From f03b023f1a2cf48569499c7ad4222d15094efbb8 Mon Sep 17 00:00:00 2001
From: Dominik Lohmann <mail@dominiklohmann.de>
Date: Sat, 7 Oct 2023 20:15:45 +0200
Subject: [PATCH] Remove support for models
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Models were fundamentally broken in query evaluation, and no one
noticed—which is usually a sign that a feature can be removed without
much user friction. We already have plans to bring the feature back
through more powerful expressions in TQL.
---
 .../changes/3552--disable-dense-indexes.md    |   5 +
 libtenzir/builtins/operators/where.cpp        |   2 +-
 libtenzir/include/tenzir/taxonomies.hpp       |  59 +------
 libtenzir/src/catalog.cpp                     |   7 -
 libtenzir/src/module.cpp                      |  13 +-
 libtenzir/src/taxonomies.cpp                  | 150 +-----------------
 schema/taxonomy/tenzir/network.yaml           |   9 --
 .../reference/taxonomy-queries/step_03.ref    |   1 -
 .../reference/taxonomy-queries/step_04.ref    |   1 -
 .../reference/taxonomy-queries/step_05.ref    |   1 -
 .../reference/taxonomy-queries/step_06.ref    |   1 -
 .../reference/taxonomy-queries/step_07.ref    |   1 -
 .../reference/taxonomy-queries/step_08.ref    |   1 -
 tenzir/integration/tests.yaml                 |   8 -
 .../model-composition.excalidraw.svg          |  16 --
 web/docs/data-model/taxonomies.md             |  81 ++--------
 16 files changed, 22 insertions(+), 334 deletions(-)
 delete mode 100644 tenzir/integration/reference/taxonomy-queries/step_03.ref
 delete mode 100644 tenzir/integration/reference/taxonomy-queries/step_04.ref
 delete mode 100644 tenzir/integration/reference/taxonomy-queries/step_05.ref
 delete mode 100644 tenzir/integration/reference/taxonomy-queries/step_06.ref
 delete mode 100644 tenzir/integration/reference/taxonomy-queries/step_07.ref
 delete mode 100644 tenzir/integration/reference/taxonomy-queries/step_08.ref
 delete mode 100644 web/docs/data-model/model-composition.excalidraw.svg

diff --git a/changelog/next/changes/3552--disable-dense-indexes.md b/changelog/next/changes/3552--disable-dense-indexes.md
index 9db35b22fd6..709d5aff092 100644
--- a/changelog/next/changes/3552--disable-dense-indexes.md
+++ b/changelog/next/changes/3552--disable-dense-indexes.md
@@ -2,3 +2,8 @@ Tenzir no longer builds dense indexes for imported events. Dense indexes
 improved query performance at the cost of a higher memory usage. However, over
 time the performance improvement became smaller due to other improvements in the
 underlying storage engine.
+
+Tenzir no longer supports models in taxonomies. Since Tenzir v4.0 they were only
+supported in the deprecated `tenzir-ctl export` and `tenzir-ctl count` commands.
+We plan to bring the functionality back in the future with more powerful
+expressions in TQL.
diff --git a/libtenzir/builtins/operators/where.cpp b/libtenzir/builtins/operators/where.cpp
index 674a5936c65..80003b53678 100644
--- a/libtenzir/builtins/operators/where.cpp
+++ b/libtenzir/builtins/operators/where.cpp
@@ -67,7 +67,7 @@ class where_operator final
 
   auto initialize(const type& schema, operator_control_plane& ctrl) const
     -> caf::expected<state_type> override {
-    auto ts = taxonomies{.concepts = ctrl.concepts(), .models = {}};
+    auto ts = taxonomies{.concepts = ctrl.concepts()};
     auto resolved_expr = resolve(ts, expr_.inner, schema);
     if (not resolved_expr) {
       diagnostic::warning("{}", resolved_expr.error())
diff --git a/libtenzir/include/tenzir/taxonomies.hpp b/libtenzir/include/tenzir/taxonomies.hpp
index 9291de2858f..acd4f7195a6 100644
--- a/libtenzir/include/tenzir/taxonomies.hpp
+++ b/libtenzir/include/tenzir/taxonomies.hpp
@@ -62,54 +62,17 @@ using concepts_map = detail::stable_map<std::string, concept_>;
 /// to a `concepts_map`.
 extern const type concepts_data_schema;
 
-/// The definition of a model.
-struct model {
-  /// The description of the model.
-  std::string description;
-
-  /// The ordered concepts and models that the model is composed of.
-  /// If an entry is another model, its concepts must also be represented  for
-  /// a schema to be considered.
-  std::vector<std::string> definition;
-
-  friend bool operator==(const model& lhs, const model& rhs);
-
-  template <class Inspector>
-  friend auto inspect(Inspector& f, model& m) {
-    return f.object(m).pretty_name("model").fields(
-      f.field("description", m.description),
-      f.field("definition", m.definition));
-  }
-
-  inline static const record_type& schema() noexcept {
-    static const auto result = record_type{
-      {"description", string_type{}},
-      {"definition", list_type{string_type{}}},
-    };
-    return result;
-  }
-};
-
-/// Maps model names to their definitions.
-using models_map = detail::stable_map<std::string, model>;
-
-/// Describes the schema of a tenzir::list of models for automatic conversion to
-/// a `models_map`.
-extern const type models_data_schema;
-
 /// A taxonomy is a combination of concepts and models. Tenzir stores all
 /// configured taxonomies in memory together, hence the plural naming.
 struct taxonomies {
   concepts_map concepts;
-  models_map models;
-
   friend bool operator==(const taxonomies& lhs, const taxonomies& rhs);
 
   template <class Inspector>
   friend auto inspect(Inspector& f, taxonomies& t) {
     return f.object(t)
       .pretty_name("taxonomies")
-      .fields(f.field("concepts", t.concepts), f.field("models", t.models));
+      .fields(f.field("concepts", t.concepts));
   }
 };
 
@@ -123,8 +86,8 @@ std::vector<std::string>
 resolve_concepts(const concepts_map& concepts,
                  std::vector<std::string> fields_or_concepts);
 
-/// Substitutes concept and model identifiers in field extractors with
-/// replacement expressions containing only concrete field names.
+/// Substitutes concept identifiers in field extractors with replacement
+/// expressions containing only concrete field names.
 /// @param t The set of taxonomies to apply.
 /// @param e The original expression.
 /// @param schema An optional schema to restrict taxonomy resolution by.
@@ -136,22 +99,6 @@ resolve(const taxonomies& t, const expression& e, const type& schema = {});
 
 namespace fmt {
 
-template <>
-struct formatter<tenzir::model> {
-  template <class ParseContext>
-  constexpr auto parse(ParseContext& ctx) -> decltype(ctx.begin()) {
-    return ctx.begin();
-  }
-
-  template <class FormatContext>
-  auto format(const tenzir::model& value, FormatContext& ctx)
-    -> decltype(ctx.out()) {
-    return fmt::format_to(ctx.out(),
-                          "model {{description: {}, definition: [{}]}}",
-                          value.description, fmt::join(value.definition, ", "));
-  }
-};
-
 template <>
 struct formatter<tenzir::concept_> {
   template <class ParseContext>
diff --git a/libtenzir/src/catalog.cpp b/libtenzir/src/catalog.cpp
index 7d39cf57275..29dff30eed5 100644
--- a/libtenzir/src/catalog.cpp
+++ b/libtenzir/src/catalog.cpp
@@ -625,14 +625,7 @@ catalog(catalog_actor::stateful_pointer<catalog_state> self,
     self->quit(std::move(err));
     return catalog_actor::behavior_type::make_empty_behavior();
   }
-  auto taxonomies = load_taxonomies(self->system().config());
-  if (!taxonomies) {
-    self->quit(std::move(taxonomies.error()));
-    return catalog_actor::behavior_type::make_empty_behavior();
-  }
   self->state.taxonomies.concepts = modules::concepts();
-  // TODO: Taxonomy models are to be removed soon.
-  self->state.taxonomies.models = std::move(taxonomies->models);
   //  Load loaded schema types from the singleton.
   //  TODO: Move to the load handler and re-parse the files.
   TENZIR_DIAGNOSTIC_PUSH
diff --git a/libtenzir/src/module.cpp b/libtenzir/src/module.cpp
index 72b7ff8d2cb..ecbd5000932 100644
--- a/libtenzir/src/module.cpp
+++ b/libtenzir/src/module.cpp
@@ -238,7 +238,6 @@ auto load_taxonomies(const caf::actor_system_config& cfg)
   std::error_code err{};
   auto dirs = get_module_dirs(cfg);
   concepts_map concepts;
-  models_map models;
   for (const auto& dir : dirs) {
     TENZIR_DEBUG("loading taxonomies from {}", dir);
     const auto dir_exists = std::filesystem::exists(dir, err);
@@ -258,19 +257,9 @@ auto load_taxonomies(const caf::actor_system_config& cfg)
       for (auto& [name, definition] : concepts)
         TENZIR_DEBUG("extracted concept {} with {} fields", name,
                      definition.fields.size());
-      if (auto err = convert(yaml, models, models_data_schema))
-        return caf::make_error(ec::parse_error,
-                               "failed to extract models from file",
-                               file.string(), err.context());
-      for (auto& [name, definition] : models) {
-        TENZIR_DEBUG("extracted model {} with {} fields", name,
-                     definition.definition.size());
-        TENZIR_TRACE("uses model mapping {} -> {}", name,
-                     definition.definition);
-      }
     }
   }
-  return tenzir::taxonomies{std::move(concepts), std::move(models)};
+  return tenzir::taxonomies{std::move(concepts)};
 }
 
 } // namespace tenzir
diff --git a/libtenzir/src/taxonomies.cpp b/libtenzir/src/taxonomies.cpp
index 92fc89d7f5b..7673db9112e 100644
--- a/libtenzir/src/taxonomies.cpp
+++ b/libtenzir/src/taxonomies.cpp
@@ -57,19 +57,8 @@ const type concepts_data_schema = type{map_type{
   },
 }};
 
-bool operator==(const model& lhs, const model& rhs) {
-  return lhs.definition == rhs.definition;
-}
-
-const type models_data_schema = type{map_type{
-  type{string_type{}, {{"key", "model.name"}}},
-  record_type{
-    {"model", model::schema()},
-  },
-}};
-
 bool operator==(const taxonomies& lhs, const taxonomies& rhs) {
-  return lhs.concepts == rhs.concepts && lhs.models == rhs.models;
+  return lhs.concepts == rhs.concepts;
 }
 
 std::vector<std::string>
@@ -170,142 +159,9 @@ resolve(const taxonomies& ts, const expression& e, const type& schema) {
             return expression{d};
         }
       };
-      auto resolve_models
-        = [&](const std::string& field_name, relational_operator op,
-              const tenzir::data& data,
-              auto make_predicate) -> caf::expected<expression> {
-        auto r = caf::get_if<record>(&data);
-        if (!r)
-          // Models can only be compared to records, so if the data side is
-          // not a record, we move to the concept substitution phase directly.
-          return resolve_concepts(field_name, op, data, make_predicate);
-        if (r->empty())
-          return expression{caf::none};
-        auto it = ts.models.find(field_name);
-        if (it == ts.models.end())
-          return resolve_concepts(field_name, op, data, make_predicate);
-        // We have a model predicate.
-        // ==========================
-        // The model definition forms a tree that contains models as non-leaf
-        // nodes and concepts as leafs. For model substition we need to iterate
-        // over the leafs in the order of definition, which is left to right.
-        // The levels stack is used to keep track of the current position at
-        // each level of the tree.
-        auto level_1 = std::pair{it->second.definition.begin(),
-                                 it->second.definition.end()};
-        auto levels = std::stack{std::vector{std::move(level_1)}};
-        auto descend = [&] {
-          for (auto child_component = ts.models.find(*levels.top().first);
-               child_component != ts.models.end();
-               child_component = ts.models.find(*levels.top().first)) {
-            auto& child_def = child_component->second.definition;
-            levels.emplace(child_def.begin(), child_def.end());
-          }
-        };
-        // Move the cursor to the leftmost leaf in the tree.
-        descend();
-        auto next_leaf = [&] {
-          // Update the levels stack; explicit scope for clarity.
-          while (!levels.empty() && ++levels.top().first == levels.top().second)
-            levels.pop();
-          if (!levels.empty()) {
-            descend();
-            // Empty models ought to be rejected at load time.
-            TENZIR_ASSERT(levels.top().first != levels.top().second);
-          }
-        };
-        // The conjunction for all model concepts that are restriced by a value
-        // in rec.
-        conjunction restricted;
-        // The conjunction for all model concepts that aren't specified in rec.
-        conjunction unrestricted;
-        auto abs_op = is_negated(op) ? negate(op) : op;
-        auto insert_meta_field_predicate = [&] {
-          auto make_meta_field_predicate =
-            [&]([[maybe_unused]] relational_operator op, const tenzir::data&) {
-              return [](std::string item) {
-                return predicate{field_extractor{std::move(item)},
-                                 relational_operator::not_equal,
-                                 tenzir::data{}};
-              };
-            };
-          unrestricted.emplace_back(
-            resolve_concepts(*levels.top().first, relational_operator::equal,
-                             caf::none, make_meta_field_predicate));
-        };
-        auto named = !r->begin()->first.empty();
-        if (named) {
-          // TODO: Nested records of the form
-          // <src_endpoint: <1.2.3.4, _>, process_filename: "svchost.exe">
-          // are currently not supported.
-          for (; !levels.empty(); next_leaf()) {
-            // TODO: Use `ends_with` for better ergonomics.
-            // TODO: Remove matched entries and check mismatched concepts.
-            auto concept_field = r->find(*levels.top().first);
-            if (concept_field == r->end())
-              insert_meta_field_predicate();
-            else
-              restricted.emplace_back(
-                resolve_concepts(*levels.top().first, abs_op,
-                                 concept_field->second, make_predicate));
-          }
-        } else {
-          auto value_iterator = r->begin();
-          for (; !levels.empty(); next_leaf(), ++value_iterator) {
-            if (value_iterator == r->end())
-              // The provided record is shorter than the matched concept.
-              // TODO: This error could be rendered in a way that makes it
-              // clear how the mismatch happened. For example:
-              //   src_ip, src_port,  dst_ip, dst_port, proto
-              // <      _,        _, 1.2.3.4,        _>
-              //                                        ^~~~~
-              //                                        not enough fields provided
-              return caf::make_error(ec::invalid_query, *r,
-                                     "doesn't match the model:", it->first);
-            if (caf::holds_alternative<caf::none_t>(value_iterator->second))
-              insert_meta_field_predicate();
-            else
-              restricted.emplace_back(
-                resolve_concepts(*levels.top().first, abs_op,
-                                 value_iterator->second, make_predicate));
-          }
-          if (value_iterator != r->end()) {
-            // The provided record is longer than the matched concept.
-            // TODO: This error could be rendered in a way that makes it
-            // clear how the mismatch happened. For example:
-            //   src_ip, src_port,  dst_ip, dst_port, proto
-            // <      _,        _, 1.2.3.4,        _,     _, "tcp">
-            //                                               ^~~~~
-            //                                               too many fields
-            //                                               provided
-            return caf::make_error(ec::invalid_query, *r,
-                                   "doesn't match the model:", it->first);
-          }
-        }
-        expression expr;
-        switch (restricted.size()) {
-          case 0: {
-            return unrestricted;
-          }
-          case 1: {
-            expr = restricted[0];
-            break;
-          }
-          default: {
-            expr = expression{std::move(restricted)};
-            break;
-          }
-        }
-        if (is_negated(op))
-          expr = negation{std::move(expr)};
-        if (unrestricted.empty())
-          return expr;
-        unrestricted.push_back(expr);
-        return unrestricted;
-      };
       if (auto data = caf::get_if<tenzir::data>(&pred.rhs)) {
         if (auto fe = caf::get_if<field_extractor>(&pred.lhs)) {
-          return resolve_models(
+          return resolve_concepts(
             fe->field, pred.op, *data,
             [&](relational_operator op, const tenzir::data& o) {
               return [&, op](const std::string& item) {
@@ -316,7 +172,7 @@ resolve(const taxonomies& ts, const expression& e, const type& schema) {
       }
       if (auto data = caf::get_if<tenzir::data>(&pred.lhs)) {
         if (auto fe = caf::get_if<field_extractor>(&pred.rhs)) {
-          return resolve_models(
+          return resolve_concepts(
             fe->field, pred.op, *data,
             [&](relational_operator op, const tenzir::data& o) {
               return [&, op](const std::string& item) {
diff --git a/schema/taxonomy/tenzir/network.yaml b/schema/taxonomy/tenzir/network.yaml
index 164994bf80c..e0e6f365c57 100644
--- a/schema/taxonomy/tenzir/network.yaml
+++ b/schema/taxonomy/tenzir/network.yaml
@@ -96,12 +96,3 @@
     concepts:
       - net.outer_vlan
       - net.inner_vlan
-
-- model:
-    name: net.connection
-    definition:
-      - net.src.ip
-      - net.src.port
-      - net.dst.ip
-      - net.dst.port
-      - net.proto
diff --git a/tenzir/integration/reference/taxonomy-queries/step_03.ref b/tenzir/integration/reference/taxonomy-queries/step_03.ref
deleted file mode 100644
index 4c5c8078521..00000000000
--- a/tenzir/integration/reference/taxonomy-queries/step_03.ref
+++ /dev/null
@@ -1 +0,0 @@
-158
diff --git a/tenzir/integration/reference/taxonomy-queries/step_04.ref b/tenzir/integration/reference/taxonomy-queries/step_04.ref
deleted file mode 100644
index b8639573348..00000000000
--- a/tenzir/integration/reference/taxonomy-queries/step_04.ref
+++ /dev/null
@@ -1 +0,0 @@
-476
diff --git a/tenzir/integration/reference/taxonomy-queries/step_05.ref b/tenzir/integration/reference/taxonomy-queries/step_05.ref
deleted file mode 100644
index 9559cd9241e..00000000000
--- a/tenzir/integration/reference/taxonomy-queries/step_05.ref
+++ /dev/null
@@ -1 +0,0 @@
-730
diff --git a/tenzir/integration/reference/taxonomy-queries/step_06.ref b/tenzir/integration/reference/taxonomy-queries/step_06.ref
deleted file mode 100644
index e944bea9ac3..00000000000
--- a/tenzir/integration/reference/taxonomy-queries/step_06.ref
+++ /dev/null
@@ -1 +0,0 @@
-1206
diff --git a/tenzir/integration/reference/taxonomy-queries/step_07.ref b/tenzir/integration/reference/taxonomy-queries/step_07.ref
deleted file mode 100644
index b8639573348..00000000000
--- a/tenzir/integration/reference/taxonomy-queries/step_07.ref
+++ /dev/null
@@ -1 +0,0 @@
-476
diff --git a/tenzir/integration/reference/taxonomy-queries/step_08.ref b/tenzir/integration/reference/taxonomy-queries/step_08.ref
deleted file mode 100644
index 9559cd9241e..00000000000
--- a/tenzir/integration/reference/taxonomy-queries/step_08.ref
+++ /dev/null
@@ -1 +0,0 @@
-730
diff --git a/tenzir/integration/tests.yaml b/tenzir/integration/tests.yaml
index 7bf27e15a47..42de70d132a 100644
--- a/tenzir/integration/tests.yaml
+++ b/tenzir/integration/tests.yaml
@@ -329,14 +329,6 @@ tests:
       - command: import -b suricata
         input: data/pcap/suricata/eve.json.gz
       - command: count "net.src.ip == 192.168.168.100"
-      - command: count "net.connection == <192.168.168.100, _, 72.247.178.18, _, _>"
-      # We omit the whitespace after the colon on purpose, otherwise pyyaml
-      # thinks this is a key-value pair.
-      - command: count 'net.connection == <net.src.ip:192.168.168.100, net.dst.port:80>'
-      - command: count 'net.connection != <net.src.ip:192.168.168.100, net.dst.port:80>'
-      - command: count "net.connection == <_, _, _, _, _>"
-      - command: count "net.connection == <_, _, _, 80, _>"
-      - command: count "net.connection != <_, _, _, 80, _>"
 
   Arrow Full Data Model:
     tags: [export, arrow]
diff --git a/web/docs/data-model/model-composition.excalidraw.svg b/web/docs/data-model/model-composition.excalidraw.svg
deleted file mode 100644
index 721e412837c..00000000000
--- a/web/docs/data-model/model-composition.excalidraw.svg
+++ /dev/null
@@ -1,16 +0,0 @@
-<svg version="1.1" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 700 320" width="1400" height="640">
-  <!-- svg-source:excalidraw -->
-  <!-- payload-type:application/vnd.excalidraw+json --><!-- payload-version:2 --><!-- payload-start -->eyJ2ZXJzaW9uIjoiMSIsImVuY29kaW5nIjoiYnN0cmluZyIsImNvbXByZXNzZWQiOnRydWUsImVuY29kZWQiOiJ4nO1cXNl2m8hcdTAwMTZ991do+b5GdM1D3iw7XHUwMDFl0k7sWI6T+N5eWlhgXHRcdTAwMGKBXGbIU6/8e1x1MDAxZvBcdTAwMDBCXHUwMDAyIWNb6uTqIZaKoiiqzt77XGaQv9dcdTAwMWGN9eh2ZK+/b6zbN13TdazAvF5/XHUwMDE3t1/ZQej4XHUwMDFlXHUwMDFjXCLJ79BcdTAwMWZcdTAwMDfdpGc/ikbh+z/+MEcjIz3L6PrD+zNt11x1MDAxZdpeXHUwMDE0Qt//wu9G4+/k38y1XHUwMDAyu1x1MDAxYplez7WTXHUwMDEzkkPp5bBQ+dbPvpdcXFpQzKlUKu3ghFtwuci24Oi56YZ2eiRuWkf4YjTCXHUwMDAxXHUwMDE2w10rkv3+TWd/ezu96rnjuu3o1k1mXHUwMDE1+nAn6bEwXG78gf3NsaJ+PKtcXHvRWYE/7vU9O1xmJ87xR2bXiW7jNoSeWu+X4H0jbbmJe5D0d3xcdTAwMDbVKHftTd/1g/ja/0HJJ736mdlcdTAwMWT0YFxunpX2wdw0z87TPtePdyTScfu20+tH8VxuZ65lJ6tKkeJcXDL61Fx1MDAxZY8/2rOS7f0re9+e9XDfj/ud7jh+aPmZzjTu/yFvKVlryezi5f5ccrtcdTAwMWLKy+Bmb799dtRcdTAwMTlcdTAwMWSNPPl0R1x1MDAxM6ZcdTAwMTXZN9H604Gf78qG9S9PPlx1MDAwNGdcdTAwMWZGW9FcdTAwMTe3ed25+jS2XHUwMDA232dcdTAwMGZrXHUwMDA2gX9dddyz5sFd+7M8NU83L3TkXHUwMDFkfOJDXHUwMDE1Vlx1MDAxYvfhW7qu45Fl3ps3XHUwMDE2Ulx1MDAxMKG41IKlu+Q63lx1MDAwMFx1MDAwZXpj103b/O4gRcRaZsJTSEyWayZcYnFcdTAwMTFcYlx1MDAxNYOJcC10ZVx1MDAxMJZv34qCkE+AkOF6IOzaXHUwMDE2s8xcdTAwMTkg5DNASKZAiFx0xVxmXHUwMDExonQtXHUwMDE4kvkwnG15XHUwMDFjLI9pLqiiXHUwMDBiWF66w75cdTAwMTe1nbuEXHTEROu2OXTchOWemlx1MDAxM5N8/yg4XHUwMDFk27NGvuNF2fVccm24eG60+LRcctfpxda73oXbsYNcdMOOXHUwMDFjUKqnXHUwMDBlQ8eysvLThbmYMGawV0U2/MDpOZ7pXHUwMDFlXHUwMDE3TLVcdTAwMTRypeLHXHUwMDBiYYc5RkxKtID4bVxcnjun/bPjXHUwMDFmftjf+dZcbrzb8cnhauOOipz4sXq4U0LZWszAnaokfpxcbqIoUbhcdTAwMTbsaqrfx8HwU3Ry7dNPvfDDgG/1Lo93m0tVvyoqxVx1MDAwNX91lcpoUF6kKOKYMEorg6V8lVdcdTAwMTQsk1wilVx1MDAwNc+LipSsJlJYXHUwMDEwKlx1MDAxOOa/n0g5ozeVpznEXiBPMMlSlN2jfJYziDEtXHUwMDAyXHUwMDFhODBEUnBNeGWklVx1MDAxM89KXCKNKGYwTTDWXHUwMDE0IXDGWD5CM6RcdTAwMTRSc0VcdTAwMTkjXFy8XG5cblx1MDAwNTdcdTAwMDSgi1wiobVcdTAwMDJcdTAwMGZcXE1jXHUwMDEyK4Myrlx1MDAwMVx1MDAwM1xuY3BZXHUwMDExn8IoQoxcdTAwMDCeOV9cdTAwMWVGgZhcdTAwMTXH+jlcdTAwMThcciMziFqOZzleb3JiXHUwMDBmSYcq7luC6u44niUyYLdcdTAwMTA4XHUwMDE5Wlx0XHRzUpk+PXNcdTAwMTQ7/pP7Pn3j4PTNn1A5YJ8uplxyxajkMyeKkURcdTAwMDTmXHUwMDAw21x1MDAwN05cdOXTM3HNMNr0h0MngtU+TFx1MDAxY9HcqibLt1x1MDAxMcO8b5tW/ijcSfbYelx1MDAxNDg5PzXxbif9lfRbI8VM8uPp+1/vZvYm0pCIwsrinD3HnybmhpZcdTAwMDQjRe8hReS88Vxu8XE/3lx1MDAxNDTS8dayf1x1MDAxN2dHolx1MDAwYtlcdTAwMTGiZMaJ1inrzCPH8tzBipIjNyA6XHUwMDE1gFwirDlcdTAwMTIp/SWRM6NcdTAwMDZcIkwrXHUwMDA17lx1MDAwMdf4lciRXHUwMDE5WMFUhVx1MDAxMkhw8Fx1MDAwM2aQI1x1MDAwNZJmYHFAfoBcIpFcdKRcdTAwMWXJUTOmwIBIvWRXXXJcdTAwMTRcIpN8WVwiOTaBXHUwMDFkKYKN1VQqJFx1MDAxNeacZbrdU1Zu65F+XHUwMDFlQXbaTfU5wL1gINBl95JHflx1MDAxMNBpgsTIXHUwMDEwUlx1MDAwMflcdTAwMTHgaoYkk7PnTYE3OMeUx9OHuf1cdTAwMDJcXKlcdTAwMTVcdTAwMDIqgbiGaUp19mxMXGbOJWJw02Dfiko2lyqL0JJcZjeFk1x1MDAwNZmyNMGRXHRR8iGbZEKDXHUwMDBmRSpzZbnRrCRX5vNcdTAwMWKMLDW/gSlcdTAwMDPSXHUwMDEzTCw1vd88kTvaZXdcdTAwMDN8XHUwMDExXHUwMDFldG6t1vHF6Pa3Te+/ReJEsVwiXHUwMDE0XHUwMDEyXHUwMDE0XHUwMDE3XHUwMDE4IJSvnt4v375cdTAwMTWFYS69XzPNWDNzwlx1MDAxMNJcXIJ3vzy/4z5xwlx1MDAxNjC8dINrJE5GfvC2mf05mlGQOkmm+XzRy7JxPn/CwElBiiyQ1o/8y5v+Uef6/IdcdTAwMTJB67vb1Kd8uNp4y9e0Oa+Ht5o1bVh0XHUwMDAyYVx1MDAxYlx1MDAxMfWyIHWr2t///Li5/+P7XvduvFx1MDAxNVxyXHUwMDFkdLtjfakve8NbdDRgh1x1MDAxZi9C2XVEd/PSubpxX0D2RNs/2VxmwmPX77Q/7lx1MDAwZfZQ78Pm8OVk702q2kpcdTAwMTbhUFx0RpTUpHqkXr59K1xuw0nZ469VMJhV1WZTMFx1MDAxNFwi1lx1MDAxY5RcdTAwMDZxv77sWXZcdTAwMTiBvkRgeZ3/eaW1bfpKXG44Rz7yXG5YMOPni2GGdKcwqCB6XHUwMDE1meTNXFwpVK3PTfdr53C0//X2+M+NLbPjtFdcdTAwMWKD+VxikKOlRoBcdTAwMTTMn3Aqllrh3nD7et86XHUwMDFjqMFW+Fx1MDAwM4dur4Nuvi5VXHSrKNZbXHUwMDA0arowUONUw1x1MDAxNlx1MDAwYlU9Titf5Vx1MDAxNVx1MDAwNUtOsGqmS2rGaZpIXCKZ+k316o2L3HO4vUynnl/pZohcdTAwMTRcdTAwMDFcdTAwMGUrjZRcdTAwMDbIVa90l1x1MDAxM9BKXCIuLuZwqrRm91x1MDAxNc9cdTAwMWP+ODGYQHCcq7gsJ19cdTAwMDWNglx1MDAxOVx1MDAwMkvCeXGlm1x1MDAxMFx1MDAwMzxHhFx1MDAxOedcdTAwMTRwoTKYfHQuIbxDhLOlXHUwMDE2umn8eMRzwFqxllPuyzWy9WPKkeJCIYlcdTAwMTFLn2drpHWc7K4zKaduvFJcdTAwMWSnXHUwMDFjtI3JQjfTXHUwMDBmn/Tp8okpXHUwMDEzXHUwMDFkXHUwMDA3hSh+WEBcIo7F1JT+bVVcdTAwMWNhxFx1MDAxMVx1MDAwZlazK95cdTAwMTKO8rjIr6pWvItwkow3XHKRdLy17N/FWZKjQlx1MDAxZlx1MDAxZVNKiSaUpoCcx5LliYWVZcnikjfwjlx1MDAwMUq9XHUwMDAyJW/ownRaykv1/fH5Vk1cdTAwMTCWYJJLJUmiVbpESyTJuODNNOVMx8/8MsQlI5luL1rw3vyzJ77sXHUwMDFlj083zMOBv2uF+1x1MDAxYl9mPFx1MDAxMfT/gvfsgrem5OVcbt55lCzIk6XZXHUwMDBlWexPMs4klniBgne50awkU06lO9RS01x1MDAxZFx1MDAxMsecjJab+Fx1MDAwZq6OOlx1MDAwN+gq6m9FXHUwMDAy9Ta+nVx1MDAxZpDt8W+b+H+LNFxuzry+lYchaDknXHUwMDFjyeqvXG6U79+KwnAykFx1MDAxMzWzjnVfXHUwMDE1kOBcdTAwMDKD0uqlvyqwnFTKm5e95yhHWTKlZu2bXHUwMDE0Q1x1MDAwZmBcdTAwMDfuZ4ak576js+Py1j4+3/1yd3DVvkHfWp9uP6428JqYTVxuIJP1kFe39FxywT1VKvuOzFx1MDAxMlx1MDAxNFB19aC7d4BbI5t91eN2U3rIqq+AK/jEV+m4x+HRXsvvOidhoPc9kNX97e9cdTAwMDWOwELjmjt3YWdz2+9d7Fx1MDAxY1x1MDAwNqco4q2m3X45xX6LUn1cdG0wXGJxIE6rnoYtt7ZcdTAwMTWljVxc5pXV/F8g6r6Ajlx1MDAxNKJAXHUwMDFhaqnpVERcdTAwMDVZxPLqXHQ2SKhcdTAwMDfKXHUwMDE22+NbSvVcdTAwMWORy0t1ZpalQCt5f4VcdTAwMTZDXHIrQqSS1Z+KKaeelcRcdTAwMWFRXHUwMDA2koxgJXOQXHUwMDEz0lx1MDAxMJJLlX1s5iWxJ7GhSW789HGZWVx1MDAxN79cdTAwMDcjQVJpXGY8vNT3VLAm4jVf4ivHQSNbKOCKU4KU4FpRKYnIdLpPo6U7PHXPXHUwMDEz2brJ6f+7UmZ02priT5MqQyBNJZ83wFxmc0xcdTAwMDbIWGI6xFr27zPqrLTw1X0qk1eOdPV4vNyNWk3OXHUwMDExXHUwMDA2UVOP41FiUM6ZyDLRi1x1MDAxMlx1MDAwZTXkXHUwMDA0zU2wXHJjnM5gXHUwMDFizFVcXDlcdTAwMDTAL5VtpEDPitVfmm2aQDdcdTAwMTJRXHUwMDA0u4RcdGNaT7PNw97+wlSTs6P4w7CB4tiyXHUwMDAyz8w6O7W/XCKOWXtcdTAwMThw3Vx1MDAxY43aXHUwMDExmMfTbq5fOfZ1a1x1MDAwNlx1MDAwZc6TT+xcdTAwMTclm1x1MDAxMDOBnVjnz7Wf/1x1MDAwMFx1MDAxNa9cYlx0In0=<!-- payload-end -->
-  <defs>
-    <style class="style-fonts">
-      @font-face {
-        font-family: "Virgil";
-        src: url("https://excalidraw.com/Virgil.woff2");
-      }
-      @font-face {
-        font-family: "Cascadia";
-        src: url("https://excalidraw.com/Cascadia.woff2");
-      }
-    </style>
-  </defs>
-  <g stroke-linecap="round" transform="translate(270 60) rotate(0 80 30)"><path d="M15.29 -0.47 L153.13 1.56 L156.04 1.94 L161.22 11.16 L157.19 50.79 L153.57 57.64 L144.95 60.93 L8.62 60.41 L5.2 54.78 L-0.87 47.48 L0.58 9.71 L3.06 2.77 L10.32 0.16 L14.69 1.95" stroke="none" stroke-width="0" fill="#15aabf"></path><path d="M15 0 M15 0 C59.6 0.29, 102.57 -1.17, 145 0 M15 0 C53.1 0.94, 91.45 1.92, 145 0 M145 0 C153.8 -0.46, 160.14 3.64, 160 15 M145 0 C156.83 -0.07, 161.76 5.46, 160 15 M160 15 C160.69 21.95, 158.86 30.9, 160 45 M160 15 C159.52 22.54, 159.31 28.79, 160 45 M160 45 C158.39 55.35, 156.92 59.82, 145 60 M160 45 C159.32 55.55, 156.6 58.52, 145 60 M145 60 C95.22 62.77, 46.96 60.18, 15 60 M145 60 C100.56 60.26, 58.34 59.2, 15 60 M15 60 C4.48 60.26, 0.73 55.32, 0 45 M15 60 C6.05 59.94, -2.1 53.29, 0 45 M0 45 C0.78 39.72, 0.46 33.05, 0 15 M0 45 C0.69 35.19, -0.38 23.04, 0 15 M0 15 C0.79 4.88, 5.9 -0.04, 15 0 M0 15 C-0.16 3.35, 6.03 -0.45, 15 0" stroke="#000000" stroke-width="1" fill="none"></path></g><g transform="translate(275 80) rotate(0 75 10)"><text x="75" y="16" font-family="Cascadia, Segoe UI Emoji" font-size="16px" fill="#000000" text-anchor="middle" style="white-space: pre;" direction="ltr">source_endpoint</text></g><g stroke-linecap="round" transform="translate(510 10) rotate(0 90 30)"><path d="M15.17 0.19 L172.16 -0.64 L174.7 2.01 L179.28 10.52 L180.64 53.38 L172.64 56.22 L163.25 61.88 L7.42 59.37 L2.88 55.2 L1.62 50.04 L-0.92 12.6 L2.79 4.81 L6.44 2.89 L15.32 -1.49" stroke="none" stroke-width="0" fill="#868e96"></path><path d="M15 0 M15 0 C68.9 0.04, 124.41 2.99, 165 0 M15 0 C61.98 -0.83, 108.3 -0.3, 165 0 M165 0 C175.1 -1.66, 180.34 6.25, 180 15 M165 0 C175.42 -2.14, 178.91 6.56, 180 15 M180 15 C178.27 26.79, 181.36 35.94, 180 45 M180 15 C180.68 26.72, 180.61 36.9, 180 45 M180 45 C179.08 53.94, 175.08 60.64, 165 60 M180 45 C181.04 53.07, 173.03 59.28, 165 60 M165 60 C128.55 61.23, 90.84 61.05, 15 60 M165 60 C109.21 58.64, 54.72 59.97, 15 60 M15 60 C6.36 58.8, -1.06 53.69, 0 45 M15 60 C5.68 59.23, -1.77 53.39, 0 45 M0 45 C-0.06 33.41, -0.52 23.19, 0 15 M0 45 C0.37 35.86, 0.84 25.63, 0 15 M0 15 C1.82 3.73, 6.95 1.74, 15 0 M0 15 C2.06 5.94, 5.51 2.07, 15 0" stroke="#000000" stroke-width="1" fill="none"></path></g><g transform="translate(515 30) rotate(0 85 10)"><text x="85" y="16" font-family="Cascadia, Segoe UI Emoji" font-size="16px" fill="#000000" text-anchor="middle" style="white-space: pre;" direction="ltr">source_ip</text></g><g stroke-linecap="round"><g transform="translate(434.4921193001234 60.77679583442563) rotate(0 32.71593537454487 -8.646837153384553)"><path d="M-0.75 -0.7 C3.59 -3.15, 15.45 -12.54, 26.6 -15.53 C37.76 -18.52, 59.84 -18.11, 66.18 -18.66 M1.06 1.54 C5.71 -1.2, 17.96 -14.25, 28.74 -17.42 C39.51 -20.6, 59.74 -17.41, 65.69 -17.51" stroke="#000000" stroke-width="1" fill="none"></path></g><g transform="translate(434.4921193001234 60.77679583442563) rotate(0 32.71593537454487 -8.646837153384553)"><path d="M67.46 -17.83 L51.02 -11.82 L51.48 -26.33 L65.5 -17.22" stroke="none" stroke-width="0" fill="#000000" fill-rule="evenodd"></path><path d="M64.81 -18.89 C61.38 -15.06, 55.61 -15.06, 51.1 -12.92 M66.02 -17.63 C61.13 -15.22, 56.18 -14.11, 51.12 -12.56 M50.71 -11.34 C52.13 -14.94, 51.72 -20.4, 51.63 -25.28 M52.35 -12.59 C51.3 -15.65, 52.27 -18.13, 52.68 -24.96 M53.42 -25.25 C58.37 -22.71, 62.55 -19.9, 66.58 -18.63 M51.78 -24.82 C55.12 -23.4, 58 -21.82, 66.25 -16.77 M65.69 -17.51 C65.69 -17.51, 65.69 -17.51, 65.69 -17.51 M65.69 -17.51 C65.69 -17.51, 65.69 -17.51, 65.69 -17.51" stroke="#000000" stroke-width="1" fill="none"></path></g></g><mask></mask><g stroke-linecap="round"><g transform="translate(435.1406409195066 113.02498816259163) rotate(0 32.13960071302657 7.834916766095006)"><path d="M0.31 0.76 C5.16 2.79, 18.04 9.94, 28.87 12.15 C39.69 14.35, 59.27 13.6, 65.27 13.98 M-0.99 0.11 C3.81 2.31, 17.37 10.92, 28.38 13.47 C39.4 16.02, 58.89 15.62, 65.08 15.4" stroke="#000000" stroke-width="1" fill="none"></path></g><g transform="translate(435.1406409195066 113.02498816259163) rotate(0 32.13960071302657 7.834916766095006)"><path d="M65.3 16.09 L50.41 20.85 L51.87 9.44 L65.12 15.16" stroke="none" stroke-width="0" fill="#000000" fill-rule="evenodd"></path><path d="M66.02 16.51 C60.84 18.62, 57.88 19.98, 52.38 20.88 M64.41 15.81 C60.96 18.21, 55.39 19.51, 51.14 22.32 M50.6 21.13 C51.28 18.2, 51.82 15.41, 52.35 9.38 M51.94 22.32 C51.44 19.2, 51.34 16.65, 50.91 9.71 M51.01 10.05 C58.25 11.05, 62.73 12.78, 66.09 14.83 M51.09 9.6 C54.99 11.3, 59.13 12.22, 64.91 15.13 M65.08 15.4 C65.08 15.4, 65.08 15.4, 65.08 15.4 M65.08 15.4 C65.08 15.4, 65.08 15.4, 65.08 15.4" stroke="#000000" stroke-width="1" fill="none"></path></g></g><mask></mask><g stroke-linecap="round" transform="translate(510 90) rotate(0 90 30)"><path d="M13.75 0.76 L171.96 0.46 L176.77 2.87 L181.56 12.05 L180.05 53.2 L173.94 58.8 L166.84 59.83 L8.02 57.85 L3.01 55.42 L0.1 47.93 L-1.76 12.58 L2.65 4.72 L9.76 1.97 L15.48 0.61" stroke="none" stroke-width="0" fill="#868e96"></path><path d="M15 0 M15 0 C68 -0.52, 118.56 -1.92, 165 0 M15 0 C71.24 0.07, 127.43 0.1, 165 0 M165 0 C176.31 -1.18, 178.02 5.18, 180 15 M165 0 C177.14 2.29, 178.98 2.84, 180 15 M180 15 C181.17 25.25, 180.28 32.09, 180 45 M180 15 C179.31 23.8, 180.12 33.81, 180 45 M180 45 C178.39 56.73, 173.17 58.71, 165 60 M180 45 C181.71 52.91, 176.25 60.12, 165 60 M165 60 C107.56 60.95, 48.01 58.13, 15 60 M165 60 C127.22 60, 90.4 60.29, 15 60 M15 60 C5.67 58.22, 0.32 53.31, 0 45 M15 60 C3.24 62.15, -0.24 55.61, 0 45 M0 45 C-1.02 37.64, -0.66 27.63, 0 15 M0 45 C-0.22 39.34, 0.92 32.21, 0 15 M0 15 C-0.14 3.73, 6.61 1.81, 15 0 M0 15 C1.38 4.4, 3.51 -1.61, 15 0" stroke="#000000" stroke-width="1" fill="none"></path></g><g transform="translate(515 110) rotate(0 85 10)"><text x="85" y="16" font-family="Cascadia, Segoe UI Emoji" font-size="16px" fill="#000000" text-anchor="middle" style="white-space: pre;" direction="ltr">source_port</text></g><g stroke-linecap="round" transform="translate(270 220) rotate(0 80 30)"><path d="M14.24 -1.32 L149.74 0.23 L155.35 3.09 L160.97 13.11 L158.52 51.42 L152.87 59.5 L146.81 61.2 L7.91 57.77 L2.35 57.09 L0.38 48.44 L-0.49 10.28 L3.14 5.54 L8.66 0.55 L14.85 0.36" stroke="none" stroke-width="0" fill="#15aabf"></path><path d="M15 0 M15 0 C47.54 0.61, 76.29 0.02, 145 0 M15 0 C64.16 0.82, 112.27 1.38, 145 0 M145 0 C156.44 -1.43, 158.91 3.94, 160 15 M145 0 C153.14 1.39, 160.18 2.87, 160 15 M160 15 C158.78 23.3, 160.85 33.45, 160 45 M160 15 C159.47 20.51, 160.03 26.96, 160 45 M160 45 C159.42 56.23, 155.33 59.56, 145 60 M160 45 C160.94 54.45, 156.17 62.26, 145 60 M145 60 C114.76 58.55, 80.12 61.83, 15 60 M145 60 C95.94 62.19, 48.36 61.45, 15 60 M15 60 C4.69 59.82, 1.61 53.86, 0 45 M15 60 C5.27 59.63, -1.11 55.81, 0 45 M0 45 C-1.85 35.03, 1.2 27.11, 0 15 M0 45 C0.2 32.81, -0.42 22.76, 0 15 M0 15 C0.79 3.54, 6.89 -0.94, 15 0 M0 15 C1.76 4.77, 5.09 0.2, 15 0" stroke="#000000" stroke-width="1" fill="none"></path></g><g transform="translate(275 230) rotate(0 75 20)"><text x="75" y="16" font-family="Cascadia, Segoe UI Emoji" font-size="16px" fill="#000000" text-anchor="middle" style="white-space: pre;" direction="ltr">destination_</text><text x="75" y="36" font-family="Cascadia, Segoe UI Emoji" font-size="16px" fill="#000000" text-anchor="middle" style="white-space: pre;" direction="ltr">endpoint</text></g><g stroke-linecap="round" transform="translate(510 170) rotate(0 90 30)"><path d="M13.17 -0.71 L170.67 0.28 L177.45 5.37 L179.23 11.35 L177.79 53.17 L175.95 59.09 L164.48 58.71 L7.04 59.9 L3.89 56.17 L-0.49 47.31 L-0.37 13.27 L3.97 3.36 L8.29 1.29 L13.82 -1.63" stroke="none" stroke-width="0" fill="#868e96"></path><path d="M15 0 M15 0 C44.69 -0.74, 78.56 -0.29, 165 0 M15 0 C49.35 0.57, 85.74 -0.65, 165 0 M165 0 C173.91 -1.06, 178.38 6.21, 180 15 M165 0 C175.18 -2.13, 179.64 3.95, 180 15 M180 15 C180.83 24.78, 177.89 32.8, 180 45 M180 15 C179.67 22.63, 179.51 31.26, 180 45 M180 45 C180.33 54.56, 175.82 59.52, 165 60 M180 45 C181.17 57.26, 173.67 60.77, 165 60 M165 60 C117.43 60.64, 75 58.59, 15 60 M165 60 C105.6 61.66, 46.58 61.36, 15 60 M15 60 C6.61 58.86, 0.23 54.68, 0 45 M15 60 C3.89 60.81, -0.03 54.51, 0 45 M0 45 C1.42 36.67, 1.94 27.58, 0 15 M0 45 C-0.55 37.42, 0.36 27.69, 0 15 M0 15 C1.89 4.06, 6.53 -0.2, 15 0 M0 15 C0.09 5.2, 3.96 -1.02, 15 0" stroke="#000000" stroke-width="1" fill="none"></path></g><g transform="translate(515 190) rotate(0 85 10)"><text x="85" y="16" font-family="Cascadia, Segoe UI Emoji" font-size="16px" fill="#000000" text-anchor="middle" style="white-space: pre;" direction="ltr">destination_ip</text></g><g stroke-linecap="round"><g transform="translate(435.5389943001235 222.46038958442568) rotate(0 32.99572163506403 -11.138907500500409)"><path d="M0.72 0.97 C5.2 -1.92, 15.81 -14.01, 26.33 -17.74 C36.85 -21.47, 57.29 -20.76, 63.86 -21.42 M-0.36 0.44 C3.98 -2.22, 14.1 -12.3, 25.21 -16.25 C36.33 -20.19, 60.08 -21.99, 66.35 -23.25" stroke="#000000" stroke-width="1" fill="none"></path></g><g transform="translate(435.5389943001235 222.46038958442568) rotate(0 32.99572163506403 -11.138907500500409)"><path d="M65.38 -22.55 L53.73 -15.53 L51.59 -29.58 L65.34 -22.12" stroke="none" stroke-width="0" fill="#000000" fill-rule="evenodd"></path><path d="M67.57 -23.66 C63 -22.05, 61.1 -17.67, 54.66 -15.5 M66.4 -23.28 C63.06 -21.73, 60.14 -18.7, 53.84 -15.25 M52.72 -16.29 C54 -19.17, 51.87 -23.22, 52.98 -28.13 M53.34 -14.78 C53.78 -18.49, 52.57 -21.31, 51.5 -27.28 M51.33 -27.96 C55.58 -26.46, 61.54 -23.89, 64.89 -22.5 M51.92 -27.81 C55.5 -25.97, 59.58 -25.44, 66.66 -23.43 M66.35 -23.25 C66.35 -23.25, 66.35 -23.25, 66.35 -23.25 M66.35 -23.25 C66.35 -23.25, 66.35 -23.25, 66.35 -23.25" stroke="#000000" stroke-width="1" fill="none"></path></g></g><mask></mask><g stroke-linecap="round"><g transform="translate(435.1406409195066 272.6499881625916) rotate(0 32.586023550999215 6.846260528289179)"><path d="M0.97 -0.32 C5.69 1.58, 17.2 9.58, 27.9 12.17 C38.59 14.76, 58.98 14.95, 65.15 15.23 M0.03 -1.54 C4.61 0.44, 16.1 10.81, 26.91 13.31 C37.72 15.81, 58.45 13.21, 64.89 13.46" stroke="#000000" stroke-width="1" fill="none"></path></g><g transform="translate(435.1406409195066 272.6499881625916) rotate(0 32.586023550999215 6.846260528289179)"><path d="M65.59 13.43 L51.11 19.87 L49.15 6.61 L66.02 13.5" stroke="none" stroke-width="0" fill="#000000" fill-rule="evenodd"></path><path d="M64.48 13.35 C60.41 16.6, 59.15 18.12, 51.14 19.32 M64.86 13.18 C61.39 14.81, 59.44 16.69, 51.39 20.24 M50.35 21.07 C51.08 15.42, 50.55 13.21, 50.6 6.78 M51.86 20.75 C50.94 15.89, 50.9 11.67, 51.45 7.67 M50.77 6.81 C53.75 9.64, 57.83 8.65, 65.64 12.87 M50.92 7.41 C54.69 9.11, 57.27 10.65, 64.71 13.84 M64.89 13.46 C64.89 13.46, 64.89 13.46, 64.89 13.46 M64.89 13.46 C64.89 13.46, 64.89 13.46, 64.89 13.46" stroke="#000000" stroke-width="1" fill="none"></path></g></g><mask></mask><g stroke-linecap="round" transform="translate(510 250) rotate(0 90 30)"><path d="M16.2 1.62 L171.02 0.8 L174.98 5.36 L181.57 12.69 L178.54 50.27 L172.74 58.73 L165.14 59.92 L7.71 57.86 L3.14 58.04 L0.46 48.13 L0.09 11.84 L2.57 2.12 L6.57 2.17 L14.39 -1.32" stroke="none" stroke-width="0" fill="#868e96"></path><path d="M15 0 M15 0 C49.7 0.96, 86.98 -0.76, 165 0 M15 0 C67.12 0.54, 119.51 1.68, 165 0 M165 0 C175.16 -1.85, 179.69 4.09, 180 15 M165 0 C174.54 -1.24, 179.73 6.14, 180 15 M180 15 C178.92 24.7, 178.58 36.9, 180 45 M180 15 C180.08 23.21, 180.32 31.61, 180 45 M180 45 C181.02 56.97, 173.85 60.67, 165 60 M180 45 C180.11 56.45, 173.27 57.85, 165 60 M165 60 C108.6 58.04, 50.35 59.25, 15 60 M165 60 C117.48 59.3, 68.47 59.71, 15 60 M15 60 C4.04 60.7, -0.02 54.57, 0 45 M15 60 C4.51 57.8, -1.16 56.31, 0 45 M0 45 C-0.72 36.14, -1.68 25.84, 0 15 M0 45 C0.83 33.39, 0.65 22.62, 0 15 M0 15 C0.07 5.17, 4.1 -0.88, 15 0 M0 15 C-0.68 2.75, 6.32 2.05, 15 0" stroke="#000000" stroke-width="1" fill="none"></path></g><g transform="translate(515 270) rotate(0 85 10)"><text x="85" y="16" font-family="Cascadia, Segoe UI Emoji" font-size="16px" fill="#000000" text-anchor="middle" style="white-space: pre;" direction="ltr">destination_port</text></g><g stroke-linecap="round" transform="translate(10 140) rotate(0 80 30)"><path d="M15.01 1.11 L150.5 1.97 L156.88 2.23 L158.16 11.65 L159.04 50.75 L152.58 56.96 L146.14 59.84 L9.1 57.15 L3.48 57.26 L-1.58 47.03 L2.11 12.72 L5.41 4.37 L6.7 -0.05 L16.29 1.66" stroke="none" stroke-width="0" fill="#15aabf"></path><path d="M15 0 M15 0 C43.43 -1.42, 69.3 -1.13, 145 0 M15 0 C44.17 -0.56, 70.57 -0.81, 145 0 M145 0 C155.56 1.87, 160.4 5.94, 160 15 M145 0 C156.51 -2.18, 160.05 3.87, 160 15 M160 15 C159.5 26.2, 158.93 39.12, 160 45 M160 15 C159.91 25.09, 159.51 34.17, 160 45 M160 45 C160.59 55.18, 154.47 59.19, 145 60 M160 45 C159.77 57.01, 156.11 61.75, 145 60 M145 60 C115.39 61.19, 83.9 59.72, 15 60 M145 60 C117.6 59.44, 89.09 58.36, 15 60 M15 60 C6.8 58.1, -0.66 56.5, 0 45 M15 60 C3.48 61.73, -0.89 56.51, 0 45 M0 45 C-1.38 36.26, -0.07 28.78, 0 15 M0 45 C0.8 37.86, 0.77 30.89, 0 15 M0 15 C-1.31 4.22, 4.07 -1.25, 15 0 M0 15 C-0.75 3.51, 3.21 -0.72, 15 0" stroke="#000000" stroke-width="1" fill="none"></path></g><g transform="translate(15 160) rotate(0 75 10)"><text x="75" y="16" font-family="Cascadia, Segoe UI Emoji" font-size="16px" fill="#000000" text-anchor="middle" style="white-space: pre;" direction="ltr">connection</text></g><g stroke-linecap="round"><g transform="translate(178.07421875 137.67578125) rotate(0 35.971812151744956 -23.986873118951905)"><path d="M-1.02 0.13 C4.11 -6.08, 18.98 -29.47, 31.31 -37.51 C43.63 -45.55, 66.07 -46.35, 72.96 -48.11 M0.65 -0.84 C6.12 -7.34, 21.68 -31.37, 33.69 -39.06 C45.71 -46.76, 66.13 -45.66, 72.74 -47.01" stroke="#000000" stroke-width="1" fill="none"></path></g><g transform="translate(178.07421875 137.67578125) rotate(0 35.971812151744956 -23.986873118951905)"><path d="M73.19 -48.73 L59.86 -40.76 L58.3 -52.2 L72.42 -46.19" stroke="none" stroke-width="0" fill="#000000" fill-rule="evenodd"></path><path d="M72.9 -47.79 C69.6 -43.19, 63.2 -40.91, 59.31 -39.3 M72.95 -46.3 C67.66 -44.28, 62.56 -40.51, 59.75 -39.16 M58.67 -38.31 C59.19 -45.35, 58.31 -48.83, 58.11 -52.58 M59.78 -39.68 C59.68 -42.16, 59.95 -45.11, 58.23 -52.35 M58.46 -51 C61.55 -49.81, 66.82 -50.06, 71.41 -47.58 M58.55 -52.31 C62.79 -49.77, 68.21 -48.11, 72.64 -47.45 M72.74 -47.01 C72.74 -47.01, 72.74 -47.01, 72.74 -47.01 M72.74 -47.01 C72.74 -47.01, 72.74 -47.01, 72.74 -47.01" stroke="#000000" stroke-width="1" fill="none"></path></g></g><mask></mask><g stroke-linecap="round"><g transform="translate(176.28125 202.35546875) rotate(0 36.01549710836261 23.88830007202921)"><path d="M0.13 -0.62 C5.98 6.56, 22.62 33.89, 34.81 42.06 C47.01 50.23, 66.87 47.45, 73.29 48.4 M-1.26 1.67 C4.55 8.62, 22.18 33.02, 34.44 40.48 C46.7 47.94, 65.81 45.05, 72.3 46.45" stroke="#000000" stroke-width="1" fill="none"></path></g><g transform="translate(176.28125 202.35546875) rotate(0 36.01549710836261 23.88830007202921)"><path d="M70.58 46.51 L57.03 51.7 L58.93 39.03 L73.12 45.44" stroke="none" stroke-width="0" fill="#000000" fill-rule="evenodd"></path><path d="M71.52 47.82 C69.67 47.47, 65.44 49.06, 58.48 53.14 M73.01 46.27 C68.63 47.46, 66.04 49.23, 58.63 52.75 M59.48 51.85 C57.59 47.84, 59.36 44.29, 58.55 38.12 M58.11 52.1 C58.27 49.05, 58.08 44.5, 58.78 39.37 M60.12 37.98 C64.12 41.19, 66.48 42.48, 71.73 46.73 M58.82 39 C64.2 42.43, 68.9 44.25, 71.86 46.4 M72.3 46.45 C72.3 46.45, 72.3 46.45, 72.3 46.45 M72.3 46.45 C72.3 46.45, 72.3 46.45, 72.3 46.45" stroke="#000000" stroke-width="1" fill="none"></path></g></g><mask></mask></svg>
\ No newline at end of file
diff --git a/web/docs/data-model/taxonomies.md b/web/docs/data-model/taxonomies.md
index b53cf5bc175..35fe2006979 100644
--- a/web/docs/data-model/taxonomies.md
+++ b/web/docs/data-model/taxonomies.md
@@ -39,17 +39,17 @@ schema][ocsf-schema].
 We could add [yet another data model](https://xkcd.com/927/), but our goal is
 that you pick one that you know already or like best. We envision a thriving
 community around taxonomization, as exemplified with the [OCSF][ocsf]. With
-Tenzir, we aim for leveraging the taxonomy of your choice. There are currently
-two mechanisms for this purpose:
+Tenzir, we aim for leveraging the taxonomy of your choice.
 
-- [Concept](#concepts): a field mapping/alias that lazily resolves at query time
-- [Model](#models): a set of concepts that in sum describe a specific entity
+:::info Concepts
+A [concept](#concepts) is a field mapping/alias that lazily resolves at query
+time.
+:::
 
-Concepts and models are not embedded in the schema and can therefore evolve
-independently from the data typing. This behavior is different from other
-systems that normalize by *rewriting* the data on ingest, e.g., elastic with
-[ECS][ecs]. We do not advocate for this approach, because it has the following
-drawbacks:
+Concepts are not embedded in the schema and can therefore evolve independently
+from the data typing. This behavior is different from other systems that
+normalize by *rewriting* the data on ingest, e.g., elastic with [ECS][ecs]. We
+do not advocate for this approach, because it has the following drawbacks:
 
 - **Data Lock-in**: if you want to use a different data model tomorrow, you
   would have to rewrite all your past data, which can be infeasible in some
@@ -147,66 +147,3 @@ concepts:
 You can add new mappings to an existing concept in every module. For example,
 when adding a new data source that contains an event with a source IP address
 field, you can define the concept in the corresponding module.
-
-## Models
-
-A *model* is made of one or more concepts. An event fulfills a model
-if and only if it fulfills all contained concepts.
-
-Consider again Sysmon and Suricata data for formalizing the notion of a
-`connection` that requires the following concepts to be fulfilled: `source_ip`,
-`source_port`, `dest_ip`, and `dest_port`. Both `sysmon.NetworkConnection` and
-`suricata.flow` fulfil all concepts of the model `connection`. The model
-definition looks as follows:
-
-```yaml
-models:
-  connection:
-    description: a network connection 4-tuple
-    definition:
-    - source_ip
-    - source_port
-    - destination_ip
-    - destination_port
-```
-
-Models compose like concepts: you can define a new model out of existing models
-or out of a mix of concepts and models. However, a concept cannot include a
-model.
-
-In the above example, the `connection` model consists of the `source_endpoint`
-and `destination_endpoint` model, each of which contains two concepts:
-
-![Model Composition](model-composition.excalidraw.svg)
-
-You can query a model by providing a record literal:
-
-```c
-connection = <_, _, 10.0.0.1, 80>
-```
-
-The query expression resolution begins with models, continues with concepts, and
-terminates when the query consists of extractors only. For example, consider the
-model query `destination_endpoint = <10.0.0.1, 80>` where the left-hand side
-being the name of a model and the right-hand side a record value. Tenzir resolves
-this query into a conjunction first:
-
-```
-destination_ip == 10.0.0.1 && destination_port == 80
-```
-
-Thereafter, the concept resolution takes place again, assuming that there exist
-concept definitions for `destination_port` symmetric to `destination_ip`:
-
-```c
-(sysmon.NetworkConnection.RemoteIp == 10.0.0.1
-  || suricata.flow.dest_ip == 10.0.0.1
-  || zeek.conn.id.resp_h == 10.0.0.1)
-&&
-(sysmon.NetworkConnection.RemotePort == 80
-  || suricata.flow.dest_port == 80
-  || zeek.conn.id.resp_p == 80)
-```
-
-The resolution into conjunctions and disjunctions nicely illustrates the
-duality of models as product types and concepts as sum types.