hi Jim, let me provide some suggestions how to accomplish this task. First, you could utilize the context based approach that you have described in your post. In that case, the numeral that has been retrieved from the context with the 'pop' action needs to be incremented, and you can do it with the 'lcall' action that invokes the relevant Perl code. Here is one example (I have added several of extra actions into the rule for initializing the context):
type=single ptype=regexp pattern=call_id (\S+) desc=call id $1 action=exists %e call_uniqueid_seq_$1; \ if %e ( none ) else ( add call_uniqueid_seq_$1 0); \ pop call_uniqueid_seq_$1 %sequence_num; \ lcall %sequence_num %sequence_num -> ( sub { $_[0] + 1 } ); \ add call_uniqueid_seq_$1 %sequence_num The first two actions check if the context call_uniqueid_seq_* for the given call exists, and if not, 0 is written into that context to initialize it: exists %e call_uniqueid_seq_$1; \ if %e ( none ) else ( add call_uniqueid_seq_$1 0); The 'pop' and 'add' actions (the 3rd and 5th action in the above rule) are identical to the actions from your email. The 'lcall' action (4th action in the above rule) increments the counter value retrieved from the context by executing the following Perl one-line function: sub { $_[0] + 1 } That function takes the value of its parameter (that is, %sequence_num) and returns an incremented value which is stored back into %sequence_num. Note that %sequence_num appears twice in the 'lcall' action, since it acts both as an input parameter for the Perl function and as the variable where the return value from the function is stored. There is also an alternative way for addressing the same assignment. This approach involves keeping the counter for each call ID not in a SEC context, but rather in a Perl hash table. That approach is more efficient, since the counter value is not copied back and forth between the Perl function and the SEC context each time it needs to be incremented. Instead, the counter value stays in a Perl data structure during these increments. Here is a relevant rule example: type=single ptype=regexp pattern=call_id (\S+) desc=call id $1 action=lcall %sequence_num $1 -> ( sub { ++$calls{$_[0]} } ); \ write - the new value for counter for call $1 is %sequence_num The above example involves the use of a Perl hash (associative array) 'calls', where the call ID serves as a key into the hash. For each key (call ID), the hash stores the counter for that call ID. Each time the function sub { ++$calls{$_[0]} } gets called, the counter for the relevant call ID (the value of $1) is incremented in the hash 'calls', and the result is stored to %sequence_num. If you just want to retrieve the current value of the counter for some call ID (the value of $1) without incrementing it, you can simply invoke the following action: lcall %sequence_num $1 -> ( sub { $calls{$_[0]} } ) With both the context-based and Perl-hash-based approach, one needs to think about dropping stale contexts (or stale hash keys) for calls that are no longer relevant. With contexts, you can remove them with the 'delete' action. In the case you use the Perl hash for storing the counters, you can use the following 'lcall' action for deleting a key from the hash 'calls': lcall %sequence_num $1 -> ( sub { delete $calls{$_[0]} } ) I hope the above examples are useful. kind regards, risto Kontakt Jim Van Meggelen (<jim.vanmegge...@clearlycore.com>) kirjutas kuupƤeval R, 22. september 2023 kell 19:50: > I am using SEC for an atypical use case, where rather than using log > events to correlate events for things like security events, I am using it > to parse through Asterisk logs in order to capture a sequence of phone call > events (call comes in, auto attendant answers, user selects a digit, call > is transferred, etc). I have SEC write each to a CSV file, which can then > be processed downstream for reporting (for example, I produced a Sankey > chart using this data). > > SEC has proven fantastic for this, however one minor issue has been that > the timestamps in the logs are not granular to smaller than a second, so > it's possible for two or more events to occur within the same second. > Generally this doesn't cause a problem, but when sorting the CSV file > elsewhere, this can result in out-of-sequence lines, if they both contain > the exact same timestamp. > > So, what I've been trying to figure out is how to store a counter that is > tied to the uniqueid of the call, and increment that with each event. I > figured I'd be able to do this by storing an integer in the event store of > a context (tied to the uniqueid for that call). I can then increment it as > the various log lines of the call are processed in turn. > > The part I think I'm not getting is due to my lack of understanding of > Perl (and specifically perl syntax). > > The first rule can create the context: > > add call_uniqueid_seq_$4 1 (where $4 is the unique ID for that call) > > But then in subsequent rules I want to do something like this: > > call_uniqueid_seq_$4 ++ > > However I don't expect that to be valid syntax (especially since that > store is for strings), so I have to figure out something else. > > I was working my head around just 'pop'ing the value off the event store, > and then adding 1 to it, but I realized I have no clue how to do this. > > So, I am hoping that I am just missing something obvious, but, failing > that, I guess I need to understand how I would do something like: > > pop call_uniqueid_seq_$4 %sequence_num > add call_uniqueid_seq_$4 %sequence_num+1 > > I feel like I'm on the wrong track here, but I'm not finding the answers > in the man page, or tutorial, or anywhere else, and my knowledge of Perl is > insufficient to help make sense of this. > > Any thoughts or advice or clues would be greatly appreciated. > > > -- > Jim Van Meggelen > ClearlyCore Inc. > > > > +1-416-639-6001 (DID) > +1-877-253-2716 (Canada) > +1-866-644-7729 (USA) > +1-416-425-6111 x6001 > jim.vanmegge...@clearlycore.com > http://www.clearlycore.com > > > *Asterisk: The Definitive GuideFIFTH EDITION NOW AVAILABLE TO DOWNLOAD:* > https://cdn.oreillystatic.com/pdf/Asterisk_The_Definitive_Guide.pdf > _______________________________________________ > Simple-evcorr-users mailing list > Simple-evcorr-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users >
_______________________________________________ Simple-evcorr-users mailing list Simple-evcorr-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users