[influxdb] Kapacitor - Batch script not working

[amith . hegde]

Hi All,

I am trying to write a tickscript which will trigger alerts if Morgoth finds 
any anomalous window on errorcount for different errorcodes. For example my 
sample data has errorcodes of 503,501 and 502's and their errorcounts would be 
some random numbers as shown below.

time    app     errorcode       errorcount      type
2016-11-03T09:59:20.657490023Z  "xxx"   "503"   18      "iislog"
2016-11-03T09:59:20.668765229Z  "xxx"   "503"   269     "iislog"
2016-11-03T09:59:20.672165963Z  "xxx"   "502"   340     "iislog"
2016-11-03T09:59:20.675982711Z  "xxx"   "501"   87      "iislog"
2016-11-03T09:59:20.679198215Z  "xxx"   "501"   428     "iislog"

Below is the tickscript: For some reason this is not working, where condition 
in the script here is throwing some error. Could you please help me correct 
this script. Also let me know if the approach is right.

// The measurement to analyze
var measurement = 'errorcount'

// Optional group by dimensions
//var groups = [*]

// Optional where filter
//var whereFilter = lambda: TRUE

// The amount of data to window at once
var window = 1m

// The field to process
var field = 'errorcount'

// The name for the anomaly score field
var scoreField = 'anomalyScore'

// The minimum support
var minSupport = 0.05

// The error tolerance
var errorTolerance = 0.01

// The consensus
var consensus = 0.5

// Number of sigmas allowed for normal window deviation
var sigmas = 3.0
  
  batch
    |query('''
        SELECT *
        FROM "pramit"."autogen"."errorcount"
    ''')
        .period(5m)
        .every(5m)
        .groupBy(*)
                .where(lambda: TRUE)
                
        @morgoth()
     .field(field)
     .scoreField(scoreField)
     .minSupport(minSupport)
     .errorTolerance(errorTolerance)
     .consensus(consensus)
     // Configure a single Sigma fingerprinter
     .sigma(sigmas)
  // Morgoth returns any anomalous windows
  |alert()
     .details('Count is anomalous')
     .crit(lambda: TRUE)
     .log('/tmp/errorcount.log')

-- 
Remember to include the version number!
--- 
You received this message because you are subscribed to the Google Groups 
"InfluxData" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to influxdb+unsubscr...@googlegroups.com.
To post to this group, send email to influxdb@googlegroups.com.
Visit this group at https://groups.google.com/group/influxdb.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/influxdb/82abcb1a-ad47-4f14-b646-f98c437551d6%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.