gnat_split
Synopsis
Splits a stream into multiple streams based on the proto field in the Parquet file.
Description
The gnat_split tool is primarily used to split streams based on the proto field in the Parquet file
This tool implements the gnat command line interface.
Required Arguments
--output <split_configuration>
The --output argument specifies the output configuration file in JSON format.
Json File Format
The JSON file is composed of an array of JSON objects, each object defining a proto and path. The following are valid proto values:
| field | description |
|---|---|
arp | Address Resolution Protocol (ARP) |
icmp | Internet Control Message Protocol (ICMP) |
udp | User Datagram Protocol (UDP) |
tcp | Transmission Control Protocol (TCP) |
Example
Split input stream into icmp, udp, and tcp sending the results to their respective directories
$ gnat_split --input /var/spool/input --output /etc/split.json --interval minute
The configuration split.json file should be in JSON format and specify output streams.
Here is an example configuration file:
[
{ "proto":"arp", "path":"/var/spool/arp"},
{ "proto":"icmp", "path":"/var/spool/icmp"},
{ "proto":"tcp", "path":"/var/spool/tcp"},
{ "proto":"udp", "path":"/var/spool/udp"}
]