func (i *Indexer) AddEvent(event eve.RawEveEvent) error {
uuid := uuid.NewV1()
timestamp, err := event.GetTimestamp()
if err != nil {
log.Error("Failed to get timestamp from event: %v", err)
}
encoded, err := json.Marshal(&event)
if err != nil {
log.Error("Failed to encode event.")
}
_, err = i.stmt.Exec(uuid, timestamp, string(encoded))
if err != nil {
log.Fatal(err)
}
return nil
}
func (i *BulkEveIndexer) IndexRawEvent(event eve.RawEveEvent) error {
timestamp, err := event.GetTimestamp()
if err != nil {
return err
}
event["@timestamp"] = timestamp.UTC().Format(AtTimestampFormat)
index := fmt.Sprintf("%s-%s", i.IndexPrefix, timestamp.UTC().Format("2006.01.02"))
header := BulkCreateHeader{}
header.Create.Index = index
header.Create.Type = "log"
header.Create.Id = uuid.NewV1().String()
encoder := json.NewEncoder(i.pipeWriter)
encoder.Encode(&header)
encoder.Encode(event)
i.queued++
return nil
}