Data Model¶
- class zlogging.model.Model(*args, **kwargs)[source]¶
Bases:
object
Log data model.
- Parameters
*args (Any) – Arbitrary positional arguments.
**kwargs (Any) – Arbitrary keyword arguments.
- Warns
BroDeprecationWarning – Use of
bro_*
type annotations.- Raises
ModelValueError – In case of inconsistency between field data types, or values of
unset_field
,empty_field
andset_separator
.ModelTypeError – Wrong parameters when initialisation.
- Return type
Note
Customise the
Model.__post_init__
method in your subclassed data model to implement your own ideas.Example
Define a custom log data model using the prefines Bro/Zeek data types, or subclasses of
BaseType
:class MyLog(Model): field_one = StringType() field_two = SetType(element_type=PortType)
Or you may use type annotations as PEP 484 introduced when declaring data models. All available type hints can be found in
zlogging.typing
:class MyLog(Model): field_one: zeek_string field_two: zeek_set[zeek_port]
However, when mixing annotations and direct assignments, annotations will take proceedings, i.e. the
Model
class shall process first annotations then assignments. Should there be any conflicts,ModelError
will be raised.See also
See
expand_typing()
for more information about processing the fields.- property fields: OrderedDict[str, Union[_SimpleType, _GenericType]]¶
Fields of the data model.
- tojson()[source]¶
Serialise data model as JSON log format.
- Returns
An
OrderedDict
mapping each field and serialised JSON serialisable data.- Return type
OrderedDict[str, Any]
- zlogging.model.new_model(name, **fields)[source]¶
Create a data model dynamically with the appropriate fields.
- Parameters
name (
str
) – data model name**fields – defined fields of the data model
- Return type
- Returns
Created data model.
Examples
Typically, we define a data model by subclassing the
Model
class, as following:class MyLog(Model): field_one = StringType() field_two = SetType(element_type=PortType)
when defining dynamically with
new_model()
, the definition above can be rewrote to:MyLog = new_model('MyLog', field_one=StringType(), field_two=SetType(element_type=PortType))