Hello Metron Team,
I have created following profiler:
> {
> "profile": "host-talks-to",
> "onlyif": "exists(source_ip)",
> "foreach": "source_ip",
> "init": {
> "outcoming": "HLLP_INIT(5, 6)"
> },
> "update": { "outcoming": "HLLP_ADD(outcoming, destination_ip)" },
> "result": "HLLP_CARDINALITY(outcoming)"
> }
I have also created enrichment rule:
> {
> "enrichment" : {
> "fieldMap": {
> "stellar" : {
> "config" : {
> "numeric" : {
> "value_red_level_out": "STATS_PERCENTILE( STATS_MERGE(
> PROFILE_GET('host-being-talked-to', ip_src_addr, 1, 'HOURS')), 95)",
> "value_red_level_in": "STATS_PERCENTILE( STATS_MERGE(
> PROFILE_GET('host-talks-to', ip_src_addr, 1, 'HOURS')), 95)"
> },
> "text" : {
> "is_alert": "true"
> }
> }
> }
> }
> } }
However when I stream data to it I receive: "value_red_level_out": null,
I have checked in profiler client and here is what I got:
> [Stellar]>>> PROFILE_GET( "host-talks-to" , "99.191.183.156",
> PROFILE_FIXED(300, "MINUTES"))
> [1, 6, 6, 6, 6, 6, 3, 4, 5, 6, 4, 6, 6, 6, 1, 1, 6, 6, 1, 4, 1, 1, 4,
> 6, 6, 1, 6, 6, 1, 2, 6, 1, 1, 1, 6, 4, 6, 6, 3, 1, 6, 2, 1, 6, 1, 6]
> [Stellar]>>> STATS_PERCENTILE(STATS_MERGE(
> PROFILE_GET('host-talks-to', '99.191.183.156', PROFILE_FIXED(10,
> 'HOURS'))), 90)
> NaN
> [Stellar]>>> STATS_MERGE( PROFILE_GET('host-talks-to',
> '99.191.183.156', PROFILE_FIXED(10, 'HOURS')))
So the STATS_MERGE produces no results. Is this something expected or I
made a mistake somewhere? Please advise.
p.s. I am following this use cases:
https://github.com/hortonworks-gallery/metron-rules/tree/master/use-cases/DegreeOfHost
There were number of errors in the configs originally, which I have
corrected, maybe I missed something else.
- Dima
