Introduction to Stellar Language
Stellar is a domain-specific language (DSL) provided with CCP as a scripting environment. You can use Stellar to filter, transform, and enrich data streaming from your topologies, along with create threat triage rules. You can also use Stellar to interact with various subsystems in CCP, including HBase, Profiler, and Model as a Service (MaaS).
One of the most common uses of Stellar is to enhance and manage data streaming from your topologies. You can create scripts to enrich and transform data. You can also use Stellar to create threat triage rules to provide a sortable score to alert messages. Because Stellar statements are stored in ZooKeeper, you do not need to restart a topology to add the new enrichment or field transformation. To implement a Stellar enrichment or transformation, you only need to update ZooKeeper.
You can also use Stellar to interact with various subsystems in CCP. For example, you can use Stellar to interact with data stores in HBase as an enrichment. You can also interact with Profiler to enable querying historical context. And you can interact with machine learning models deployed with MaaS to integrate the output of machine learning as an enrichment.
The power and flexibility of Stellar is a result of the capabilities available in the scripting environment:
- Provides commonly used simple functions (such as
TO_UPPER,TRIM,IN_SUBNET) - Provides functions to interface with the system at large (for example, data in HBase, models deployed via MaaS)
- Provides ability to create simple conditional statements
- Provides map, list, numeric and string primitives
- Can refer to variables
- Provides the ability to compose simple solutions into more complex solutions
- Provides the ability to define new functions
- Provides a REPL (read, evaluate, print loop) to allow you to test Stellar functions
