syslog", "data_type": "syslog:line", "timestamp_desc": "Content Modification Time", "reporter": "/sbin/anacron", "timestamp": 1388512472000000, "pid": 1234, "parser": "syslog", "__type__": "AttributeContainer", "filename": "/tmp/test/test_data/syslog", "sha256_hash": "1f0105612f6ad2d225d6bd9ba631148740e312598878adcd2b74098a3dab50c4", "offset": 0, "pathspec": {"type_indicator": "OS", "__type__": "PathSpec", "location": "/tmp/test/test_data/syslog"}, "inode": 0, "__container_type__": "event", "severity": {"__type__": "bytes", "stream": ""}}
 , "event_12": {"body": "Test message with single character day", "hostname": "victoria", "display_name": "OS:/tmp/test/test_data/syslog", "data_type": "syslog:line", "timestamp_desc": "Content Modification Time", "reporter": "process", "timestamp": 1391699790000000, "pid": 2085, "parser": "syslog", "__type__": "AttributeContainer", "filename": "/tmp/test/test_data/syslog", "sha256_hash": "1f0105612f6ad2d225d6bd9ba631148740e312598878adcd2b74098a3dab50c4", "offset": 0, "pathspec": {"type_indicator": "OS", "__type__": "PathSpec", "location": "/tmp/test/test_data/syslog"}, "inode": 0, "__container_type__": "event", "severity": {"__type__": "bytes", "stream": ""}}
-, "event_13": {"body": "last message repeated 5 times ---", "hostname": ":", "display_name": "OS:/tmp/test/test_data/syslog", "data_type": "syslog:line", "timestamp_desc": "Content Modification Time", "reporter": "---", "timestamp": 1416273343000000, "pid": {"__type__": "bytes", "stream": ""}, "parser": "syslog", "__type__": "AttributeContainer", "filename": "/tmp/test/test_data/syslog", "sha256_hash": "1f0105612f6ad2d225d6bd9ba631148740e312598878adcd2b74098a3dab50c4", "offset": 0, "pathspec": {"type_indicator": "OS", "__type__": "PathSpec", "location": "/tmp/test/test_data/syslog"}, "tag": {"comment": "Tag applied by tagging analysis plugin.Tag applied by tagging analysis plugin.", "event_stream_number": 2, "labels": [{"__type__": "bytes", "stream": "repeated"}], "__type__": "AttributeContainer", "event_entry_index": 13, "__container_type__": "event_tag"}, "inode": 0, "__container_type__": "event", "severity": {"__type__": "bytes", "stream": ""}}
+, "event_13": {"body": "last message repeated 5 times ---", "hostname": ":", "display_name": "OS:/tmp/test/test_data/syslog", "data_type": "syslog:line", "timestamp_desc": "Content Modification Time", "reporter": "---", "timestamp": 1416273343000000, "pid": {"__type__": "bytes", "stream": ""}, "parser": "syslog", "__type__": "AttributeContainer", "filename": "/tmp/test/test_data/syslog", "sha256_hash": "1f0105612f6ad2d225d6bd9ba631148740e312598878adcd2b74098a3dab50c4", "offset": 0, "pathspec": {"type_indicator": "OS", "__type__": "PathSpec", "location": "/tmp/test/test_data/syslog"}, "tag": {"comment": "Tag applied by tagging analysis plugin.Tag applied by tagging analysis plugin.", "event_stream_number": 1, "labels": [{"__type__": "bytes", "stream": "repeated"}], "__type__": "AttributeContainer", "event_entry_index": 13, "__container_type__": "event_tag"}, "inode": 0, "__container_type__": "event", "severity": {"__type__": "bytes", "stream": ""}}
 , "event_14": {"body": "[997.390602] sda2: rw=0, want=65, limit=2", "sha256_hash": "1f0105612f6ad2d225d6bd9ba631148740e312598878adcd2b74098a3dab50c4", "display_name": "OS:/tmp/test/test_data/syslog", "data_type": "syslog:line", "timestamp_desc": "Content Modification Time", "reporter": "kernel", "timestamp": 1416299420000000, "pid": {"__type__": "bytes", "stream": ""}, "parser": "syslog", "__type__": "AttributeContainer", "filename": "/tmp/test/test_data/syslog", "offset": 0, "pathspec": {"type_indicator": "OS", "__type__": "PathSpec", "location": "/tmp/test/test_data/syslog"}, "inode": 0, "__container_type__": "event", "severity": {"__type__": "bytes", "stream": ""}}
 , "event_15": {"body": "[998.390602] sda2: rw=0, want=66, limit=2", "hostname": "victoria", "display_name": "OS:/tmp/test/test_data/syslog", "data_type": "syslog:line", "timestamp_desc": "Content Modification Time", "reporter": "kernel", "timestamp": 1416299480000000, "pid": {"__type__": "bytes", "stream": ""}, "parser": "syslog", "__type__": "AttributeContainer", "filename": "/tmp/test/test_data/syslog", "sha256_hash": "1f0105612f6ad2d225d6bd9ba631148740e312598878adcd2b74098a3dab50c4", "offset": 0, "pathspec": {"type_indicator": "OS", "__type__": "PathSpec", "location": "/tmp/test/test_data/syslog"}, "inode": 0, "__container_type__": "event", "severity": {"__type__": "bytes", "stream": ""}}
 , "event_16": {"sha256_hash": "1f0105612f6ad2d225d6bd9ba631148740e312598878adcd2b74098a3dab50c4", "display_name": "OS:/tmp/test/test_data/syslog", "timestamp_desc": "atime", "data_type": "fs:stat", "timestamp": 1491238787000000, "is_allocated": true, "parser": "filestat", "__type__": "AttributeContainer", "offset": 0, "filename": "/tmp/test/test_data/syslog", "file_system_type": "OS", "file_size": {"values": [1509], "__type__": "tuple"}, "pathspec": {"type_indicator": "OS", "__type__": "PathSpec", "location": "/tmp/test/test_data/syslog"}, "inode": 0, "__container_type__": "event", "file_entry_type": 3}