Script Filter

Definition

Description

If event matches Condition interpret script expression String, using language String.

 

 

Comments

If String is missing, blank or invalid, it will default to "jython" for both Unix and Windows.

Supported languages include "jython", "javascript" and "groovy". See the example in each language.

At runtime, the following global variables are made available in the scripting environment:

  1. currentEvent - an object of type com.eventgnosis.types.Event representing the event that is currently being processed. Fields of the event can be accessed or modified by calling the public methods of com.eventgnosis.types.XmlRep which is used by the Event class.

    For example :
    currentEvent.getXml().addField(String name, String value, String nameAfter, boolean first)  so that
    currentEvent.getXml().addField("ev:first","firstField","",true) adds new field to the Event with field name ev:first and value firstField as a first field in the Event
    currentEvent.getXml().getPropertyValue("ev:msg") - returns the value of the Event’s ev:msg field
    currentEvent.getXml().setField("ev:msg", "new value") - sets the value of ev:msg field to "new value"

  2. scriptingAPI - an object of type com.eventgnosis.util.ScriptingHelper.ScriptingAPI

    This object provides the following services:

    • scriptingAPI.getGlobalContext() - a synchronized java.util.Map which provides a global, thread-safe, ECS-wide storage space for data. Data will persist between script invocations and can also be shared between scripting filter instances.

    • clearGlobalContext() – safely clear the global context.

    • scriptingAPI.insertEvent(Event event, String destination) - insert event into a stream to be sent to the specified destination.

    • scriptingAPI.createEvent(String host, String app, String log) - create a new object of type Event.

    • scriptingAPI.copyEvent(Event ev) - make a copy of the specified Event

Only one script will be executing at a given time. The prior script must complete its execution before the next event can be processed, possibly filling up the incoming event queue if script execution is slower than event arrival.