Skip to content
Tenzir
Docs
Integrations
Changelog
Search
Ctrl
K
Cancel
GitHub
Discord
LinkedIn
Select theme
Auto
Dark
Light
Guides
Tutorials
Explanations
Reference
Operators
Overview
api
assert
assert_throughput
batch
buffer
cache
chart_area
chart_bar
chart_line
chart_pie
compress
compress_brotli
compress_bz2
compress_gzip
compress_lz4
compress_zstd
context::create_bloom_filter
context::create_geoip
context::create_lookup_table
context::enrich
context::erase
context::inspect
context::list
context::load
context::remove
context::reset
context::save
context::update
cron
decompress
decompress_brotli
decompress_bz2
decompress_gzip
decompress_lz4
decompress_zstd
deduplicate
delay
diagnostics
discard
drop
enumerate
every
export
fields
files
fork
from
from_file
from_fluent_bit
from_http
from_opensearch
from_velociraptor
head
http
import
legacy
load_amqp
load_azure_blob_storage
load_balance
load_file
load_ftp
load_gcs
load_google_cloud_pubsub
load_http
load_kafka
load_nic
load_s3
load_sqs
load_stdin
load_tcp
load_udp
load_zmq
local
measure
metrics
move
nics
ocsf::apply
openapi
package::add
package::list
package::remove
partitions
pass
pipeline::activity
pipeline::detach
pipeline::list
pipeline::run
plugins
processes
publish
python
rare
read_bitz
read_cef
read_csv
read_delimited
read_delimited_regex
read_feather
read_gelf
read_grok
read_json
read_kv
read_leef
read_lines
read_ndjson
read_parquet
read_pcap
read_ssv
read_suricata
read_syslog
read_tsv
read_xsv
read_yaml
read_zeek_json
read_zeek_tsv
remote
repeat
reverse
sample
save_amqp
save_azure_blob_storage
save_email
save_file
save_ftp
save_gcs
save_google_cloud_pubsub
save_http
save_kafka
save_s3
save_sqs
save_stdout
save_tcp
save_udp
save_zmq
schemas
select
serve
set
shell
sigma
slice
sockets
sort
strict
subscribe
summarize
tail
taste
throttle
timeshift
to
to_asl
to_azure_log_analytics
to_clickhouse
to_fluent_bit
to_google_cloud_logging
to_google_secops
to_hive
to_opensearch
to_snowflake
to_splunk
top
unordered
unroll
version
where
write_bitz
write_csv
write_feather
write_json
write_kv
write_lines
write_ndjson
write_parquet
write_pcap
write_ssv
write_syslog
write_tql
write_tsv
write_xsv
write_yaml
write_zeek_tsv
yara
Functions
Overview
abs
all
any
append
bit_and
bit_not
bit_or
bit_xor
capitalize
ceil
collect
community_id
concatenate
config
count
count_days
count_distinct
count_hours
count_if
count_microseconds
count_milliseconds
count_minutes
count_months
count_nanoseconds
count_seconds
count_weeks
count_years
day
days
decapsulate
decode_base64
decode_hex
decode_url
distinct
duration
encode_base64
encode_hex
encode_url
encrypt_cryptopan
ends_with
entropy
env
file_contents
file_name
first
flatten
float
floor
format_time
from_epoch
get
has
hash_md5
hash_sha1
hash_sha224
hash_sha256
hash_sha384
hash_sha512
hash_xxh3
hour
hours
int
ip
is_alnum
is_alpha
is_lower
is_numeric
is_printable
is_title
is_upper
is_v4
is_v6
join
keys
last
length
length_bytes
length_chars
map
match_regex
max
mean
median
merge
microseconds
milliseconds
min
minute
minutes
mode
month
months
nanoseconds
network
now
ocsf::category_name
ocsf::category_uid
ocsf::class_name
ocsf::class_uid
ocsf::type_name
ocsf::type_uid
otherwise
parent_dir
parse_cef
parse_csv
parse_grok
parse_json
parse_kv
parse_leef
parse_ssv
parse_syslog
parse_time
parse_tsv
parse_xsv
parse_yaml
prepend
print_cef
print_csv
print_json
print_kv
print_leef
print_ndjson
print_ssv
print_tsv
print_xsv
print_yaml
quantile
random
replace
replace_regex
reverse
round
second
seconds
secret
shift_left
shift_right
since_epoch
slice
sort
split
split_regex
sqrt
starts_with
stddev
string
subnet
sum
time
to_lower
to_title
to_upper
trim
trim_end
trim_start
type_id
type_of
uint
unflatten
value_counts
variance
weeks
where
year
years
zip
Language
Statements
Expressions
Types
Node
Configuration
API
Overview
Operations
Returns a success response
Create a new pipeline
Delete an existing pipeline
Launch a new pipeline
List all existing pipelines
Reset the TTL of an existing pipeline
Update pipeline state
Return data from a pipeline
Platform
Configuration
Command Line Interface
API
Overview
Operations
Proxy Endpoint
Simplified Proxy Endpoint
List Connected Nodes Endpoint
Refresh Alerts Endpoint
Health Endpoint
GitHub
Discord
LinkedIn
Select theme
Auto
Dark
Light
reference
platform
api
operations
health_endpoint_production_health_get
Health Endpoint
GET
/production/health
Responses
Section titled “ Responses ”
200
Section titled “200 ”
Successful Response
Select media type
application/json
