:py:mod:`dissect.etl.etl`
=========================

.. py:module:: dissect.etl.etl


Module Contents
---------------

Classes
~~~~~~~

.. autoapisummary::

   dissect.etl.etl.ETL
   dissect.etl.etl.Buffer
   dissect.etl.etl.EventRecord
   dissect.etl.etl.Event



Functions
~~~~~~~~~

.. autoapisummary::
   :nosignatures:

   dissect.etl.etl.parse_payload



Attributes
~~~~~~~~~~

.. autoapisummary::

   dissect.etl.etl.c_etl


.. py:data:: c_etl

   

.. py:class:: ETL(fh)


   The main interface when controlling an ETL file.

   .. py:method:: buffer(index: int) -> Buffer

      Reads a specific buffer into memory.


   .. py:method:: buffers() -> Iterable[Buffer]


   .. py:method:: __iter__() -> Iterable[Event]


   .. py:method:: calculate_timestamp(time_delta: int) -> datetime.datetime


   .. py:method:: get_filetime_for_event(time_delta: int) -> int



.. py:class:: Buffer(etl, offset)


   .. py:property:: header


   .. py:property:: size
      :type: int


   .. py:property:: data
      :type: memoryview


   .. py:property:: data_offset
      :type: int


   .. py:property:: filled_bytes
      :type: int


   .. py:property:: next_buffer
      :type: int


   .. py:method:: __iter__() -> Iterable[EventRecord]


   .. py:method:: read_record(offset)

      Parse a record from a given offset inside a buffer.


   .. py:method:: open()



.. py:class:: EventRecord


   .. py:property:: header
      :type: dissect.etl.headers.headers.Header

      A header of the type Header

   .. py:property:: size
      :type: int

      Size of the whole record.

   .. py:property:: event
      :type: Event

      Parse payload inside the event header.

   .. py:property:: aligned_size


   .. py:attribute:: __slots__
      :value: ('_header', '_event')

      

   .. py:method:: __repr__()

      Return repr(self).



.. py:class:: Event(header: dissect.etl.headers.headers.Header, event_manifest)


   .. py:attribute:: __slots__
      :value: ['_record', '_manifest', '_struct', '_event', '_header']

      

   .. py:method:: __getattr__(attribute: str)


   .. py:method:: provider_name() -> Optional[str]

      Returns the manifest provider name.


   .. py:method:: ts() -> datetime.datetime

      Returns the event timestamp.


   .. py:method:: provider_id() -> uuid.UUID

      Returns the GUID of the provider from the header.


   .. py:method:: symbol()


   .. py:method:: event_values() -> dict[str, Any]

      Create an items view that holds event and header data.

      The header data is additional information provided from a specific header.
      The event data is from a specific manifest file if it exists.


   .. py:method:: __repr__()

      Return repr(self).



.. py:function:: parse_payload(header: dissect.etl.headers.headers.Header)

   Parse the event payload using the appropriate manifest, if available.