The query node doesn't have a `.where` property as the where conditions
should be specified in the query itself. Since the where condition is just
`lambda: TRUE` then you can remove it.
batch
|query('''
SELECT *
FROM "pramit"."autogen"."errorcount"
''')
.period(5m)
.every(5m)
.groupBy(*)
@morgoth()
.field(field)
.scoreField(scoreField)
.minSupport(minSupport)
.errorTolerance(errorTolerance)
.consensus(consensus)
// Configure a single Sigma fingerprinter
.sigma(sigmas)
// Morgoth returns any anomalous windows
|alert()
.details('Count is anomalous')
.crit(lambda: TRUE)
.log('/tmp/errorcount.log')
On Thursday, November 3, 2016 at 8:36:47 AM UTC-6, [email protected] wrote:
>
> Hi All,
>
> I am trying to write a tickscript which will trigger alerts if Morgoth
> finds any anomalous window on errorcount for different errorcodes. For
> example my sample data has errorcodes of 503,501 and 502's and their
> errorcounts would be some random numbers as shown below.
>
> time app errorcode errorcount type
>
> 2016-11-03T09:59:20.657490023Z "xxx" "503" 18
> "iislog"
>
> 2016-11-03T09:59:20.668765229Z "xxx" "503" 269
> "iislog"
> 2016-11-03T09:59:20.672165963Z "xxx"
> "502" 340 "iislog"
>
> 2016-11-03T09:59:20.675982711Z "xxx" "501" 87
> "iislog"
>
> 2016-11-03T09:59:20.679198215Z "xxx" "501" 428
> "iislog"
>
> Below is the tickscript: For some reason this is not working, where
> condition in the script here is throwing some error. Could you please help
> me correct this script. Also let me know if the approach is right.
>
> // The measurement to analyze
> var measurement = 'errorcount'
>
> // Optional group by dimensions
> //var groups = [*]
>
> // Optional where filter
> //var whereFilter = lambda: TRUE
>
> // The amount of data to window at once
> var window = 1m
>
> // The field to process
> var field = 'errorcount'
>
> // The name for the anomaly score field
> var scoreField = 'anomalyScore'
>
> // The minimum support
> var minSupport = 0.05
>
> // The error tolerance
> var errorTolerance = 0.01
>
> // The consensus
> var consensus = 0.5
>
> // Number of sigmas allowed for normal window deviation
> var sigmas = 3.0
>
> batch
> |query('''
> SELECT *
> FROM "pramit"."autogen"."errorcount"
> ''')
> .period(5m)
> .every(5m)
> .groupBy(*)
> .where(lambda: TRUE)
>
> @morgoth()
> .field(field)
> .scoreField(scoreField)
> .minSupport(minSupport)
> .errorTolerance(errorTolerance)
> .consensus(consensus)
> // Configure a single Sigma fingerprinter
> .sigma(sigmas)
> // Morgoth returns any anomalous windows
> |alert()
> .details('Count is anomalous')
> .crit(lambda: TRUE)
> .log('/tmp/errorcount.log')
>
>
--
Remember to include the version number!
---
You received this message because you are subscribed to the Google Groups
"InfluxData" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at https://groups.google.com/group/influxdb.
To view this discussion on the web visit
https://groups.google.com/d/msgid/influxdb/74a5c49d-6f02-4a67-8f16-2cfcd8d5f8db%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
