Hi, I was trying out counting patterns and the result was not what I expected. Let me explain through the example I was trying.
The incoming stream is a stream of credit card transactions. I want to get an alert on a pattern of every 3 or more transactions done using the same card at different locations within 10 mins. So I used the following siddhi query... from every e1 = Transaction -> e2 = Transaction[(e2.cardnum == e1.cardnum) and (e2.location != e1.location)]*<3:>* within 10000 select e1.cardnum as cardnum, e1.location as loc1, e2[0].location as loc2, e2[1].location as loc3 insert into FraudAlert So if there are only 3 transactions that have the same card number but different locations (say.. Dehiwela, Nairobi and Kiev), then I expect there to be 1 alert giving me the card number and the 3 different locations. eg:- [3714496353984310, Dehiwela, Nairobi, Kiev] However, when I run this, I get 3 alerts as follows [3714496353984310, Dehiwela, Nairobi, null] [3714496353984310, Dehiwela, Nairobi, Kiev] [3714496353984310, Nairobi, Kiev, null] Is this expected behaviour? If yes, then (its not very useful IMHO) and how do we write a query to capture the scenario I've given? Thanks, seshi
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
