Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-06 08:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Copy docs into Zeek repo directly

Browse source 
This is based on commit 2731def9159247e6da8a3191783c89683363689c from the
zeek-docs repo.
This commit is contained in:
Tim Wojtulewicz 2025-09-15 15:52:18 -07:00
parent 83f1e74643
commit ded98cd373
1074 changed files with 169319 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

14
doc/scripts/base/frameworks/sumstats/plugins/__load__.zeek.rst Normal file
View file

@ -0,0 +1,14 @@
:tocdepth: 3
base/frameworks/sumstats/plugins/__load__.zeek
==============================================
:Imports: :doc:`base/frameworks/sumstats/plugins/average.zeek </scripts/base/frameworks/sumstats/plugins/average.zeek>`, :doc:`base/frameworks/sumstats/plugins/hll_unique.zeek </scripts/base/frameworks/sumstats/plugins/hll_unique.zeek>`, :doc:`base/frameworks/sumstats/plugins/last.zeek </scripts/base/frameworks/sumstats/plugins/last.zeek>`, :doc:`base/frameworks/sumstats/plugins/max.zeek </scripts/base/frameworks/sumstats/plugins/max.zeek>`, :doc:`base/frameworks/sumstats/plugins/min.zeek </scripts/base/frameworks/sumstats/plugins/min.zeek>`, :doc:`base/frameworks/sumstats/plugins/sample.zeek </scripts/base/frameworks/sumstats/plugins/sample.zeek>`, :doc:`base/frameworks/sumstats/plugins/std-dev.zeek </scripts/base/frameworks/sumstats/plugins/std-dev.zeek>`, :doc:`base/frameworks/sumstats/plugins/sum.zeek </scripts/base/frameworks/sumstats/plugins/sum.zeek>`, :doc:`base/frameworks/sumstats/plugins/topk.zeek </scripts/base/frameworks/sumstats/plugins/topk.zeek>`, :doc:`base/frameworks/sumstats/plugins/unique.zeek </scripts/base/frameworks/sumstats/plugins/unique.zeek>`, :doc:`base/frameworks/sumstats/plugins/variance.zeek </scripts/base/frameworks/sumstats/plugins/variance.zeek>`
Summary
~~~~~~~
Detailed Interface
~~~~~~~~~~~~~~~~~~

32
doc/scripts/base/frameworks/sumstats/plugins/average.zeek.rst Normal file
View file

@ -0,0 +1,32 @@
:tocdepth: 3
base/frameworks/sumstats/plugins/average.zeek
=============================================
.. zeek:namespace:: SumStats
Calculate the average.
:Namespace: SumStats
:Imports: :doc:`base/frameworks/sumstats/main.zeek </scripts/base/frameworks/sumstats/main.zeek>`
Summary
~~~~~~~
Redefinitions
#############
===================================================== ========================================================
:zeek:type:`SumStats::Calculation`: :zeek:type:`enum`
* :zeek:enum:`SumStats::AVERAGE`:
Calculate the average of the values.
:zeek:type:`SumStats::ResultVal`: :zeek:type:`record`
:New Fields: :zeek:type:`SumStats::ResultVal`
average: :zeek:type:`double` :zeek:attr:`&optional`
For numeric data, this is the average of all values.
===================================================== ========================================================
Detailed Interface
~~~~~~~~~~~~~~~~~~

61
doc/scripts/base/frameworks/sumstats/plugins/hll_unique.zeek.rst Normal file
View file

@ -0,0 +1,61 @@
:tocdepth: 3
base/frameworks/sumstats/plugins/hll_unique.zeek
================================================
.. zeek:namespace:: SumStats
Calculate the number of unique values (using the HyperLogLog algorithm).
:Namespace: SumStats
:Imports: :doc:`base/frameworks/sumstats </scripts/base/frameworks/sumstats/index>`
Summary
~~~~~~~
Redefinitions
#############
===================================================== ===============================================================================================
:zeek:type:`SumStats::Calculation`: :zeek:type:`enum`
* :zeek:enum:`SumStats::HLL_UNIQUE`:
Calculate the number of unique values.
:zeek:type:`SumStats::Reducer`: :zeek:type:`record`
:New Fields: :zeek:type:`SumStats::Reducer`
hll_error_margin: :zeek:type:`double` :zeek:attr:`&default` = ``0.01`` :zeek:attr:`&optional`
The error margin for HLL.
hll_confidence: :zeek:type:`double` :zeek:attr:`&default` = ``0.95`` :zeek:attr:`&optional`
The confidence for HLL.
:zeek:type:`SumStats::ResultVal`: :zeek:type:`record`
:New Fields: :zeek:type:`SumStats::ResultVal`
hll_unique: :zeek:type:`count` :zeek:attr:`&default` = ``0`` :zeek:attr:`&optional`
If cardinality is being tracked, the number of unique
items is tracked here.
card: :zeek:type:`opaque` of cardinality :zeek:attr:`&optional`
hll_error_margin: :zeek:type:`double` :zeek:attr:`&optional`
hll_confidence: :zeek:type:`double` :zeek:attr:`&optional`
:zeek:type:`SumStats::ResultVal`: :zeek:type:`record`
:New Fields: :zeek:type:`SumStats::ResultVal`
hll_unique: :zeek:type:`count` :zeek:attr:`&default` = ``0`` :zeek:attr:`&optional`
If cardinality is being tracked, the number of unique
items is tracked here.
card: :zeek:type:`opaque` of cardinality :zeek:attr:`&optional`
hll_error_margin: :zeek:type:`double` :zeek:attr:`&optional`
hll_confidence: :zeek:type:`double` :zeek:attr:`&optional`
===================================================== ===============================================================================================
Detailed Interface
~~~~~~~~~~~~~~~~~~

59
doc/scripts/base/frameworks/sumstats/plugins/index.rst Normal file
View file

@ -0,0 +1,59 @@
:orphan:
Package: base/frameworks/sumstats/plugins
=========================================
Plugins for the summary statistics framework.
:doc:`/scripts/base/frameworks/sumstats/plugins/__load__.zeek`
:doc:`/scripts/base/frameworks/sumstats/plugins/average.zeek`
Calculate the average.
:doc:`/scripts/base/frameworks/sumstats/plugins/hll_unique.zeek`
Calculate the number of unique values (using the HyperLogLog algorithm).
:doc:`/scripts/base/frameworks/sumstats/plugins/last.zeek`
Keep the last X observations.
:doc:`/scripts/base/frameworks/sumstats/plugins/max.zeek`
Find the maximum value.
:doc:`/scripts/base/frameworks/sumstats/plugins/min.zeek`
Find the minimum value.
:doc:`/scripts/base/frameworks/sumstats/plugins/sample.zeek`
Keep a random sample of values.
:doc:`/scripts/base/frameworks/sumstats/plugins/std-dev.zeek`
Calculate the standard deviation.
:doc:`/scripts/base/frameworks/sumstats/plugins/variance.zeek`
Calculate the variance.
:doc:`/scripts/base/frameworks/sumstats/plugins/sum.zeek`
Calculate the sum.
:doc:`/scripts/base/frameworks/sumstats/plugins/topk.zeek`
Keep the top-k (i.e., most frequently occurring) observations.
This plugin uses a probabilistic algorithm to count the top-k elements.
The algorithm (called Space-Saving) is described in the paper Efficient
Computation of Frequent and Top-k Elements in Data Streams", by
Metwally et al. (2005).
:doc:`/scripts/base/frameworks/sumstats/plugins/unique.zeek`
Calculate the number of unique values.

53
doc/scripts/base/frameworks/sumstats/plugins/last.zeek.rst Normal file
View file

@ -0,0 +1,53 @@
:tocdepth: 3
base/frameworks/sumstats/plugins/last.zeek
==========================================
.. zeek:namespace:: SumStats
Keep the last X observations.
:Namespace: SumStats
:Imports: :doc:`base/frameworks/sumstats </scripts/base/frameworks/sumstats/index>`, :doc:`base/utils/queue.zeek </scripts/base/utils/queue.zeek>`
Summary
~~~~~~~
Redefinitions
#############
===================================================== ============================================================================================
:zeek:type:`SumStats::Calculation`: :zeek:type:`enum`
* :zeek:enum:`SumStats::LAST`:
Keep last X observations in a queue.
:zeek:type:`SumStats::Reducer`: :zeek:type:`record`
:New Fields: :zeek:type:`SumStats::Reducer`
num_last_elements: :zeek:type:`count` :zeek:attr:`&default` = ``0`` :zeek:attr:`&optional`
Number of elements to keep.
:zeek:type:`SumStats::ResultVal`: :zeek:type:`record`
:New Fields: :zeek:type:`SumStats::ResultVal`
last_elements: :zeek:type:`Queue::Queue` :zeek:attr:`&optional`
This is the queue where elements are maintained.
===================================================== ============================================================================================
Functions
#########
==================================================== ================================================
:zeek:id:`SumStats::get_last`: :zeek:type:`function` Get a vector of element values from a ResultVal.
==================================================== ================================================
Detailed Interface
~~~~~~~~~~~~~~~~~~
Functions
#########
.. zeek:id:: SumStats::get_last
:source-code: base/frameworks/sumstats/plugins/last.zeek 31 48
:Type: :zeek:type:`function` (rv: :zeek:type:`SumStats::ResultVal`) : :zeek:type:`vector` of :zeek:type:`SumStats::Observation`
Get a vector of element values from a ResultVal.

32
doc/scripts/base/frameworks/sumstats/plugins/max.zeek.rst Normal file
View file

@ -0,0 +1,32 @@
:tocdepth: 3
base/frameworks/sumstats/plugins/max.zeek
=========================================
.. zeek:namespace:: SumStats
Find the maximum value.
:Namespace: SumStats
:Imports: :doc:`base/frameworks/sumstats/main.zeek </scripts/base/frameworks/sumstats/main.zeek>`
Summary
~~~~~~~
Redefinitions
#############
===================================================== ====================================================
:zeek:type:`SumStats::Calculation`: :zeek:type:`enum`
* :zeek:enum:`SumStats::MAX`:
Find the maximum value.
:zeek:type:`SumStats::ResultVal`: :zeek:type:`record`
:New Fields: :zeek:type:`SumStats::ResultVal`
max: :zeek:type:`double` :zeek:attr:`&optional`
For numeric data, this tracks the maximum value.
===================================================== ====================================================
Detailed Interface
~~~~~~~~~~~~~~~~~~

32
doc/scripts/base/frameworks/sumstats/plugins/min.zeek.rst Normal file
View file

@ -0,0 +1,32 @@
:tocdepth: 3
base/frameworks/sumstats/plugins/min.zeek
=========================================
.. zeek:namespace:: SumStats
Find the minimum value.
:Namespace: SumStats
:Imports: :doc:`base/frameworks/sumstats/main.zeek </scripts/base/frameworks/sumstats/main.zeek>`
Summary
~~~~~~~
Redefinitions
#############
===================================================== ====================================================
:zeek:type:`SumStats::Calculation`: :zeek:type:`enum`
* :zeek:enum:`SumStats::MIN`:
Find the minimum value.
:zeek:type:`SumStats::ResultVal`: :zeek:type:`record`
:New Fields: :zeek:type:`SumStats::ResultVal`
min: :zeek:type:`double` :zeek:attr:`&optional`
For numeric data, this tracks the minimum value.
===================================================== ====================================================
Detailed Interface
~~~~~~~~~~~~~~~~~~

55
doc/scripts/base/frameworks/sumstats/plugins/sample.zeek.rst Normal file
View file

@ -0,0 +1,55 @@
:tocdepth: 3
base/frameworks/sumstats/plugins/sample.zeek
============================================
.. zeek:namespace:: SumStats
Keep a random sample of values.
:Namespace: SumStats
:Imports: :doc:`base/frameworks/sumstats/main.zeek </scripts/base/frameworks/sumstats/main.zeek>`
Summary
~~~~~~~
Redefinitions
#############
===================================================== ==========================================================================================================================
:zeek:type:`SumStats::Calculation`: :zeek:type:`enum`
* :zeek:enum:`SumStats::SAMPLE`:
Get uniquely distributed random samples from the observation
stream.
:zeek:type:`SumStats::Reducer`: :zeek:type:`record`
:New Fields: :zeek:type:`SumStats::Reducer`
num_samples: :zeek:type:`count` :zeek:attr:`&default` = ``0`` :zeek:attr:`&optional`
The number of sample Observations to collect.
:zeek:type:`SumStats::ResultVal`: :zeek:type:`record`
:New Fields: :zeek:type:`SumStats::ResultVal`
samples: :zeek:type:`vector` of :zeek:type:`SumStats::Observation` :zeek:attr:`&default` = ``[]`` :zeek:attr:`&optional`
This is the vector in which the samples are maintained.
sample_elements: :zeek:type:`count` :zeek:attr:`&default` = ``0`` :zeek:attr:`&optional`
Number of total observed elements.
num_samples: :zeek:type:`count` :zeek:attr:`&default` = ``0`` :zeek:attr:`&optional`
:zeek:type:`SumStats::ResultVal`: :zeek:type:`record`
:New Fields: :zeek:type:`SumStats::ResultVal`
samples: :zeek:type:`vector` of :zeek:type:`SumStats::Observation` :zeek:attr:`&default` = ``[]`` :zeek:attr:`&optional`
This is the vector in which the samples are maintained.
sample_elements: :zeek:type:`count` :zeek:attr:`&default` = ``0`` :zeek:attr:`&optional`
Number of total observed elements.
num_samples: :zeek:type:`count` :zeek:attr:`&default` = ``0`` :zeek:attr:`&optional`
===================================================== ==========================================================================================================================
Detailed Interface
~~~~~~~~~~~~~~~~~~

32
doc/scripts/base/frameworks/sumstats/plugins/std-dev.zeek.rst Normal file
View file

@ -0,0 +1,32 @@
:tocdepth: 3
base/frameworks/sumstats/plugins/std-dev.zeek
=============================================
.. zeek:namespace:: SumStats
Calculate the standard deviation.
:Namespace: SumStats
:Imports: :doc:`base/frameworks/sumstats/main.zeek </scripts/base/frameworks/sumstats/main.zeek>`, :doc:`base/frameworks/sumstats/plugins/variance.zeek </scripts/base/frameworks/sumstats/plugins/variance.zeek>`
Summary
~~~~~~~
Redefinitions
#############
===================================================== =====================================================================================
:zeek:type:`SumStats::Calculation`: :zeek:type:`enum`
* :zeek:enum:`SumStats::STD_DEV`:
Calculate the standard deviation of the values.
:zeek:type:`SumStats::ResultVal`: :zeek:type:`record`
:New Fields: :zeek:type:`SumStats::ResultVal`
std_dev: :zeek:type:`double` :zeek:attr:`&default` = ``0.0`` :zeek:attr:`&optional`
For numeric data, this calculates the standard deviation.
===================================================== =====================================================================================
Detailed Interface
~~~~~~~~~~~~~~~~~~

32
doc/scripts/base/frameworks/sumstats/plugins/sum.zeek.rst Normal file
View file

@ -0,0 +1,32 @@
:tocdepth: 3
base/frameworks/sumstats/plugins/sum.zeek
=========================================
.. zeek:namespace:: SumStats
Calculate the sum.
:Namespace: SumStats
:Imports: :doc:`base/frameworks/sumstats/main.zeek </scripts/base/frameworks/sumstats/main.zeek>`
Summary
~~~~~~~
Redefinitions
#############
===================================================== =================================================================================
:zeek:type:`SumStats::Calculation`: :zeek:type:`enum`
* :zeek:enum:`SumStats::SUM`:
Calculate the sum of the values.
:zeek:type:`SumStats::ResultVal`: :zeek:type:`record`
:New Fields: :zeek:type:`SumStats::ResultVal`
sum: :zeek:type:`double` :zeek:attr:`&default` = ``0.0`` :zeek:attr:`&optional`
For numeric data, this tracks the sum of all values.
===================================================== =================================================================================
Detailed Interface
~~~~~~~~~~~~~~~~~~

44
doc/scripts/base/frameworks/sumstats/plugins/topk.zeek.rst Normal file
View file

@ -0,0 +1,44 @@
:tocdepth: 3
base/frameworks/sumstats/plugins/topk.zeek
==========================================
.. zeek:namespace:: SumStats
Keep the top-k (i.e., most frequently occurring) observations.
This plugin uses a probabilistic algorithm to count the top-k elements.
The algorithm (called Space-Saving) is described in the paper Efficient
Computation of Frequent and Top-k Elements in Data Streams", by
Metwally et al. (2005).
:Namespace: SumStats
:Imports: :doc:`base/frameworks/sumstats </scripts/base/frameworks/sumstats/index>`
Summary
~~~~~~~
Redefinitions
#############
===================================================== ======================================================================================
:zeek:type:`SumStats::Calculation`: :zeek:type:`enum`
* :zeek:enum:`SumStats::TOPK`:
Keep a top-k list of values.
:zeek:type:`SumStats::Reducer`: :zeek:type:`record`
:New Fields: :zeek:type:`SumStats::Reducer`
topk_size: :zeek:type:`count` :zeek:attr:`&default` = ``500`` :zeek:attr:`&optional`
Number of elements to keep in the top-k list.
:zeek:type:`SumStats::ResultVal`: :zeek:type:`record`
:New Fields: :zeek:type:`SumStats::ResultVal`
topk: :zeek:type:`opaque` of topk :zeek:attr:`&optional`
A handle which can be passed to some built-in functions to get
the top-k results.
===================================================== ======================================================================================
Detailed Interface
~~~~~~~~~~~~~~~~~~

54
doc/scripts/base/frameworks/sumstats/plugins/unique.zeek.rst Normal file
View file

@ -0,0 +1,54 @@
:tocdepth: 3
base/frameworks/sumstats/plugins/unique.zeek
============================================
.. zeek:namespace:: SumStats
Calculate the number of unique values.
:Namespace: SumStats
:Imports: :doc:`base/frameworks/sumstats/main.zeek </scripts/base/frameworks/sumstats/main.zeek>`
Summary
~~~~~~~
Redefinitions
#############
===================================================== ===========================================================================================
:zeek:type:`SumStats::Calculation`: :zeek:type:`enum`
* :zeek:enum:`SumStats::UNIQUE`:
Calculate the number of unique values.
:zeek:type:`SumStats::Reducer`: :zeek:type:`record`
:New Fields: :zeek:type:`SumStats::Reducer`
unique_max: :zeek:type:`count` :zeek:attr:`&optional`
Maximum number of unique values to store.
:zeek:type:`SumStats::ResultVal`: :zeek:type:`record`
:New Fields: :zeek:type:`SumStats::ResultVal`
unique: :zeek:type:`count` :zeek:attr:`&default` = ``0`` :zeek:attr:`&optional`
If cardinality is being tracked, the number of unique
values is tracked here.
unique_max: :zeek:type:`count` :zeek:attr:`&optional`
unique_vals: :zeek:type:`set` [:zeek:type:`SumStats::Observation`] :zeek:attr:`&optional`
:zeek:type:`SumStats::ResultVal`: :zeek:type:`record`
:New Fields: :zeek:type:`SumStats::ResultVal`
unique: :zeek:type:`count` :zeek:attr:`&default` = ``0`` :zeek:attr:`&optional`
If cardinality is being tracked, the number of unique
values is tracked here.
unique_max: :zeek:type:`count` :zeek:attr:`&optional`
unique_vals: :zeek:type:`set` [:zeek:type:`SumStats::Observation`] :zeek:attr:`&optional`
===================================================== ===========================================================================================
Detailed Interface
~~~~~~~~~~~~~~~~~~

46
doc/scripts/base/frameworks/sumstats/plugins/variance.zeek.rst Normal file
View file

@ -0,0 +1,46 @@
:tocdepth: 3
base/frameworks/sumstats/plugins/variance.zeek
==============================================
.. zeek:namespace:: SumStats
Calculate the variance.
:Namespace: SumStats
:Imports: :doc:`base/frameworks/sumstats/main.zeek </scripts/base/frameworks/sumstats/main.zeek>`, :doc:`base/frameworks/sumstats/plugins/average.zeek </scripts/base/frameworks/sumstats/plugins/average.zeek>`
Summary
~~~~~~~
Redefinitions
#############
===================================================== ===================================================================================
:zeek:type:`SumStats::Calculation`: :zeek:type:`enum`
* :zeek:enum:`SumStats::VARIANCE`:
Calculate the variance of the values.
:zeek:type:`SumStats::ResultVal`: :zeek:type:`record`
:New Fields: :zeek:type:`SumStats::ResultVal`
variance: :zeek:type:`double` :zeek:attr:`&optional`
For numeric data, this is the variance.
prev_avg: :zeek:type:`double` :zeek:attr:`&optional`
var_s: :zeek:type:`double` :zeek:attr:`&default` = ``0.0`` :zeek:attr:`&optional`
:zeek:type:`SumStats::ResultVal`: :zeek:type:`record`
:New Fields: :zeek:type:`SumStats::ResultVal`
variance: :zeek:type:`double` :zeek:attr:`&optional`
For numeric data, this is the variance.
prev_avg: :zeek:type:`double` :zeek:attr:`&optional`
var_s: :zeek:type:`double` :zeek:attr:`&default` = ``0.0`` :zeek:attr:`&optional`
===================================================== ===================================================================================
Detailed Interface
~~~~~~~~~~~~~~~~~~