[Zeek] Using "dbl" instead of "num" in SumStats
Jim Mellander
jmellander at lbl.gov
Sun May 5 10:54:09 PDT 2019
Hi Hugo:
The observation record is defined
(share/bro/base/frameworks/sumstats/main.bro) as:
## Represents data being added for a single observation.
## Only supply a single field at a time!
type Observation: record {
## Count value.
num: count &optional;
## Double value.
dbl: double &optional;
## String value.
str: string &optional;
};
so in SumStats::observe, you would supply the dbl optional value instead of
num, e.g.
SumStats::observe("mysumstat",
SumStats::Key($host=foo),
SumStats::Observation($dbl=bar));
(don't supply more than 1 optional value).
Hope this helps. BTW: I'm interested in the uses that folks find for
sumstats. Care to comment on your use case?
Jim
On Sun, May 5, 2019 at 10:38 AM Hui Lin (Hugo) <hlin33 at illinois.edu> wrote:
> Hi
>
> By default, SumStats will apply calculation on "num" instead of "dbl". How
> can I make it apply calculation on dbl instead?
>
> Thanks
>
> Hui Lin
>
> --
> Hui Lin
> Ph.D. Candidate (http://hlin33.web.engr.illinois.edu/)
> DEPEND (http://depend.csl.illinois.edu/)
> ECE, Uni. of Illinois at Urbana-Champaign
>
> _______________________________________________
> Zeek mailing list
> zeek at zeek.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/zeek
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20190505/1aa11b1d/attachment.html
More information about the Zeek
mailing list