The query node doesn't have a `.where` property as the where conditions 
should be specified in the query itself. Since the where condition is just 
`lambda: TRUE` then you can remove it.

  batch
    |query('''
        SELECT *
        FROM "pramit"."autogen"."errorcount"
    ''')
        .period(5m)
        .every(5m)
        .groupBy(*)                
   @morgoth()
     .field(field)
     .scoreField(scoreField)
     .minSupport(minSupport)
     .errorTolerance(errorTolerance)
     .consensus(consensus)
     // Configure a single Sigma fingerprinter
     .sigma(sigmas)
  // Morgoth returns any anomalous windows
  |alert()
     .details('Count is anomalous')
     .crit(lambda: TRUE)
     .log('/tmp/errorcount.log')



On Thursday, November 3, 2016 at 8:36:47 AM UTC-6, [email protected] wrote:
>
> Hi All,
>
> I am trying to write a tickscript which will trigger alerts if Morgoth 
> finds any anomalous window on errorcount for different errorcodes. For 
> example my sample data has errorcodes of 503,501 and 502's and their 
> errorcounts would be some random numbers as shown below.
>
> time        app        errorcode        errorcount        type
>
> 2016-11-03T09:59:20.657490023Z        "xxx"        "503"        18        
> "iislog"
>
> 2016-11-03T09:59:20.668765229Z        "xxx"        "503"        269        
> "iislog"
> 2016-11-03T09:59:20.672165963Z        "xxx"   
> "502"        340        "iislog"
>
> 2016-11-03T09:59:20.675982711Z        "xxx"        "501"        87        
> "iislog"
>
> 2016-11-03T09:59:20.679198215Z        "xxx"        "501"        428        
> "iislog"
>
> Below is the tickscript: For some reason this is not working, where 
> condition in the script here is throwing some error. Could you please help 
> me correct this script. Also let me know if the approach is right.
>
> // The measurement to analyze
> var measurement = 'errorcount'
>
> // Optional group by dimensions
> //var groups = [*]
>
> // Optional where filter
> //var whereFilter = lambda: TRUE
>
> // The amount of data to window at once
> var window = 1m
>
> // The field to process
> var field = 'errorcount'
>
> // The name for the anomaly score field
> var scoreField = 'anomalyScore'
>
> // The minimum support
> var minSupport = 0.05
>
> // The error tolerance
> var errorTolerance = 0.01
>
> // The consensus
> var consensus = 0.5
>
> // Number of sigmas allowed for normal window deviation
> var sigmas = 3.0
>   
>   batch
>     |query('''
>         SELECT *
>         FROM "pramit"."autogen"."errorcount"
>     ''')
>         .period(5m)
>         .every(5m)
>         .groupBy(*)
>                 .where(lambda: TRUE)
>                 
>         @morgoth()
>      .field(field)
>      .scoreField(scoreField)
>      .minSupport(minSupport)
>      .errorTolerance(errorTolerance)
>      .consensus(consensus)
>      // Configure a single Sigma fingerprinter
>      .sigma(sigmas)
>   // Morgoth returns any anomalous windows
>   |alert()
>      .details('Count is anomalous')
>      .crit(lambda: TRUE)
>      .log('/tmp/errorcount.log')
>
>

-- 
Remember to include the version number!
--- 
You received this message because you are subscribed to the Google Groups 
"InfluxData" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To post to this group, send email to [email protected].
Visit this group at https://groups.google.com/group/influxdb.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/influxdb/74a5c49d-6f02-4a67-8f16-2cfcd8d5f8db%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to