Function Junction

Course Map

Course Map - Pipelines

In order to help Ed investigate the breach, we need to create a Pipeline: A series of Functions that transform data.

important

Create a pipeline

  1. Select the Processing submenu and click Pipelines
  2. Click + Pipeline then click Create Pipeline
  3. In the ID field, enter breachlookup
  4. In the description enter csv lookup on src and dst ips
  5. Click Save

Welcome to where the magic (Functions) happens. Some argue that the magic of Stream lies in avoiding vendor lock-in by supporting myriad Sources and Destinations allowing you to connect almost anything to anything. They are also right. But we're here to talk about Functions.

A Function is code that transforms the data inside an event. It can:

  • Extract (and label) information from a payload for later use
  • Delete erroneous data from an event
  • Add important information to an event
  • Edit data inside an event to help you better understand it
  • Mask sensitive data inside of payloads to ensure no accidental exposure of personal identifiable information (PII) down the line
  • Many more!
Adding Lookup FilesRegex Extract Function