diff --git a/CHANGELOG.md b/CHANGELOG.md
index 72ea1f9b2..335882387 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -9,6 +9,7 @@
* removed the configuration `tld_lists` in `domain_resolver`, `domain_label_extractor` and `pseudonymizer` as
the list is now fixed inside the packaged logprep
* remove SQL feature from `generic_adder`, fields can only be added from rule config or from file
+* use a single rule tree instead of a generic and a specific rule tree
### Features
diff --git a/README.md b/README.md
index 67d9ae108..5465bc434 100644
--- a/README.md
+++ b/README.md
@@ -90,7 +90,7 @@ and secondly they specify how to process the message.
For example which fields should be deleted or to which IP-address the geolocation should be
retrieved.
-For performance reasons on startup all rules per processor are aggregated to a generic and a specific rule tree, respectively.
+For performance reasons on startup all rules per processor are aggregated to a rule tree.
Instead of evaluating all rules independently for each log message the message is checked against
the rule tree.
Each node in the rule tree represents a condition that has to be meet,
@@ -130,11 +130,6 @@ This configuration will lead to the prioritization of `tags` and `message` in th
}
```
-Instead of writing very specific rules that apply to single log messages, it is also possible
-to define generic rules that apply to multiple messages.
-It is possible to define a set of generic and specific rules for each processor, resulting
-in two rule trees.
-
### Connectors
Connectors are responsible for reading the input and writing the result to a desired output.
@@ -168,24 +163,20 @@ timeout: 0.1
pipeline:
- dissector:
type: dissector
- specific_rules:
+ rules:
- https://your-api/dissector/
- generic_rules:
- - rules/01_dissector/generic/
+ - rules/01_dissector/rules/
- geoip_enricher:
type: geoip_enricher
- specific_rules:
+ rules:
- https://your-api/geoip/
- generic_rules:
- - rules/02_geoip_enricher/generic/
+ - rules/02_geoip_enricher/rules/
tree_config: artifacts/tree_config.json
db_path: artifacts/GeoDB.mmdb
- dropper:
type: dropper
- specific_rules:
- - rules/03_dropper/specific/
- generic_rules:
- - rules/03_dropper/generic/
+ rules:
+ - rules/03_dropper/rules/
input:
mykafka:
@@ -212,7 +203,7 @@ output:
```
The following yaml represents a dropper rule which according to the previous configuration
-should be in the `rules/03_dropper/generic/` directory.
+should be in the `rules/03_dropper/rules/` directory.
```yaml
filter: "message"
diff --git a/doc/source/development/architecture/diagramms/pipeline.drawio b/doc/source/development/architecture/diagramms/pipeline.drawio
index 576852ac0..5fda47137 100644
--- a/doc/source/development/architecture/diagramms/pipeline.drawio
+++ b/doc/source/development/architecture/diagramms/pipeline.drawio
@@ -1,299 +1,299 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
\ No newline at end of file
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/doc/source/development/architecture/diagramms/pipeline.drawio.html b/doc/source/development/architecture/diagramms/pipeline.drawio.html
index e29358005..00467e61d 100644
--- a/doc/source/development/architecture/diagramms/pipeline.drawio.html
+++ b/doc/source/development/architecture/diagramms/pipeline.drawio.html
@@ -5,7 +5,8 @@
pipeline
-
-
+
+
+
-
\ No newline at end of file
+