[jira] [Commented] (METRON-627) Add HyperLogLogPlus implementation to Stellar

Tue, 17 Jan 2017 10:22:54 -0800 

    [ 
https://issues.apache.org/jira/browse/METRON-627?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15826541#comment-15826541
 ] 

ASF GitHub Bot commented on METRON-627:
---------------------------------------

Github user cestella commented on the issue:

    https://github.com/apache/incubator-metron/pull/397
  
    @jjmeyer0 @mmiklavc It appears that a regression was added relatively 
recently that affects whitespace at the end of stellar rules (the whitespace 
isn't sent to the skip channel in the lexer in that situation, for some 
reason..not sure why).  A stopgap is what JJ said, a slightly more permanant 
fix considering whitespace has no meaning in Stellar is to trim the rule in 
BaseStellarProcessor (line 111).  I'd still consider it important to 
investigate what is confusing the grammar suddenly, mind you.


> Add HyperLogLogPlus implementation to Stellar
> ---------------------------------------------
>
>                 Key: METRON-627
>                 URL: https://issues.apache.org/jira/browse/METRON-627
>             Project: Metron
>          Issue Type: Improvement
>            Reporter: Michael Miklavcic
>            Assignee: Michael Miklavcic
>
> Calculating set cardinality can be a useful tool for a security analyst. For 
> instance, a large volume of non-unique src ip addresses hitting your network 
> may be an indication that you are currently under attack. There have been 
> many advancements in distinct value (DV) estimation over the years. We have 
> seen implementations evolve from K-Minimum-Values (KMV), to LogLog, to 
> HyperLogLog, and now to Google's much-improved HyperLogLogPlu algorithm. The 
> key improvements in this latest manifestation of the algorithm are:
> moves to a 64-bit hash
> handles sparse sets
> is more accurate with small cardinality
> This Jira tracks the effort to add a HyperLogLogPlus implementation to Metron.
> References:
> https://research.neustar.biz/2013/01/24/hyperloglog-googles-take-on-engineering-hll/
> http://static.googleusercontent.com/media/research.google.com/en//pubs/archive/40671.pdf



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to