These docs are for Cribl Stream 4.4 and are no longer actively maintained.
See the latest version (4.14).
C.Text – Text Methods
C.Text.entropy()
Text.entropy(bytes: Buffer | string): numberComputes the Shannon entropy of the given Buffer or string.
Returns the entropy value; or -1 in case of an error.
| Parameter | Type | Description |
|---|---|---|
bytes | Buffer | string | value to undergo Shannon entropy computation. |
C.Text.hashCode()
Text.hashCode(val: string | Buffer | number): numberComputes hashcode (djb2) of the given value.
Returns hashcode value.
| Parameter | Type | Description |
|---|---|---|
val | string | Buffer | number | value to be hashed. |
C.Text.isASCII()
Text.isASCII(bytes: Buffer | string): booleanChecks whether all bytes or chars are in the ASCII printable range.
Returns true if all chars/bytes are within ASCII printable range; otherwise, false.
| Parameter | Type | Description |
|---|---|---|
bytes | string | Buffer | value to check for character range. |
C.Text.isUTF8()
Text.isUTF8(bytes: Buffer | string): booleanChecks whether the given Buffer contains valid UTF8.
Returns true if bytes are UTF8; otherwise, false.
| Parameter | Type | Description |
|---|---|---|
bytes | Buffer | string | bytes to check. |
C.Text.parseWinEvent()
Text.parseWinEvent(xml: string, nonValues: string[] = Text._WIN_EVENT_NON_VALUES): anyParses an XML string representing a Windows event into a compact, prettified JSON object. Works like C.Text.parseXml, but with Windows events, produces more-compact output. For a usage example, see Reducing Windows XML Events.
Returns an object representing the parsed Windows Event; or undefined if the input could not be parsed.
| Parameter | Type | Description |
|---|---|---|
xml | string | an XML string; or an event field containing the XML. |
nonValues | string[] | array of string values. Elements whose value equals any of the values in this array will be omitted from the returned object. Defaults to ['-'], meaning that elements whose value equals - will be discarded. |
C.Text.parseXml()
Text.parseXml(xml: string, keepAttr: boolean = true, keepMetadata: boolean = false, nonValues: string[] = []): anyParses an XML string and returns a JSON object. Can be used with Eval Function to parse XML fields contained in an event, or with ad hoc XML.
Returns an object representing the parsed XML; or undefined if the input could not be parsed. An input collection of elements will be parsed into an array of objects.
| Parameter | Type | Description |
|---|---|---|
xml | string | XML string, or an event field containing the XML. |
keepAttr | boolean | whether or not to include attributes in the returned object. Defaults to true. |
keepMetadata | boolean | whether or not to include metadata found in the XML. The keepAttr parameter must be set to true for this to work. Defaults to false. (Eligible metadata includes namespace definitions and prefixes, and XML declaration attributes such as encoding, version, etc.) |
nonValues | string[] | array of string values. Elements whose value equals any of the values in this array will be omitted from the returned object. Defaults to [] (empty array), meaning discard no elements. |
C.Text.relativeEntropy()
Text.relativeEntropy(bytes: Buffer | string, modelName: string = 'top_domains'): numberComputes the relative entropy of the given Buffer or string.
Returns the relative entropy value, or -1 in case of an error.
| Parameter | Type | Description |
|---|---|---|
bytes | Buffer | string | Value whose relative entropy to compute. |
modelName | string | Optionally, override the default $CRIBL_HOME/data/lookups/model_relative_entropy_top_domains.csv model used to test the input. Create a custom lookup file with the same column and value structure as the default, and store it in the same path, as model_relative_entropy_<custom‑name>.csv. To reference it, pass your <custom‑name> substring as the modelName parameter. |
When using
modelNamein a distributed deployment, the corresponding paths are$CRIBL_HOME/groups/<worker–group‑name>/data/lookups/. Creating your custom lookup file via Cribl Stream’s UI will automatically set the appropriate paths.