You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Does anybody know if the roadmap of Stream Processing includes as a future feature the possibility of add a field with a hardcoded value with SELECT, like you can do with PostgreSQL?
For example, something like this (add the Mitre ATT&CK technic/tactic as a new field, mitre_id):
[STREAM_TASK]
Name dns_detections_request_type_high_rate_NULL
Exec CREATE STREAM dns_detections_request_type_high_rate_NULL WITH (tag='dns_detections_request_type_high_rate_NULL') AS SELECT ipaddress AS ipaddress, qtype AS qtype, COUNT(qtype) AS count_qtype, 'T1071.004' AS mitre_id * FROM TAG:'dns_metrics_request_type_NULL_1m' WHERE count_qtype > 10;
I know that you can do it with with Record Modifier, https://docs.fluentbit.io/manual/pipeline/filters/record-modifier, but I think it is always easier to do as much as you can with SQL on Stream Processing.
Only to know if any of the developers thought about that.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Hi all,
Does anybody know if the roadmap of Stream Processing includes as a future feature the possibility of add a field with a hardcoded value with SELECT, like you can do with PostgreSQL?
For example, something like this (add the Mitre ATT&CK technic/tactic as a new field, mitre_id):
[STREAM_TASK]
Name dns_detections_request_type_high_rate_NULL
Exec CREATE STREAM dns_detections_request_type_high_rate_NULL WITH (tag='dns_detections_request_type_high_rate_NULL') AS SELECT ipaddress AS ipaddress, qtype AS qtype, COUNT(qtype) AS count_qtype, 'T1071.004' AS mitre_id * FROM TAG:'dns_metrics_request_type_NULL_1m' WHERE count_qtype > 10;
I know that you can do it with with Record Modifier, https://docs.fluentbit.io/manual/pipeline/filters/record-modifier, but I think it is always easier to do as much as you can with SQL on Stream Processing.
Only to know if any of the developers thought about that.
Thanks!
Beta Was this translation helpful? Give feedback.
All reactions