mustash.processors – Built-in processors

pydantic model mustash.processors.AppendProcessor

Bases: Processor

Processor for adding values to a list / array.

Config:

  • extra: str = forbid

  • arbitrary_types_allowed: bool = True

Fields:
field allow_duplicates: bool = True

Whether to allow duplicates in the target list.

field condition: Condition | None = None

Condition depending on which the processor is executed.

field description: str | None = None

Optional description of the processor.

field field: FieldPath [Required]

Field with which to get the array.

field ignore_failure: bool = False

Whether to ignore failures for the processor.

field on_failure: list[Processor] | None = None

Processors to execute when a failure occurs.

field tag: str | None = None

Identifier for the processor, included in debugging and metrics.

field values: list[Element] [Required]

Value to add to the document.

async apply(document: Document, /) None

Apply the processor to the document, in-place.

Parameters:

document (Document) – Document to which to apply the processor.

Return type:

None

pydantic model mustash.processors.BooleanProcessor

Bases: FieldProcessor

Processor for converting a value into a boolean.

Config:

  • extra: str = forbid

  • arbitrary_types_allowed: bool = True

Fields:
Validators:

  • _validate » all fields

field condition: Condition | None = None

Condition depending on which the processor is executed.

field description: str | None = None

Optional description of the processor.

field field: FieldPath [Required]

Field from which to get the size.

field ignore_failure: bool = False

Whether to ignore failures for the processor.

field ignore_missing: bool = False

Whether not to fail if the field is not present in the document.

field on_failure: list[Processor] | None = None

Processors to execute when a failure occurs.

field remove_if_successful: bool = False

Whether to remove the source field after processing it.

field tag: str | None = None

Identifier for the processor, included in debugging and metrics.

field target_field: FieldPath | None = None

Target field to set with the result.

async apply(document: Document, /) None

Apply the processor to the document, in-place.

Parameters:

document (Document) – Document to which to apply the processor.

Return type:

None

async process(value: Element, /) bool

Process the field into the expected type.

Parameters:

value (Element) – Value to process.

Returns:

Processed value.

Return type:

bool

pydantic model mustash.processors.BytesProcessor

Bases: FieldProcessor[str]

Processor for converting human-readable byte values into a number.

This processor parses the field as a string representing a size with a number and unit, e.g. 123 MB, and converts it into their numeric value in bytes.

For more information, see Bytes processor (ElasticSearch) and bytes mutation (Logstash).

Config:

  • extra: str = forbid

  • arbitrary_types_allowed: bool = True

Fields:
Validators:

  • _validate » all fields

field condition: Condition | None = None

Condition depending on which the processor is executed.

field description: str | None = None

Optional description of the processor.

field field: FieldPath [Required]

Field from which to get the size.

field ignore_failure: bool = False

Whether to ignore failures for the processor.

field ignore_missing: bool = False

Whether not to fail if the field is not present in the document.

field on_failure: list[Processor] | None = None

Processors to execute when a failure occurs.

field remove_if_successful: bool = False

Whether to remove the source field after processing it.

field tag: str | None = None

Identifier for the processor, included in debugging and metrics.

field target_field: FieldPath | None = None

Target field to set with the result.

async apply(document: Document, /) None

Apply the processor to the document, in-place.

Parameters:

document (Document) – Document to which to apply the processor.

Return type:

None

async process(value: str, /) int

Get the number of bytes from the given field.

This method is equivalent to parseBytesSizeValue.

Parameters:

value (str) – Value to process.

Returns:

Processed value.

Return type:

int

pydantic model mustash.processors.CommunityIDProcessor

Bases: Processor

Processor for computing the community ID for network flow data.

Community ID is defined in the Community ID Flow Hashing Specification.

For more information, see Community ID processor (ElasticSearch).

Config:

  • extra: str = forbid

  • arbitrary_types_allowed: bool = True

Fields:
field condition: Condition | None = None

Condition depending on which the processor is executed.

field description: str | None = None

Optional description of the processor.

field destination_ip_field: FieldPath = FieldPath('destination.ip')

Path to the field containing the destination IP address.

field destination_port_field: FieldPath = FieldPath('destination.port')

Path to the field containing the destination port.

field iana_number_field: FieldPath = FieldPath('network.iana_number')

Path to the field containing the IANA number of the transport protocol.

Such numbers are defined in the Protocol Numbers registry.

field icmp_code_field: FieldPath = FieldPath('icmp.code')

Field containing the ICMP code.

field icmp_type_field: FieldPath = FieldPath('icmp.type')

Field containing the ICMP type.

field ignore_failure: bool = False

Whether to ignore failures for the processor.

field ignore_missing: bool = False

Whether not to fail if the field is not present in the document.

field on_failure: list[Processor] | None = None

Processors to execute when a failure occurs.

field seed: Annotated[int, Ge(0), Lt(65536)] = 0

Seed for the community ID hash.

This seed can prevent hash collisions between network domains, such as staging and production network that use the same addressing scheme.

Constraints:

  • ge = 0

  • lt = 65536

field source_ip_field: FieldPath = FieldPath('source.ip')

Path to the field containing the source IP address.

field source_port_field: FieldPath = FieldPath('source.port')

Path to the field containing the source port.

field tag: str | None = None

Identifier for the processor, included in debugging and metrics.

field target_field: FieldPath = FieldPath('network.community_id')

Output field for the community identifier.

field transport_field: FieldPath = FieldPath('network.transport')

Path to the field containing the name of the transport protocol.

This is only used if the field referenced by iana_number_field is not present in the document.

async apply(document: Document, /) None

Apply the processor to the document, in-place.

Parameters:

document (Document) – Document to which to apply the processor.

Return type:

None

pydantic model mustash.processors.CopyProcessor

Bases: Processor

Processor for appending values to an existing array.

For more information, see Set processor (ElasticSearch) and copy mutation (Logstash).

Config:

  • extra: str = forbid

  • arbitrary_types_allowed: bool = True

Fields:
field condition: Condition | None = None

Condition depending on which the processor is executed.

field description: str | None = None

Optional description of the processor.

field field: FieldPath [Required]

Field from which to get the size.

field ignore_empty_value: bool = False

Whether not to set an empty value.

field ignore_failure: bool = False

Whether to ignore failures for the processor.

field on_failure: list[Processor] | None = None

Processors to execute when a failure occurs.

field override: bool = True

Whether to override the field if already exists.

field remove_if_successful: bool = False

Whether to remove the source field after processing it.

field tag: str | None = None

Identifier for the processor, included in debugging and metrics.

field target_field: FieldPath [Required]

Target field to set with the result.

async apply(document: Document, /) None

Apply the processor to the document, in-place.

Parameters:

document (Document) – Document to which to apply the processor.

Return type:

None

pydantic model mustash.processors.CSVProcessor

Bases: Processor

Processor for parsing a singleCSV line.

For more information, see CSV processor (ElasticSearch) and csv filter (Logstash).

Config:

  • extra: str = forbid

  • arbitrary_types_allowed: bool = True

Fields:
field condition: Condition | None = None

Condition depending on which the processor is executed.

field description: str | None = None

Optional description of the processor.

field empty_value: str = ''

Value used to fill empty fields.

field field: FieldPath [Required]

Field to extract data from.

field ignore_failure: bool = False

Whether to ignore failures for the processor.

field ignore_missing: bool = False

Whether to raise an error if the source field does not exist.

field on_failure: list[Processor] | None = None

Processors to execute when a failure occurs.

field quote: Annotated[str, StringConstraints(min_length=1, max_length=1)] = '"'

Single-character quote used in CSV.

Constraints:

  • min_length = 1

  • max_length = 1

field separator: Annotated[str, StringConstraints(min_length=1, max_length=1)] = ','

Single-character separator used in CSV.

Constraints:

  • min_length = 1

  • max_length = 1

field tag: str | None = None

Identifier for the processor, included in debugging and metrics.

field target_fields: list[FieldPath] [Required]

Array of fields to assign extracted values to.

field trim: bool = False

Whether to trim whitespaces in the unquoted fields.

async apply(document: Document, /) None

Apply the processor to the document, in-place.

Parameters:

document (Document) – Document to which to apply the processor.

Return type:

None

pydantic model mustash.processors.DateProcessor

Bases: FieldProcessor

Processor for parsing dates and adding a timestamp.

For more information, see Date processor (ElasticSearch) and date filter (Logstash).

Config:

  • extra: str = forbid

  • arbitrary_types_allowed: bool = True

Fields:
Validators:

  • _validate » all fields

field condition: Condition | None = None

Condition depending on which the processor is executed.

field description: str | None = None

Optional description of the processor.

field field: FieldPath [Required]

Field from which to get the size.

field ignore_failure: bool = False

Whether to ignore failures for the processor.

field ignore_missing: bool = False

Whether not to fail if the field is not present in the document.

field on_failure: list[Processor] | None = None

Processors to execute when a failure occurs.

field output_handler: DateTimeFormatter [Required]

Date and time format handler.

field parse_handler: DateTimeFormatter [Required]

Date and time parsing handler.

field remove_if_successful: bool = False

Whether to remove the source field after processing it.

field tag: str | None = None

Identifier for the processor, included in debugging and metrics.

field target_field: FieldPath | None = None

Target field to set with the result.

field timezone: tzinfo [Required]

Timezone to use when parsing the date.

async apply(document: Document, /) None

Apply the processor to the document, in-place.

Parameters:

document (Document) – Document to which to apply the processor.

Return type:

None

async process(value: Element, /) Element

Process the field into the expected type.

Parameters:

value (Element) – Value to process.

Returns:

Processed value.

Return type:

Element

pydantic model mustash.processors.DropProcessor

Bases: Processor

Processor for dropping the current document.

Config:

  • extra: str = forbid

  • arbitrary_types_allowed: bool = True

Fields:
field condition: Condition | None = None

Condition depending on which the processor is executed.

field description: str | None = None

Optional description of the processor.

field ignore_failure: bool = False

Whether to ignore failures for the processor.

field on_failure: list[Processor] | None = None

Processors to execute when a failure occurs.

field tag: str | None = None

Identifier for the processor, included in debugging and metrics.

async apply(document: Document, /) None

Apply the processor to the document, in-place.

Parameters:

document (Document) – Document to which to apply the processor.

Return type:

None

pydantic model mustash.processors.FloatingPointProcessor

Bases: FieldProcessor

Processor for converting a value into a floating-point number.

Config:

  • extra: str = forbid

  • arbitrary_types_allowed: bool = True

Fields:
Validators:

  • _validate » all fields

field condition: Condition | None = None

Condition depending on which the processor is executed.

field description: str | None = None

Optional description of the processor.

field field: FieldPath [Required]

Field from which to get the size.

field ignore_failure: bool = False

Whether to ignore failures for the processor.

field ignore_missing: bool = False

Whether not to fail if the field is not present in the document.

field on_failure: list[Processor] | None = None

Processors to execute when a failure occurs.

field precision: Literal['half', 'double'] [Required]

Precision expected for the target field.

field remove_if_successful: bool = False

Whether to remove the source field after processing it.

field tag: str | None = None

Identifier for the processor, included in debugging and metrics.

field target_field: FieldPath | None = None

Target field to set with the result.

async apply(document: Document, /) None

Apply the processor to the document, in-place.

Parameters:

document (Document) – Document to which to apply the processor.

Return type:

None

async process(value: Element, /) float

Process the field into the expected type.

Parameters:

value (Element) – Value to process.

Returns:

Processed value.

Return type:

float

pydantic model mustash.processors.IntegerProcessor

Bases: FieldProcessor

Processor for converting a value into an integer.

Config:

  • extra: str = forbid

  • arbitrary_types_allowed: bool = True

Fields:
Validators:

  • _validate » all fields

field condition: Condition | None = None

Condition depending on which the processor is executed.

field description: str | None = None

Optional description of the processor.

field field: FieldPath [Required]

Field from which to get the size.

field ignore_failure: bool = False

Whether to ignore failures for the processor.

field ignore_missing: bool = False

Whether not to fail if the field is not present in the document.

field max: int | None = None

Maximum accepted number, included.

field min: int | None = None

Minimum accepted number, included.

field on_failure: list[Processor] | None = None

Processors to execute when a failure occurs.

field remove_if_successful: bool = False

Whether to remove the source field after processing it.

field tag: str | None = None

Identifier for the processor, included in debugging and metrics.

field target_field: FieldPath | None = None

Target field to set with the result.

async apply(document: Document, /) None

Apply the processor to the document, in-place.

Parameters:

document (Document) – Document to which to apply the processor.

Return type:

None

async process(value: Element, /) int

Process the field into the expected type.

Parameters:

value (Element) – Value to process.

Returns:

Processed value.

Return type:

int

pydantic model mustash.processors.IPAddressProcessor

Bases: FieldProcessor

Processor for converting a value into an IPv4 or IPv6 address.

Config:

  • extra: str = forbid

  • arbitrary_types_allowed: bool = True

Fields:
Validators:

  • _validate » all fields

field condition: Condition | None = None

Condition depending on which the processor is executed.

field description: str | None = None

Optional description of the processor.

field field: FieldPath [Required]

Field from which to get the size.

field ignore_failure: bool = False

Whether to ignore failures for the processor.

field ignore_missing: bool = False

Whether not to fail if the field is not present in the document.

field on_failure: list[Processor] | None = None

Processors to execute when a failure occurs.

field remove_if_successful: bool = False

Whether to remove the source field after processing it.

field tag: str | None = None

Identifier for the processor, included in debugging and metrics.

field target_field: FieldPath | None = None

Target field to set with the result.

async apply(document: Document, /) None

Apply the processor to the document, in-place.

Parameters:

document (Document) – Document to which to apply the processor.

Return type:

None

async process(value: Element, /) IPv4Address | IPv6Address

Process the field into the expected type.

Parameters:

value (Element) – Value to process.

Returns:

Processed value.

Return type:

IPv4Address | IPv6Address

pydantic model mustash.processors.JsonProcessor

Bases: Processor

Processor for parsing raw JSON from a field into another, or root.

Config:

  • extra: str = forbid

  • arbitrary_types_allowed: bool = True

Fields:
Validators:

  • _validate » all fields

field add_to_root: bool = False

Whether to add the parsed data to root rather than in a target field.

This must not be defined to True if target_field is defined.

field condition: Condition | None = None

Condition depending on which the processor is executed.

field description: str | None = None

Optional description of the processor.

field field: FieldPath [Required]

Field from which to read raw JSON.

field ignore_failure: bool = False

Whether to ignore failures for the processor.

field on_failure: list[Processor] | None = None

Processors to execute when a failure occurs.

field tag: str | None = None

Identifier for the processor, included in debugging and metrics.

field target_field: FieldPath | None = None

Field to populate with the parsed JSON data.

async apply(document: Document, /) None

Apply the processor to the document, in-place.

Parameters:

document (Document) – Document to which to apply the processor.

Return type:

None

pydantic model mustash.processors.KeepProcessor

Bases: Processor

Processor for only keeping some fields.

For more information, see Remove processor (ElasticSearch) and prune filter (Logstash).

Config:

  • extra: str = forbid

  • arbitrary_types_allowed: bool = True

Fields:
Validators:

  • _validate » all fields

field condition: Condition | None = None

Condition depending on which the processor is executed.

field description: str | None = None

Optional description of the processor.

field fields: set[FieldPath] [Required]

Fields to keep.

field ignore_failure: bool = False

Whether to ignore failures for the processor.

field on_failure: list[Processor] | None = None

Processors to execute when a failure occurs.

field tag: str | None = None

Identifier for the processor, included in debugging and metrics.

async apply(document: Document, /) None

Apply the processor to the document, in-place.

Parameters:

document (Document) – Document to which to apply the processor.

Return type:

None

pydantic model mustash.processors.LowercaseProcessor

Bases: FieldProcessor[str]

Processor for converting a string to its lowercase equivalent.

For more information, see Lowercase processor (ElasticSearch) and lowercase mutation (Logstash).

Config:

  • extra: str = forbid

  • arbitrary_types_allowed: bool = True

Fields:
Validators:

  • _validate » all fields

field condition: Condition | None = None

Condition depending on which the processor is executed.

field description: str | None = None

Optional description of the processor.

field field: FieldPath [Required]

Field from which to get the size.

field ignore_failure: bool = False

Whether to ignore failures for the processor.

field ignore_missing: bool = False

Whether not to fail if the field is not present in the document.

field on_failure: list[Processor] | None = None

Processors to execute when a failure occurs.

field remove_if_successful: bool = False

Whether to remove the source field after processing it.

field tag: str | None = None

Identifier for the processor, included in debugging and metrics.

field target_field: FieldPath | None = None

Target field to set with the result.

async apply(document: Document, /) None

Apply the processor to the document, in-place.

Parameters:

document (Document) – Document to which to apply the processor.

Return type:

None

async process(value: str, /) str

Process the field into the expected type.

Parameters:

value (str) – Value to process.

Returns:

Processed value.

Return type:

str

pydantic model mustash.processors.RemoveProcessor

Bases: Processor

Processor for removing one or more fields.

For more information, see Remove processor (ElasticSearch) and prune filter (Logstash).

Config:

  • extra: str = forbid

  • arbitrary_types_allowed: bool = True

Fields:
Validators:

  • _validate » all fields

field condition: Condition | None = None

Condition depending on which the processor is executed.

field description: str | None = None

Optional description of the processor.

field fields: set[FieldPath] [Required]

Fields to remove.

field ignore_failure: bool = False

Whether to ignore failures for the processor.

field ignore_missing: bool = False

Whether to ignore any field to remove missing from the document.

field on_failure: list[Processor] | None = None

Processors to execute when a failure occurs.

field tag: str | None = None

Identifier for the processor, included in debugging and metrics.

async apply(document: Document, /) None

Apply the processor to the document, in-place.

Parameters:

document (Document) – Document to which to apply the processor.

Return type:

None

pydantic model mustash.processors.SetProcessor

Bases: Processor

Processor for setting a field to a value.

Config:

  • extra: str = forbid

  • arbitrary_types_allowed: bool = True

Fields:
field condition: Condition | None = None

Condition depending on which the processor is executed.

field description: str | None = None

Optional description of the processor.

field field: FieldPath [Required]

Field with which to get the array.

field ignore_empty_value: bool = False

Whether not to set an empty value.

field ignore_failure: bool = False

Whether to ignore failures for the processor.

field on_failure: list[Processor] | None = None

Processors to execute when a failure occurs.

field override: bool = True

Whether to override the field if already exists.

field tag: str | None = None

Identifier for the processor, included in debugging and metrics.

field value: Element [Required]

Value to add to the document.

async apply(document: Document, /) None

Apply the processor to the document, in-place.

Parameters:

document (Document) – Document to which to apply the processor.

Return type:

None

pydantic model mustash.processors.SortProcessor

Bases: FieldProcessor[list]

Processor for sorting an array.

For more information, see Sort processor (ElasticSearch).

Config:

  • extra: str = forbid

  • arbitrary_types_allowed: bool = True

Fields:
Validators:

  • _validate » all fields

field condition: Condition | None = None

Condition depending on which the processor is executed.

field description: str | None = None

Optional description of the processor.

field field: FieldPath [Required]

Field from which to get the size.

field ignore_failure: bool = False

Whether to ignore failures for the processor.

field ignore_missing: bool = False

Whether not to fail if the field is not present in the document.

field on_failure: list[Processor] | None = None

Processors to execute when a failure occurs.

field order: Literal['asc', 'desc'] = 'asc'

Order in which the array should be sorted.

field remove_if_successful: bool = False

Whether to remove the source field after processing it.

field tag: str | None = None

Identifier for the processor, included in debugging and metrics.

field target_field: FieldPath | None = None

Target field to set with the result.

async apply(document: Document, /) None

Apply the processor to the document, in-place.

Parameters:

document (Document) – Document to which to apply the processor.

Return type:

None

async process(value: list, /) list

Process the field into the expected type.

Parameters:

value (list) – Value to process.

Returns:

Processed value.

Return type:

list

pydantic model mustash.processors.RegexpSplitProcessor

Bases: FieldProcessor[str]

Processor for splitting a string into an array.

For more information, see Split processor (ElasticSearch) and split filter (Logstash).

Config:

  • extra: str = forbid

  • arbitrary_types_allowed: bool = True

Fields:
Validators:

  • _validate » all fields

field condition: Condition | None = None

Condition depending on which the processor is executed.

field description: str | None = None

Optional description of the processor.

field field: FieldPath [Required]

Field from which to get the size.

field ignore_failure: bool = False

Whether to ignore failures for the processor.

field ignore_missing: bool = False

Whether not to fail if the field is not present in the document.

field on_failure: list[Processor] | None = None

Processors to execute when a failure occurs.

field preserve_trailing: bool = False

Whether to preserve empty trailing fields, if any.

field remove_if_successful: bool = False

Whether to remove the source field after processing it.

field separator: re.Pattern [Required]

Separator pattern.

field tag: str | None = None

Identifier for the processor, included in debugging and metrics.

field target_field: FieldPath | None = None

Target field to set with the result.

async apply(document: Document, /) None

Apply the processor to the document, in-place.

Parameters:

document (Document) – Document to which to apply the processor.

Return type:

None

async process(value: str, /) list[str]

Process the field into the expected type.

Parameters:

value (str) – Value to process.

Returns:

Processed value.

Return type:

list[str]

pydantic model mustash.processors.StringProcessor

Bases: FieldProcessor

Processor for converting a value into a string.

Config:

  • extra: str = forbid

  • arbitrary_types_allowed: bool = True

Fields:
Validators:

  • _validate » all fields

field condition: Condition | None = None

Condition depending on which the processor is executed.

field description: str | None = None

Optional description of the processor.

field field: FieldPath [Required]

Field from which to get the size.

field ignore_failure: bool = False

Whether to ignore failures for the processor.

field ignore_missing: bool = False

Whether not to fail if the field is not present in the document.

field on_failure: list[Processor] | None = None

Processors to execute when a failure occurs.

field remove_if_successful: bool = False

Whether to remove the source field after processing it.

field tag: str | None = None

Identifier for the processor, included in debugging and metrics.

field target_field: FieldPath | None = None

Target field to set with the result.

async apply(document: Document, /) None

Apply the processor to the document, in-place.

Parameters:

document (Document) – Document to which to apply the processor.

Return type:

None

async process(value: Element, /) str

Process the field into the expected type.

Parameters:

value (Element) – Value to process.

Returns:

Processed value.

Return type:

str

pydantic model mustash.processors.TrimProcessor

Bases: FieldProcessor[Union[str, list[str]]]

Processor for trimming a string.

For more information, see Trim processor (ElasticSearch) and strip mutation (Logstash).

Config:

  • extra: str = forbid

  • arbitrary_types_allowed: bool = True

Fields:
Validators:

  • _validate » all fields

field condition: Condition | None = None

Condition depending on which the processor is executed.

field description: str | None = None

Optional description of the processor.

field field: FieldPath [Required]

Field from which to get the size.

field ignore_failure: bool = False

Whether to ignore failures for the processor.

field ignore_missing: bool = False

Whether not to fail if the field is not present in the document.

field on_failure: list[Processor] | None = None

Processors to execute when a failure occurs.

field remove_if_successful: bool = False

Whether to remove the source field after processing it.

field tag: str | None = None

Identifier for the processor, included in debugging and metrics.

field target_field: FieldPath | None = None

Target field to set with the result.

async apply(document: Document, /) None

Apply the processor to the document, in-place.

Parameters:

document (Document) – Document to which to apply the processor.

Return type:

None

async process(value: str | list[str], /) str | list[str]

Process the field into the expected type.

Parameters:

value (str | list[str]) – Value to process.

Returns:

Processed value.

Return type:

str | list[str]

pydantic model mustash.processors.UppercaseProcessor

Bases: FieldProcessor[str]

Processor for converting a string to its uppercase equivalent.

For more information, see Uppercase processor (ElasticSearch) and uppercase mutation (Logstash).

Config:

  • extra: str = forbid

  • arbitrary_types_allowed: bool = True

Fields:
Validators:

  • _validate » all fields

field condition: Condition | None = None

Condition depending on which the processor is executed.

field description: str | None = None

Optional description of the processor.

field field: FieldPath [Required]

Field from which to get the size.

field ignore_failure: bool = False

Whether to ignore failures for the processor.

field ignore_missing: bool = False

Whether not to fail if the field is not present in the document.

field on_failure: list[Processor] | None = None

Processors to execute when a failure occurs.

field remove_if_successful: bool = False

Whether to remove the source field after processing it.

field tag: str | None = None

Identifier for the processor, included in debugging and metrics.

field target_field: FieldPath | None = None

Target field to set with the result.

async apply(document: Document, /) None

Apply the processor to the document, in-place.

Parameters:

document (Document) – Document to which to apply the processor.

Return type:

None

async process(value: str, /) str

Process the field into the expected type.

Parameters:

value (str) – Value to process.

Returns:

Processed value.

Return type:

str

pydantic model mustash.processors.URIPartsProcessor

Bases: FieldProcessor[str]

Processor for parsing an URI to extract parts.

For more information, see URI parts processor (ElasticSearch).

Config:

  • extra: str = forbid

  • arbitrary_types_allowed: bool = True

Fields:
Validators:

  • _validate » all fields

field condition: Condition | None = None

Condition depending on which the processor is executed.

field description: str | None = None

Optional description of the processor.

field field: FieldPath [Required]

Field from which to get the size.

field ignore_failure: bool = False

Whether to ignore failures for the processor.

field ignore_missing: bool = False

Whether not to fail if the field is not present in the document.

field keep_original: bool = True

Whether to keep the original URI as <target_field>.original.

field on_failure: list[Processor] | None = None

Processors to execute when a failure occurs.

field remove_if_successful: bool = False

Whether to remove the source field after processing it.

field tag: str | None = None

Identifier for the processor, included in debugging and metrics.

field target_field: FieldPath | None = None

Target field to set with the result.

async apply(document: Document, /) None

Apply the processor to the document, in-place.

Parameters:

document (Document) – Document to which to apply the processor.

Return type:

None

async process(value: str, /) str

Process the field into the expected type.

Parameters:

value (str) – Value to process.

Returns:

Processed value.

Return type:

str

pydantic model mustash.processors.URLDecodeProcessor

Bases: FieldProcessor[str]

Processor for decoding an URL.

For more information, see URL decode processor (ElasticSearch) and urldecode filter (Logstash).

Config:

  • extra: str = forbid

  • arbitrary_types_allowed: bool = True

Fields:
Validators:

  • _validate » all fields

field condition: Condition | None = None

Condition depending on which the processor is executed.

field description: str | None = None

Optional description of the processor.

field field: FieldPath [Required]

Field from which to get the size.

field ignore_failure: bool = False

Whether to ignore failures for the processor.

field ignore_missing: bool = False

Whether not to fail if the field is not present in the document.

field on_failure: list[Processor] | None = None

Processors to execute when a failure occurs.

field remove_if_successful: bool = False

Whether to remove the source field after processing it.

field tag: str | None = None

Identifier for the processor, included in debugging and metrics.

field target_field: FieldPath | None = None

Target field to set with the result.

async apply(document: Document, /) None

Apply the processor to the document, in-place.

Parameters:

document (Document) – Document to which to apply the processor.

Return type:

None

async process(value: str, /) str

Process the field into the expected type.

Parameters:

value (str) – Value to process.

Returns:

Processed value.

Return type:

str

pydantic model mustash.processors.UserAgentProcessor

Bases: FieldProcessor[str]

Processor for parsing a user agent.

For more information, see User agent processor (ElasticSearch) and useragent filter (Logstash).

Config:

  • extra: str = forbid

  • arbitrary_types_allowed: bool = True

Fields:
Validators:

  • _validate » all fields

field condition: Condition | None = None

Condition depending on which the processor is executed.

field description: str | None = None

Optional description of the processor.

field field: FieldPath [Required]

Field from which to get the size.

field ignore_failure: bool = False

Whether to ignore failures for the processor.

field ignore_missing: bool = False

Whether not to fail if the field is not present in the document.

field on_failure: list[Processor] | None = None

Processors to execute when a failure occurs.

field properties: list[str] = ['name', 'major', 'minor', 'patch', 'build', 'os', 'os_name', 'os_major', 'os_minor', 'device']

Properties to add to the target.

field regex_file: str | None = None

Name of the file containing the regular expressions for parsing.

field remove_if_successful: bool = False

Whether to remove the source field after processing it.

field tag: str | None = None

Identifier for the processor, included in debugging and metrics.

field target_field: FieldPath | None = None

Target field to set with the result.

async apply(document: Document, /) None

Apply the processor to the document, in-place.

Parameters:

document (Document) – Document to which to apply the processor.

Return type:

None

async process(value: str, /) str

Process the field into the expected type.

Parameters:

value (str) – Value to process.

Returns:

Processed value.

Return type:

str