SFO      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~ non-portable experimentalvirukav@gmail.com9Discard until predicate and split a string to the fields 3Recursively collect values contained in the Just 'Get field after discarding the prefix 'Get fields after discarding the prefix  Parse string to the field value 'Concatenate fields to the string value ?Look ahead for the first substring until the second substring AGet fields if the first substring matches otherwise return empty JGet field if the first substring matches otherwise return a default value BGet string field if the first substring matches otherwise return  a default value Discard the matching lines 6Test the first predicate until the second predicate        non-portable experimentalvirukav@gmail.comFormat facts data @Operations to parse log data, make LogTree and generate hints The nodes of the LogTree ,The key to look for the data in the LogTree 0LogTree implemented as IntervalMap.FingerTree  1Hint is defined as the triple of the rule name, 0 rule action (text message) and rule conditions     non-portable experimentalvirukav@gmail.com non-portable experimentalvirukav@gmail.com !4The request time interval to query sysmon reports. F If the value of the request interval is Nothing the default max time @ interval request will be used. See function maxInterval below. "Merge two log trees #AGeneric parse the log files and store the data in the log tree. > To parse sysmon logs use parseSysmon from SysmonLog package. K This package implements Sysmon instance of LogEntry class (see Sample.hs) $5Max interval to cover all intervals in the log tree FGet hints for the average sysmon report corresponding to the request H time interval. To override the default hints parameters use ConfigFile G api. See HConfig data type in SysmonTypes package for the list of the  configuartion parameters. %Pretty print the hints &CAverage sysmon report corresponding to the requested time interval 'AGet log reports which intersecs with the requested time interval (;Get intervals which intersect with the requested interval )@Check if the log tree contains an interval corresponding to the  requested time interval *Create log time interval :All intervals that intersect with the given interval, in  lexicographical order !"#$%&'()*!"#$%&'()* !"#$%&'()* non-portable experimentalvirukav@gmail.com non-portable experimentalvirukav@gmail.com+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~Sysmon configuration type +,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~ѧz{|}~qrstuvwxymnopYZ[\]^_`abcdefghijklRSTUVWXGHIJKLMNOPQ=>?@ABCDEF9:;<5678+,-./01234+ ,-./01234,-./0123456786789:;<:;<= >?@ABCDEF>?@ABCDEFG HIJKLMNOPQHIJKLMNOPQRSTUVWXSTUVWXYZ[\]^_`abcdefghijklZ[\]^_`abcdefghijklmnopnopqrstuvwxyrstuvwxyz{|}~{|}~  non-portable experimentalvirukav@gmail.comBDefault configuration. To override the default configuration item  use ConfigFile package API. .Create Sysmon configuration from ConfigParser  non-portable experimentalvirukav@gmail.com      !""#$%&'()*+,-./01234456789:;<==>?@@ABCCDEFGHIJKLLMNOPQRSTUVVWXYZ[\\]^_`abcdefghijklmnoopqrrstuvwxyzz{|}~~ Sysmon-0.1.2Database.Sybase.Sysmon.Log$Database.Sybase.Sysmon.LogParserPrimDatabase.Sybase.Sysmon.LogTypes"Database.Sybase.Sysmon.SysmonTypes"Database.Sybase.Sysmon.SysmonHints Database.Sybase.Sysmon.SysmonLogDatabase.Sybase.Sysmon.AverageDatabase.Sybase.Sysmon.Derivefingertree-0.0.1.0Data.IntervalMap.FingerTreehighlowIntervalFieldLogState whileJust matchField matchLinefieldstringlookoptLineoptField optStringgoto lookAheadLogShowlshowLogEntrymkNodemkParsemkHints mkLogTreeLogNode LogIntervalLogTreeActionRuleIdResultFactsHint LogRequestmergeparsehintsfmtHintsaveragelist intervals hasInterval mkIntervalSysmon sysmonTimekerneltask transactionindexlockcachediskDevice deviceNametotalIOEngineIO engineName outstandIODisk enginesIO delayByDiskIO delayByServer delayByEngine delayByOS requestedIO completedIOdevices NamedCache cacheNamespinContention utilizationhitswashmisses totHitsMisslargeIO largeIOTotalCache cacheHits cacheMisses dirtyBufferstotCachecachesLocklockReqslockCont deadlocksexTableshTableexIntentshIntentexPageupPageshPageexRowupRowshRow exAddress shAddresslpLock promotionstimeoutsIndexsplitsshrinksUlcFlushfullUlcendTranchangeDB logRecordbyUnpinbyOthertotFlushRequestgrantedwaitedtotReq Transactioncommitedinsertsupdatesdeletesflushes ulsSemReqs logSemReqs avgLogWritesTask connections taskSwitch taskSwitchDue totSwitch TaskSwitchDue volYieldscacheSearchMiss batchSize diskWrites logicLockCont addrLockCont latchContsemCont plcLockCont comtSleeps lastLogPage conflicts deviceCont netReceivednetSent netServicesother totSwitchDue TaskSwitchbyEngine numSwitchKernelengBusycpuYlds avgCpuBusy avgIOBusytotYlds checkDiskIO avgDiskIOCpuYieldengNameyields EngineBusynamecpuBusyioBusyHConfighiCPUhiIOhiIdle hiCheckDiskIO loAvgDiskIOhiStdDeviationhiSwitchPerTransactionhiContextSwitchDuehiDirtyBuffers loCacheHits hiCacheWash loLargeIOhiUlcSemRequestshiLogSemRequestshiAvgLogWriteshiCommitedTrans hiPageSplits hiLockSummary hiDeadlockhiLastPageLockhiLockPromotionsloCacheSpinContention ioDelayByHintEnvmkConfigeval sysmonHintsresult foldResult parseSysmonline Averageableavgfindgenpe deriveAverage defConfigpercent checkCpuBusy checkCpuIdle checkIOEngine checkIODiskcheckEngineBalancecheckSwitchesPerTrancheckContextSwitches checkUlcCont checkLogContcheckAvgLogWrites checkPageCont checkLockContcheckDeadlockscheckLastPageLockscheckLockPromotionverifyNamedCachecheckCacheTurnover checkSpinContcheckCacheHitscheckCacheWashcheckCacheLargeIO checkIOBusycheckResourceContfsgetTimeInterval getKernel getEngineBusy getCpuYieldgetTask getTaskSwitchgetTaskSwitchDuegetTransaction getUlcFlush getRequestgetIndexgetLockgetCache getNamedCachegetDisk getEngineIO getDevice getSysmon