Contexts
A context is a stateful object that can be used for enrichment in pipelines. You
can manage a context instance with the context
operator and use it with the enrich
operator in one or
more other pipelines.
Each context has a specific type that needs to be specified upon construction. Each context type defines how it processes updates and how it enriches. For example, the lookup table context extends events by performing a key-based lookup in a hash table.
The list below shows all available context types. For a more in-depth introduction into the contextualization framework, please refer to our blog post Contextualization Made Simple.
To create a context, use the context create
operator
or configure the context as part of your configuration file:
tenzir:
contexts:
# A unique name for the context that's used in the context, enrich, and
# lookup operators to refer to the context.
indicators:
# The type of the context.
type: bloom-filter
# Arguments for creating the context, depending on the type. Refer to the
# documentation of the individual context types to see the arguments they
# require. Note that changes to these arguments do not apply to any
# contexts that were previously created.
arguments:
capacity: 1B
fp-probability: 0.001
📄️ Bloom Filter
A space-efficient data structure to represent large sets.
📄️ GeoIP
A context for enriching IP addresses with geographical data.
📄️ Lookup Table
An in-memory hash table with a single key column for enriching with arbitrary