This is the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

E

1 - Elasticsearch

Elasticsearch is an Open Source and commercial search index product. Stroom can be connected to one or more Elasticsearch clusters so that event indexing and search is handled by Elasticsearch rather than internally.

2 - ELFF

The Extended Log File Format. A W3C standard format for log files produced by web servers.

3 - Entity

Typically refers to an item that can be created in the Explorer Tree, e.g. a Feed, a Pipeline, a Dashboard, etc. May also be known as a Document.

4 - Event

An event is a single auditable event, e.g. a user logging in to a system. A Stream typically contains multiple events.

In a Raw Events Raw Events This is a Stream Type used for Streams received by Stroom. Streams received by Stroom will be in a variety of text formats (CSV, delimited, fixed width, XML, JSON, etc.). Until they have been processed by a pipeline they are essentially just unstructured character data with no concept of what is a record/event. A Parser in a pipeline is required to provide the demarcation between records/events.Click to see more details... an event is typically represented as block of XML or JSON, a single line for CSV data. In an Events Events This is a Stream Type in Stroom. An Events stream consists of processed/cooked data that has been demarcated into individual Events.Click to see more details... Stream Stream A Stream is the unit of data that Stroom works with and will typically contain many Events.Click to see more details... an event is identified by its Event ID which its position in that stream (as a one-based number). The Event ID combined with a Stream ID provide a unique identifier for an event within a Stroom instance.

5 - Events

This is a Stream Type in Stroom. An Events stream consists of processed/cooked data that has been demarcated into individual Events.

Typically in Stroom an Events stream will contain data conforming to the event-logging XML Schema which provides a normalised form for all Raw Events Raw Events This is a Stream Type used for Streams received by Stroom. Streams received by Stroom will be in a variety of text formats (CSV, delimited, fixed width, XML, JSON, etc.). Until they have been processed by a pipeline they are essentially just unstructured character data with no concept of what is a record/event. A Parser in a pipeline is required to provide the demarcation between records/events.Click to see more details... to be transformed into.

6 - Explorer tree

The left hand navigation tree. The Explorer Tree is used for finding, opening, creating, renaming, copying, moving and deleting Documents.

It can also be used to control the access permissions of entities and folders. The tree can be filtered using the quick filter, see Finding Things for more details.

7 - Expression tree

A tree of expression terms that each evaluate to a boolean (True/False) value. Terms can be grouped together within an expression operator (AND, OR, NOT).

For example:

AND (
  Feed is CSV_FEED
  Type = Raw Events
)

Expression Trees are used in Processor Filters Processor filter A Processor Filter is used to used to find Streams to process through the Pipeline associated with the Processor Filter. A Processor Filter consists of an expression tree to select which Streams to process and a tracker to track the what Streams have been processed.Click to see more details... and Query Query The search Query in a Dashboard that selects the data to display. The Query is constructed using an Expression Tree of terms.Click to see more details... expressions.