forked from defensestation/osquery
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathaggs_filter.go
53 lines (44 loc) · 1.33 KB
/
aggs_filter.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
// Modified by DefenseStation on 2024-06-06
// Changes: Updated ElasticSearch client to OpenSearch client, changed package name to 'osquery',
// updated references to OpenSearch documentation, and modified examples accordingly.
package osquery
type FilterAggregation struct {
name string
filter Mappable
aggs []Aggregation
}
// FilterAgg creates a new aggregation of type "filter". The method name includes
// the "Agg" suffix to prevent conflict with the "filter" query.
func FilterAgg(name string, filter Mappable) *FilterAggregation {
return &FilterAggregation{
name: name,
filter: filter,
}
}
// Name returns the name of the aggregation.
func (agg *FilterAggregation) Name() string {
return agg.name
}
// Filter sets the filter items
func (agg *FilterAggregation) Filter(filter Mappable) *FilterAggregation {
agg.filter = filter
return agg
}
// Aggs sets sub-aggregations for the aggregation.
func (agg *FilterAggregation) Aggs(aggs ...Aggregation) *FilterAggregation {
agg.aggs = aggs
return agg
}
func (agg *FilterAggregation) Map() map[string]interface{} {
outerMap := map[string]interface{}{
"filter": agg.filter.Map(),
}
if len(agg.aggs) > 0 {
subAggs := make(map[string]map[string]interface{})
for _, sub := range agg.aggs {
subAggs[sub.Name()] = sub.Map()
}
outerMap["aggs"] = subAggs
}
return outerMap
}