Hi Isham, I know We discussed this earlier. But I don't remember why we have filter [e1.maxCount==2] in scenario (1) second query. I understand that We have to have that single pattern to capture very first event. But what is the need for the filter.
Also I suppose we are running these queries per project (partitions). /Tishan On Fri, Nov 17, 2017 at 2:59 PM, Isham Mohamed <[email protected]> wrote: > > ---------- Forwarded message ---------- > From: Isham Mohamed <[email protected]> > Date: Fri, Nov 17, 2017 at 2:34 PM > Subject: Anomaly Detection in JIra Using CEP > To: [email protected] > Cc: Sriskandarajah Suhothayan <[email protected]>, Tishan Dahanayakage < > [email protected]>, Srinath Perera <[email protected]> > > > Hi All, > This is regarding monitoring jira and alert support people once there is > an anomaly situation occur. > There are some complicated scenarios to be implemented and we have come up > with some siddhi queries. > Just want to know if there is any better way to do it. > Product: wso2das-3.1.0 > siddhi version: 3.1.2 > > * Scenario 1* > *Stream* *Definition*: *Alert1(minTime string, maxTime string, issueCount > long, latestIssue string, tableBody string)* > > *Scenario*: When there is a new alert with a higher issueCount than the > alerts came within 10 mins ago, send the current alert. if the issueCount > is not higher than the latest alert, then send no alert. > > *Solution*: > *from Alert1#window.time(10 min)* > *select minTime, maxTime, issueCount , max(issueCount) as maxCount, > latestIssue, tableBody* > *insert all events into Alert_seq;* > > *from e1=Alert_seq[e1.maxCount==2]* > *select minTime,maxTime,issueCount,latestIssue,tableBody* > *insert into Alert;* > > *from every e1=Alert_seq, e2=Alert_seq[e1.maxCount < e2.maxCount ]* > *select minTime,maxTime,e2.issueCount,e2.latestIssue, e2.tableBody* > *insert into Alert;* > > *Scenario 2* > *Stream Definition:* *stream1(uniqueID string, other string )* > > *Scenario:* Unique First Time Window (send only the first event came with > a uniqueID within a time Period) > > *Solution:* > *from Alert1#window.time(10 min)* > *select uniqueID,other, count() as alertCount* > *group by uniqueID* > *having [alrtCount == 1]* > *insert insert into stream2;* > > Thanks. > > > > > > > > > > -- > > Isham Mohamed > *Trainee Software Engineer* > WSO2 > > p: +94778696585 <+94%2077%20869%206585> > > <https://lk.linkedin.com/in/isham-mohamed-890792109>. > > > > -- > > Isham Mohamed > *Trainee Software Engineer* > WSO2 > > p: +94778696585 <+94%2077%20869%206585> > > <https://lk.linkedin.com/in/isham-mohamed-890792109>. > > _______________________________________________ > Dev mailing list > [email protected] > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- Tishan Dahanayakage Senior Software Engineer WSO2, Inc. Mobile:+94 716481328 Disclaimer: This communication may contain privileged or other confidential information and is intended exclusively for the addressee/s. If you are not the intended recipient/s, or believe that you may have received this communication in error, please reply to the sender indicating that fact and delete the copy you received and in addition, you should not print, copy, re-transmit, disseminate, or otherwise use the information contained in this communication. Internet communications cannot be guaranteed to be timely, secure, error or virus-free. The sender does not accept liability for any errors or omissions.
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
