forked from defensestation/osquery
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathaggs_nested.go
57 lines (47 loc) · 1.35 KB
/
aggs_nested.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
// Modified by DefenseStation on 2024-06-06
// Changes: Updated ElasticSearch client to OpenSearch client, changed package name to 'osquery',
// updated references to OpenSearch documentation, and modified examples accordingly.
package osquery
type NestedAggregation struct {
name string
path string
aggs []Aggregation
}
// NestedAgg creates a new aggregation of type "nested". The method name includes
// the "Agg" suffix to prevent conflict with the "nested" query.
func NestedAgg(name string, path string) *NestedAggregation {
return &NestedAggregation{
name: name,
path: path,
}
}
// Name returns the name of the aggregation.
func (agg *NestedAggregation) Name() string {
return agg.name
}
// Path sets the aggregations path
func (agg *NestedAggregation) Path(p string) *NestedAggregation {
agg.path = p
return agg
}
// Aggs sets sub-aggregations for the aggregation.
func (agg *NestedAggregation) Aggs(aggs ...Aggregation) *NestedAggregation {
agg.aggs = aggs
return agg
}
func (agg *NestedAggregation) Map() map[string]interface{} {
innerMap := map[string]interface{}{
"path": agg.path,
}
outerMap := map[string]interface{}{
"nested": innerMap,
}
if len(agg.aggs) > 0 {
subAggs := make(map[string]map[string]interface{})
for _, sub := range agg.aggs {
subAggs[sub.Name()] = sub.Map()
}
outerMap["aggs"] = subAggs
}
return outerMap
}