base/frameworks/sumstats/plugins/topk.zeek¶

SumStats¶

Keep the top-k (i.e., most frequently occurring) observations.

This plugin uses a probabilistic algorithm to count the top-k elements. The algorithm (called Space-Saving) is described in the paper Efficient Computation of Frequent and Top-k Elements in Data Streams”, by Metwally et al. (2005).

Namespace: SumStats
Imports: base/frameworks/sumstats

Summary¶

Redefinitions¶

`SumStats::Calculation`: `enum`	`SumStats::TOPK`: Keep a top-k list of values.
`SumStats::Reducer`: `record`	New Fields `SumStats::Reducer` topk_size: `count` `&default` = `500` `&optional` Number of elements to keep in the top-k list.
`SumStats::ResultVal`: `record`	New Fields `SumStats::ResultVal` topk: `opaque` of topk `&optional` A handle which can be passed to some built-in functions to get the top-k results.

Detailed Interface¶

Read the Docs v: master (git/master)

Versions: master; v4.2.1; v4.2.0; v4.1.1; v4.0.6; v4.0.5; v4.0.4; v4.0.3; v4.0.2; v4.0.1; v4.0.0; v4.0.0-rc3; v4.0.0-rc2; v4.0.0-rc1; v3.2.3; v3.2.2; v3.2.1; v3.2.0; v3.2.0-rc1; v3.1.4; v3.1.3; v3.1.2; v3.1.1; v3.1.0; v3.1.0-rc; v3.0.14; v3.0.13; v3.0.12; v3.0.11; v3.0.10; v3.0.9; v3.0.8; v3.0.7; v3.0.6; v3.0.5; v3.0.4; v3.0.3; v3.0.2; v3.0.1; v3.0.0; lts; devel; current

Downloads: html

On Read the Docs: Project Home; Builds