Zed JS #1603
Zed JS #1603
Conversation
app/core/formatters/format-zed.ts
Outdated
| if (zed.isInt(data)) return withCommas(data.toString()) | ||
| if (zed.isTime(data)) return brim.time(data.toDate()).format() | ||
| if (zed.isStringy(data)) { | ||
| // only whitespace |
There was a problem hiding this comment.
This isn't doing anything...
| null | ||
| ] | ||
| const record = new zng.Record(type, value) | ||
| const record = createRecord({ |
There was a problem hiding this comment.
Did createRecord() already exist? I think the zed library would have this as a helper method, e.g., CreateRecordFromObject() takes an javascript object, normalizes the keys into an deterministic column order, and looks up the zed.TypeRecorcd, etc.
|
|
||
| export function createRecord(object): zed.Record { | ||
| let fields: zed.Field[] = [] | ||
| for (let name in object) { |
There was a problem hiding this comment.
Should you normalize the column order or does javascript semantics these days do the right thing? The main thing is to look up the same zng type no matter what the column order is.
There was a problem hiding this comment.
Most javascript engines keep the order, but it's not a guarantee. I'd like to normalize the order as you suggest eventually. When we move it into the zed package, that would be a good time. This is just a helper function used in unit tests.
test/fixtures/zjson-types.ts
Outdated
|
|
||
| export const STRING = {kind: "primitive", name: "string"} as PrimitiveType | ||
| export const TIME = {kind: "primitive", name: "time"} as PrimitiveType | ||
| export const COUNT = {kind: "primitive", name: "count"} as PrimitiveType |
There was a problem hiding this comment.
There is no primitive in Zed called "count". With zeek import, the count type is turned to uint64.
There was a problem hiding this comment.
Thanks, this whole file was left over from old times. I'll delete.
test/fixtures/zjson-types.ts
Outdated
| export const STRING = {kind: "primitive", name: "string"} as PrimitiveType | ||
| export const TIME = {kind: "primitive", name: "time"} as PrimitiveType | ||
| export const COUNT = {kind: "primitive", name: "count"} as PrimitiveType | ||
| export const INTERVAL = {kind: "primitive", name: "interval"} as PrimitiveType |
There was a problem hiding this comment.
Same... no "interval" primtiive.
| import {Field} from "./values/field" | ||
|
|
||
| export class ZedContext { | ||
| private id = 23 |
There was a problem hiding this comment.
I didn't think you needed 23 since it doesn't appear anywhere in the ZJSON protocol, unless I messed up?
There was a problem hiding this comment.
This is arbitrary. It was convenient to have the same starting id as the backend for testing.
| // table, and return it. If it is not, it is an alias. Look it up in the | ||
| // context's typeAliases table, and return it. | ||
|
|
||
| switch (obj.kind) { |
There was a problem hiding this comment.
This looks great! How'd you figure out how to structure this? :-)
zealot/zed/primitive.ts
Outdated
| @@ -0,0 +1,54 @@ | |||
| // export class zed.Primitive { | |||
There was a problem hiding this comment.
Why is this here all commented out?
There was a problem hiding this comment.
Forgot to clean that up. It was a reference to the old code. Deleted it.
zealot/zed/types/type-def.ts
Outdated
|
|
||
| create(value) { | ||
| console.log(value) | ||
| throw new Error("Im here!") |
There was a problem hiding this comment.
This was not used, TypeAlias is the class is actually used for this. Deleted
|
|
||
| toInt() { | ||
| if (isNull(this.value)) return null | ||
| return parseInt(this.value) |
There was a problem hiding this comment.
This doesn't provide 64-bit resolution
There was a problem hiding this comment.
I can use BigInt(this.value) to handle the big ints. I tried just now, but it breaks the histogram somehow when trying to sum numbers to gather. I'll follow this PR up with a fix for the 64 bits soon.
|
I'm deferring to @mason-fish for the approval button. |
| ` | ||
| const pad = (bool) => (bool ? <Space /> : null) | ||
|
|
||
| export default function Value(props: ValueProps) { |
| // "yyyy-MM-dd'T'HH:mm:ss.SSSSSSSSS'Z'" | ||
| // ) | ||
|
|
||
| const tsString = ts.toString() |
There was a problem hiding this comment.
Will this still preserve nano second precision? I threw in this js-joda stuff here to help with the formatting since brimcap explicitly expects RFC3999nano
There was a problem hiding this comment.
Yes, the time values from zjson are now represent as RFC39999nano strings. I moved the js-joda code in the zed.Time class because I need to parse them there.
| const dur = log.get("duration") as zed.Duration | ||
| const dest = join( | ||
| this.api.getTempDir(), | ||
| `packets-${ts.toString()}.pcap`.replaceAll(":", "_") |
There was a problem hiding this comment.
Is this the fix for Windows you mentioned?
| ): MenuItemConstructorOptions[] { | ||
| const isTime = field.data.getType() === "time" | ||
| export default function detailFieldContextMenu({field, record, value}) { | ||
| return (_, getState) => { |
There was a problem hiding this comment.
context menus as thunks ftw 🔥
| @@ -1,5 +1,6 @@ | |||
| import typescript from "@rollup/plugin-typescript" | |||
| import commonjs from "@rollup/plugin-commonjs" | |||
| import nodeResolve from "@rollup/plugin-node-resolve" | |||
There was a problem hiding this comment.
I noticed this in the dependency changes too, what is it for?
There was a problem hiding this comment.
This is to pull in the js-joda library into the zealot bundle. We previously had no external dependencies.
scripts/rename.js
Outdated
| @@ -0,0 +1,22 @@ | |||
| const {Project} = require("ts-morph") | |||
There was a problem hiding this comment.
Did this sneak in as part of your file renaming PR?
| log={log} | ||
| style={{width}} | ||
| /> | ||
| <Cell width={width} key={key} name={field.name}> |
src/pkg/brimcap/index.ts
Outdated
| @@ -0,0 +1,5 @@ | |||
| function load() {} | |||
There was a problem hiding this comment.
Is this just some scaffolding from our convos about the brimcap loaders? 🤔
There was a problem hiding this comment.
You are correct. Will delete.
| @@ -0,0 +1,2 @@ | |||
| { first_name: "James" } (=person_schema) | |||
| { score: 100 } | |||
| const ts = logs[index].get("ts") as zng.Primitive | ||
| if (ts.getType() == "time") { | ||
| const ts = logs[index].try<zed.Time>("ts") | ||
| if (ts && ts instanceof zed.Time) { |
There was a problem hiding this comment.
Would
if (ts instanceof zed.Time) {`suffice here or is the ts && necessary?
There was a problem hiding this comment.
You are right, it is not needed. Sweet.
|
I happened to just try testing a pcap import on this branch (so, commit 6d3f120 at the moment) and it looks like the colored tiles for the different Zeek/Suricata record types have stopped working. @jameskerr is this expected?
|
This reverts commit 1df4971.
|
Thanks for pointing that out. I've put the colors back in. |
|
Thanks so much for the reviews everyone. Glad to have this merged. When tests pass, I will merge. But will follow it right up with a proper "duration" parsing function. |
| display() { | ||
| if (value === "(empty)") { | ||
| return "" |
There was a problem hiding this comment.
I'm just going back in time to recognize that this looks like what fixed #832.
The full zed type system in JavaScript and all the implications of the new apis in the app.
zealot/zed. There are classes for each type and for each value. The context classes handles decoding and encoding into and from zjson.ZealotContextto decode and encode any Zed data it sees.test/responses/index.tsapp/viewer/value.tsxandapp/viewer/cell.tsx.createCellobject has been removed and replaced with other simpler functions.ZealotContext.encodeRecord(r)andZealotContext.decodeRecord(zjson)ZealotContext.encodeField(f)andZealotContext.decodeField(f)Happy to answer any other questions as the come up!
Fixes #1608
Fixes #832