Nalaka,
Currently we cannot schedule tasks for lucene queries or aggregate the
results as you've described above.
You would have to implement a task that would schedule the lucene queries,
and a triggering mechanism that would be triggered through the lucene
results.
Then you would have to aggregate those results and send it as an event to
the corresponding stream.
@Gimantha: any other ways of doing this?
Regards,
Sachith
On Tue, Apr 19, 2016 at 6:29 PM, Nalaka Perera <nal...@wso2.com> wrote:
> Hi Sachith,
>
> In Log analyzer users are able to schedule a search and if search result
> met trigger condition then it creates an alert. Search result may contains
> multiple log lines.
> Ex. Log data have persisted in a DAS table. Using lucene
> search(_level:ERROR AND _timestamp:[timefrom TO timeto]) I got 8 log lines
> which log level is WARN.
>
> User need to get data of results (fields data ex. time_stamp, level,
> log_message .ect) with the alert. Each alert has output stream which is
> connected to the publisher(Email Publisher). User required fields are
> attributes of the output stream(outputStream_1.0.0 {timestamp STRING, level
> STRING, log_message STRING}).
>
> Let's say an alert condition is met and assume alert publisher is email,
> so now publisher send multiple emails since the search result has multiple
> log lines/events.
>
> But what I need is, when search result met the trigger condition at
> scheduled time it should send one email which contains all the field data.
> Ex. Email should contains following field data
> "_timestamp": "2016-03-21 12:04:11,557", "_level": "ERROR",
> "_log_message": "The [action] cannot be processed at the receiver. "
> "_timestamp": "2016-03-21 12:04:45,597", "_level": "ERROR",
> "_log_message": "The [action] cannot be processed at the receiver. "
> "_timestamp": "2016-03-21 12:04:09,605", "_level": "ERROR",
> "_log_message": "The [action] cannot be processed at the receiver. "
> "_timestamp": "2016-03-21 12:04:44,301", "_level": "ERROR",
> "_log_message": "The [action] cannot be processed at the receiver. "
>
> Is that possible?
>
> Thank you,
> Nalaka
>
> On Tue, Apr 19, 2016 at 3:18 PM, Sachith Withana <sach...@wso2.com> wrote:
>
>> Hi Nalaka,
>>
>> Can you provide an example?
>>
>> WDYM by adding multiple events into a single event?
>>
>> Regards,
>> Sachith
>>
>> On Tue, Apr 19, 2016 at 2:52 PM, Nalaka Perera <nal...@wso2.com> wrote:
>>
>>> Hi all,
>>>
>>> How do we send multiple results (events) from a lucene search and add
>>> them as a single event to a publish stream to create one alert (ex.Email)?
>>>
>>> Thank you,
>>> Nalaka
>>> --
>>> *Nalaka Perera*
>>>
>>> *Intern - Software Engineering*
>>> *WSO2*
>>>
>>> *Mobile: * *+94 71 9165748 <%2B94%2071%209165748>*
>>>
>>> _______________________________________________
>>> Dev mailing list
>>> Dev@wso2.org
>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>
>>>
>>
>>
>> --
>> Sachith Withana
>> Software Engineer; WSO2 Inc.; http://wso2.com
>> E-mail: sachith AT wso2.com
>> M: +94715518127
>> Linked-In: <http://goog_416592669>
>> https://lk.linkedin.com/in/sachithwithana
>>
>
>
>
> --
> *Nalaka Perera*
>
> *Intern - Software Engineering*
> *WSO2*
>
> *Mobile: * *+94 71 9165748 <%2B94%2071%209165748>*
>
--
Sachith Withana
Software Engineer; WSO2 Inc.; http://wso2.com
E-mail: sachith AT wso2.com
M: +94715518127
Linked-In: <http://goog_416592669>https://lk.linkedin.com/in/sachithwithana
_______________________________________________
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev
