Event Queries using a domain specific language #4

glaslos · 2022-05-30T14:48:06Z

We introduce the term Queries for filters and labels.

Goals:

Being able to filter events by more than just destination port.
Instead of filtering events, apply a label to an event. E.g. assign a protocol to an event.
When picking Apply, add the filter to a list of filters.
User should be able to delete a filter.
User should be able to edit a filter.
On a new event, apply all filters and labels.

Approach:

Consider wireshark https://wiki.wireshark.org/DisplayFilters as an option for the syntax .
Consider waxeye for DSL https://waxeye-org.github.io/waxeye/index.html
Consider using js-dsl for DSL https://venkatperi.github.io/js-dsl/
Consider chevrotain (although I had some dependency issues, see dsl branch)

Branch:

I started a little on this, branch here: https://github.com/glaslos/ochi/tree/dsl (some issues handling the library as dependency)

Example Queries:

glaslos · 2023-06-25T11:38:33Z

Completed with #46

glaslos added the draft label May 30, 2022

glaslos removed the draft label Jun 6, 2022

glaslos changed the title ~~Event Filters and Labels~~ Event Queries Jun 6, 2022

glaslos added the enhancement New feature or request label Feb 22, 2023

glaslos changed the title ~~Event Queries~~ Event Queries using a domain specific language Feb 22, 2023

glaslos mentioned this issue Feb 26, 2023

Persist Queries #6

Closed

glaslos mentioned this issue Mar 16, 2023

Google Summer of Code 2023 #26

Closed

glaslos closed this as completed Jun 25, 2023

Provide feedback