Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Pattern for having same/different condition across events #1425

Closed
pranjal0811 opened this issue Jul 31, 2019 · 4 comments · Fixed by #1435
Closed

Pattern for having same/different condition across events #1425

pranjal0811 opened this issue Jul 31, 2019 · 4 comments · Fixed by #1435
Labels
type/improvement
Milestone
5.1.2

Comments

@pranjal0811
Copy link

I want to have a pattern where I can filter the condition across events on same/different values for some fields.

For eg: I have the query like - "from every e1=authenticationStream[type == 'FAILURE' ]<5> -> e2=authenticationStream[type == 'SUCCESS'] within 1 min select 'rule1' as ruleId insert into outputStream"

If I want to check whether all these events have the same IP across all events. What are the possible ways to do that?

Siddhi version = 5.1.1

Thanks,
@pranjal0811 pranjal0811 changed the title Pattern on condition across events Pattern for having same/different condition across events Jul 31, 2019
@suhothayan
Copy link
Contributor

We are implementing a way to process lists, but as of now you can do the following,

from every e1=authenticationStream[type == 'FAILURE' ]<5> 
                   -> e2=authenticationStream[type == 'SUCCESS'] within 1 min 
select  e1[0].ip == e1[1].ip and e1[0].ip == e1[2].ip and 
            e1[0].ip == e1[3].ip and e1[0].ip == e1[4].ip and 
            e1[0].ip == e2.ip as allHaveSameIp
insert into outputStream;

@suhothayan
Copy link
Contributor

When we have a better approach will update that too

@pranjal0811
Copy link
Author

I have written the query like this -
from every e1=authenticationStream[type == 'FAILURE' ] -> e2=authenticationStream[type == 'FAILURE' and ip == e1.ip]<4> -> e3=authenticationStream[type == 'SUCCESS' and ip == e2.ip] within 1 min select 'myrule' as ruleId insert into outputStream;

what would be the difference between the two solutions.

@suhothayan
Copy link
Contributor

suhothayan commented Aug 6, 2019
edited
Loading

This will work.
In your query, the events will be matched if they have the same ip as of e1.ip
and in my query, it will match any event but at the end checks if all the events have the same ip.

Following is a better version for your usecase. As of now this is not working, we are fixing this.
Will be available with Siddhi Core 5.1.2.

define stream AuthenticationStream (ip string, type string);

@purge(enable='true', interval='15 sec', idle.period='2 min')
partition with (ip of AuthenticationStream)
begin
    from every (e1=AuthenticationStream[type == 'FAILURE' ]<1:> -> 
                        e2=AuthenticationStream[type == 'SUCCESS' ]) within  1 min 
    select e1[0].ip as ip, e1[3].ip as ip4
    having not(ip4 is null)
    insert into BreakIn
end;

Here the partition purge idle.period should be greater than the expected wait time you will use in the query, which is in your case 1 min.

suhothayan added a commit to suhothayan/siddhi that referenced this issue Aug 6, 2019
@suhothayan
Support every containing multiple patterns elements with within
b738a15 
Removes duplicate events and supports patterns expiry.
Fixes siddhi-io#1425
Fixes siddhi-io#1182
@suhothayan suhothayan mentioned this issue Aug 6, 2019
Merged
@suhothayan suhothayan added this to the 5.1.2 milestone Aug 6, 2019
@pranjal0811 pranjal0811 mentioned this issue Sep 24, 2019
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
type/improvement
Projects
None yet
Milestone
5.1.2
Development

Successfully merging a pull request may close this issue.

Support pattern every containing multiple state elements with within suhothayan/siddhi
2 participants
@suhothayan @pranjal0811