Steve McCanne
Steve McCanne
From [Puneet Khandelwal](https://app.slack.com/team/U03P36AV8F7) on Brim slack: ``` Also, I wanted to point out that in BRIM UI, the query for 'windows networking activity' which is: _path matches smb* OR _path=="dce_rpc"...
Brim will often truncate a column when there is plenty of screen real estate to otherwise avoid the truncation. For example, this data loaded into a pool with a query...
I noticed the difference in time-to-data between ``` sample ``` and ``` sample | fuse ``` was quite stark with our `all.pcap` test file even though the output of sample...
This is probably a low priority item. Wiith zng-beta, we are getting rid of the port type and creating an alias to uint16 in the zeekio module. As we evolve...
If a type name changes, `is()` should be able to match the different instances of the same name, e.g., ``` % zq in.zson {a:1}(=a) {b:2}(=a) {a:3}(=a) % zq "is(type(a))" in.zson...
The collect aggregator is receiving null values for some reason in `ConsumeAsPartial()`. Let's investigate this and either eliminate the call or document it better. Recreate with ``` collect(x) by key...
``` echo '{ts:2018-03-24T17:30:20Z}' | zq 'cut delta:=(ts+1s)-ts' - ``` is ``` {delta:1970-01-01T00:00:01Z} ``` but should be ``` {delta:1s} ```
Currently, types that don't resolve at compile-time cause a fatal error (except for single-name references like `type(foo)` that uses expr.TypeFunc). We should extend expr.TypeFunc to be able to resolve any...
The `zed lake status` command (re-)exposed a bug (we knew about) where arrays of mixed-type values are not handled by zng.Marshal, in particular, `MarshalZNGContext.encodeArray()` uses the last value of the...
The design strategy for zng.Record is that it always fits in memory. Yet, union and collect aggregators can create very large records that exceed limits. As long as records fit...