Hi Jim, Interesting use case! If it helps, LogZilla (I am the founder) tracks events with millisecond accuracy and has SEC built in. Using them together, you could just ask LZ for the timestamp. Might be something worth checking out.
From: Jim Van Meggelen <jim.vanmegge...@clearlycore.com> Date: Friday, September 22, 2023 at 12:50 PM To: simple-evcorr-users <simple-evcorr-users@lists.sourceforge.net> Subject: [Simple-evcorr-users] Storing a sequence counter in a context I am using SEC for an atypical use case, where rather than using log events to correlate events for things like security events, I am using it to parse through Asterisk logs in order to capture a sequence of phone call events (call comes in, auto attendant answers, user selects a digit, call is transferred, etc). I have SEC write each to a CSV file, which can then be processed downstream for reporting (for example, I produced a Sankey chart using this data). SEC has proven fantastic for this, however one minor issue has been that the timestamps in the logs are not granular to smaller than a second, so it's possible for two or more events to occur within the same second. Generally this doesn't cause a problem, but when sorting the CSV file elsewhere, this can result in out-of-sequence lines, if they both contain the exact same timestamp. So, what I've been trying to figure out is how to store a counter that is tied to the uniqueid of the call, and increment that with each event. I figured I'd be able to do this by storing an integer in the event store of a context (tied to the uniqueid for that call). I can then increment it as the various log lines of the call are processed in turn. The part I think I'm not getting is due to my lack of understanding of Perl (and specifically perl syntax). The first rule can create the context: add call_uniqueid_seq_$4 1 (where $4 is the unique ID for that call) But then in subsequent rules I want to do something like this: call_uniqueid_seq_$4 ++ However I don't expect that to be valid syntax (especially since that store is for strings), so I have to figure out something else. I was working my head around just 'pop'ing the value off the event store, and then adding 1 to it, but I realized I have no clue how to do this. So, I am hoping that I am just missing something obvious, but, failing that, I guess I need to understand how I would do something like: pop call_uniqueid_seq_$4 %sequence_num add call_uniqueid_seq_$4 %sequence_num+1 I feel like I'm on the wrong track here, but I'm not finding the answers in the man page, or tutorial, or anywhere else, and my knowledge of Perl is insufficient to help make sense of this. Any thoughts or advice or clues would be greatly appreciated. -- Jim Van Meggelen ClearlyCore Inc. [cid:e655b21c1463e37f7bba0bc97c53e4cb81753f44@zimbra] +1-416-639-6001 (DID) +1-877-253-2716 (Canada) +1-866-644-7729 (USA) +1-416-425-6111 x6001 jim.vanmegge...@clearlycore.com http://www.clearlycore.com Asterisk: The Definitive Guide FIFTH EDITION NOW AVAILABLE TO DOWNLOAD: https://cdn.oreillystatic.com/pdf/Asterisk_The_Definitive_Guide.pdf
_______________________________________________ Simple-evcorr-users mailing list Simple-evcorr-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
