base/frameworks/sumstats/plugins/topk.zeek

SumStats

Keep the top-k (i.e., most frequently occurring) observations.

This plugin uses a probabilistic algorithm to count the top-k elements. The algorithm (called Space-Saving) is described in the paper Efficient Computation of Frequent and Top-k Elements in Data Streams”, by Metwally et al. (2005).

Namespace

SumStats

Imports

base/frameworks/sumstats

Summary

Redefinitions

SumStats::Calculation: enum

SumStats::Reducer: record

New Fields

SumStats::Reducer

topk_size: count &default = 500 &optional

Number of elements to keep in the top-k list.

SumStats::ResultVal: record

New Fields

SumStats::ResultVal

topk: opaque of topk &optional

A handle which can be passed to some built-in functions to get the top-k results.

Detailed Interface