Skip to content

Track 1 Punch Language Fundamentals

Abstract

This track covers the fundamentals of the punch programming language, and its typical usage for parsing, enriching, normalizing incoming events such as applicative, system or security logs.

The sample punchlets illustrated in this training are shipped together with the punch standalone and punch console packages. They are located under the $PUNCHPLATFORM_CONF_DIR folder.

Execute a punchlet

First start by simply execute the following punchlet:

// @test(encoding=json) {"logs":{"log": {"a sample log":}
{
    print(root);
    [logs][user] = "bob";
    print(root);
    [logs][age] = 22;
    print(root);
}

You can execute it simply by typing:

punchplatform-puncher.sh creating_tuples.punch

Question

Can you guess what this is all about ?

The basics

Go through the punch programming overview.

Question

What is the relation between the punch language and the JSON format ?

Question

What are the types you manipulate in the punch language ? Are they equivalent to JSON types ?

Tuples

Go through the punch programming overview.

Question

What is the typical use of a temporary tuple ?

Question

What does it mean to clone a tuple ?