clojure - Event count at certain time interval in riemann -


i have check number of count appearing in event @ each interval of every 30 seconds. if count greater 5 means, need trigger email.

i using below code, email didn't triggered.

(let [userindex1 (default :ttl 300 (update-index (index)))]   (streams     prn     userindex1))  (streams   (where (and (service "system_log")               (not (expired? event)))      ; fixed-time-window sends vector of events out every 30 seconds     (fixed-time-window       30       ; smap passes events function       (smap         (fn [events]           ;calculate no of count of events failure           (let [numberoffailure (count (filter #(="ie" (:description %)) events))]              {:status "login failures"              :metric  numberoffailure               :totalfail (boolean(numberoffailure > 5))}              (streams               prn               numberoffailure))))         ;check if variable status true if condition satisfied trigger email       (let [email (mailer {:host "smtp.gmail.com"                            :port 25                            :user "aaaaa"                            :pass "bbbbb"                            :auth "true"                            :subject (fn [events]                                       (clojure.string/join ", "                                                            (map :service events)))                            :from "abc@gmail.com"})]         (streams           (where (and (:status "login failures")                       (:totalfail true))             (email "123@gmail.com")))))))

where going wrong?

there couple of issues here. i'll try address of them, post minimal working example:

  1. the first fn passed smap should return event. event can created event or assoc'ing 1 of received events. in sample plain map created (which not work, it's not proper event), that's lost because streams called (which afaik should called @ top level). instead of:

    (smap   (fn [events]     (let [numberoffailure ...]       {:status "login failures"        :metric  numberoffailure         :totalfail (boolean ...)}       (streams         prn         numberoffailure)))   ...)

    you should like:

    (smap   (fn [events]     (let [numberoffailure ...]       (event {:status "login failures"               :metric  numberoffailure                :totalfail (boolean ...)}))   ...)

  2. to calculate totalfail remember need use prefix notation call >, must (> totalfail 5). , boolean not needed, > return boolean.

  3. i initialize mailer out of top-level streams call, enclosing scope using let or def. should work is.

  4. you should pass last where children stream smap, must second argument smap. let's recall smap docs:

    (smap f & children) streaming map. calls children (f event), whenever (f event) non-nil. prefer (adjust f) , (combine f). example:  (smap :metric prn) ; prints metric of each event. (smap #(assoc % :state "ok") index) ; indexes each event state "ok"

  5. the last where should not enclosed streams, , and sentence must work on event, must be:

    (where (and (= (:status event) "login failures")             (:total-fail event))   (email "123@gmail.com"))

  6. the :subject fn mailer should passed part of second map, explained in mailer documentation

  7. there's open issue on fixed-time-window makes bit unreliable: doesn't fire time window due waits until new event fired, might want use different windowing strategy until get's fixed.

here goes full minimal working example based on yours:

(let [email (mailer {:host "localhost"                      :port 1025                      :from "abc@gmail.com"})]   (streams     (where (and (service "system_log")                 (not (expired? event)))       (fixed-time-window         5         (smap           (fn [events]             (let [count-of-failures (count (filter #(= "ie" (:description %)) events))]               (event                 {:status "login failures"                  :metric  count-of-failures                   :total-fail (>= count-of-failures 2)})))           (where (and (= (:status event) "login failures")                       (:total-fail event))             (email "hello123@gmail.com")))))))

Comments

Post a Comment

Popular posts from this blog

How to provide Authorization & Authentication using Asp.net, C#? -

Image
i have asp.net application in c#. i have provide page authorization specific user/usergroup. i have created 2 tables in database: 1) pagename 2)permissions[insert, update, view, delete] but i'm unable match tables , permissions assigning... can 1 please me, how created tables in database , how coding. please me. you can below explanation. configure access specific file , folder, set forms-based authentication. request page in application redirected logon.aspx automatically. in web.config file, type or paste following code. this code grants users access default1.aspx page , subdir1 folder . <configuration> <system.web> <authentication mode="forms" > <forms loginurl="login.aspx" name=".aspnetauth" protection="none" path="/" timeout="20" > </forms> </authentication> <!-- section denies access files in...
Read more

toolbar - How to add link to user registration inside toobar in admin joomla 3 custom component -

im trying write component admin side , need add user creation. dont want duplicate existing codes add link. know how add task not simple link toolbar. thx help. if wanting button opens new user screen can try in component: $bar = jtoolbar::getinstance('toolbar'); $bar->appendbutton('link', 'users', 'new user','index.php?option=com_users&task=user.add'); you need add view.html.php file wherever you're creating toolbar. is need?
Read more

How to use Authorization & Authentication in Asp.net, C#? -

i using roll management , trying give page , folder access according user or user group, using server created ad group user authentication. i have default1.aspx page default , subdir1 folder give different access separate user group i using below logic in web.config. <location path="subdir1"> <system.web> <authorization> <allow users ="?" /> </authorization> </system.web> </location> i facing problem provide same access 2 or more directory same user should have provide allow user code twice both folder? i can use logic repeating value folder want access providing in 1 logic. i have got answer configure folder/page access, have make different access shown below.. configure access specific file , folder, set forms-based authentication. request page in application redirected logon.aspx automatically. in web.config file, done following code. this code grants user...
Read more