Skip to main content

hec_event_to_map

Function hec_event_to_map 

Source
fn hec_event_to_map(
    event: Value,
    query_table: Option<&str>,
) -> Option<(String, Value, Vec<String>)>
Expand description

Maps one HEC event to (table, per-event map, tag names): time->timestamp, index->table, host/source/sourcetype/fields->tags, event+rest->data. None if the event isn’t a JSON object.