:py:mod:`dissect.etl.etl`
=========================

.. py:module:: dissect.etl.etl


Module Contents
---------------

Classes
~~~~~~~

.. autoapisummary::

   dissect.etl.etl.ETL
   dissect.etl.etl.Buffer
   dissect.etl.etl.EventRecord
   dissect.etl.etl.Event



Functions
~~~~~~~~~

.. autoapisummary::
   :nosignatures:

   dissect.etl.etl.parse_payload



.. py:class:: ETL(fh: BinaryIO)

   The main interface when controlling an ETL file.


   .. py:attribute:: fh


   .. py:attribute:: buffer_header
      :value: None



   .. py:attribute:: logfile_header


   .. py:attribute:: pointer_size


   .. py:attribute:: is_64bit


   .. py:attribute:: start_time


   .. py:attribute:: buffer_size


   .. py:attribute:: start


   .. py:attribute:: end


   .. py:method:: buffer(index: int) -> Buffer

      Reads a specific buffer into memory.



   .. py:method:: buffers() -> collections.abc.Iterator[Buffer]


   .. py:method:: __iter__() -> collections.abc.Iterator[Event]


   .. py:method:: calculate_timestamp(time_delta: int) -> datetime.datetime


   .. py:method:: get_filetime_for_event(time_delta: int) -> int


.. py:class:: Buffer(etl: ETL, offset: int)

   .. py:attribute:: fh


   .. py:attribute:: etl


   .. py:attribute:: offset


   .. py:property:: header
      :type: dissect.etl.c_etl.c_etl.BufferHeader



   .. py:property:: size
      :type: int



   .. py:property:: data
      :type: memoryview



   .. py:property:: data_offset
      :type: int



   .. py:property:: filled_bytes
      :type: int



   .. py:property:: next_buffer
      :type: int



   .. py:method:: __iter__() -> collections.abc.Iterator[EventRecord]


   .. py:method:: read_record(offset: int) -> EventRecord

      Parse a record from a given offset inside a buffer.



   .. py:method:: open() -> BinaryIO


.. py:class:: EventRecord

   .. py:attribute:: __slots__
      :value: ('_event', '_header')



   .. py:property:: header
      :type: dissect.etl.headers.headers.Header


      A header of the type Header


   .. py:property:: size
      :type: int


      Size of the whole record.


   .. py:property:: event
      :type: Event


      Parse payload inside the event header.


   .. py:property:: aligned_size
      :type: int



   .. py:method:: __repr__() -> str


.. py:class:: Event(header: dissect.etl.headers.headers.Header, event_manifest: types.ModuleType)

   .. py:attribute:: __slots__
      :value: ['_event', '_header', '_manifest', '_record', '_struct']



   .. py:method:: __getattr__(attribute: str) -> Any


   .. py:method:: provider_name() -> str | None

      Returns the manifest provider name.



   .. py:method:: ts() -> datetime.datetime

      Returns the event timestamp.



   .. py:method:: provider_id() -> uuid.UUID

      Returns the GUID of the provider from the header.



   .. py:method:: symbol() -> str | None


   .. py:method:: event_values() -> dict[str, Any]

      Create an items view that holds event and header data.

      The header data is additional information provided from a specific header.
      The event data is from a specific manifest file if it exists.



   .. py:method:: __repr__() -> str


.. py:function:: parse_payload(header: dissect.etl.headers.headers.Header) -> Event

   Parse the event payload using the appropriate manifest, if available.