[
https://issues.apache.org/jira/browse/SOLR-15132?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Joel Bernstein updated SOLR-15132:
----------------------------------
Description:
The *nodes* Streaming Expression performs a breadth first graph traversal. This
ticket will add a *window* parameter to allow the nodes expression to traverse
the graph within a window of time.
To take advantage of this feature you must index the content with a String
field which is an ISO timestamp truncated at ten seconds. Then the *window*
parameter can be applied to walk the graph within a *window prior* to a
specific ten second window and perform aggregations.
The main use cases for this feature are *event correlation* and *root cause
analysis.* This is useful in many different fields.
Here is an example using Solr logs to answer the following question:
What types of log events occur most frequently in the 30 second window prior to
10 second windows with the most slow queries:
{code}
nodes(logs,
facet(logs, q="qtime_s:[5000 TO *]", buckets="time_ten_seconds",
rows="25"),
walk="time_ten_seconds->time_ten_seconds",
window="3",
gather="type_s",
count(*))
{code}
This ticket is phase 1. Phase 2 will auto-detect different ISO Timestamp
truncations so that increments of one second, one minute, one day etc... can
also be traversed using the same query syntax. There will be a follow-on ticket
for that after this ticket is completed. This will create a more general
purpose time graph.
was:
The *nodes* Streaming Expression performs a breadth first graph traversal. This
ticket will add a *window* parameter to allow the nodes expression to traverse
the graph within a window of time.
To take advantage of this feature you must index the content with a String
field which is an ISO timestamp truncated at ten seconds. Then the *window*
parameter can be applied to walk the graph within a *window prior* to a
specific ten second window and perform aggregations.
*The main use cases for this feature are event correlation and root cause
analysis.* This is useful in many different fields.
Here is an example using Solr logs to answer the following question:
What types of log events occur most frequently in the 30 second window prior to
10 second windows with the most slow queries:
{code}
nodes(logs,
facet(logs, q="qtime_s:[5000 TO *]", buckets="time_ten_seconds",
rows="25"),
walk="time_ten_seconds->time_ten_seconds",
window="3",
gather="type_s",
count(*))
{code}
This ticket is phase 1. Phase 2 will auto-detect different ISO Timestamp
truncations so that increments of one second, one minute, one day etc... can
also be traversed using the same query syntax. There will be a follow-on ticket
for that after this ticket is completed. This will create a more general
purpose time graph.
> Add temporal graph query to the nodes Streaming Expression
> ----------------------------------------------------------
>
> Key: SOLR-15132
> URL: https://issues.apache.org/jira/browse/SOLR-15132
> Project: Solr
> Issue Type: Improvement
> Components: streaming expressions
> Reporter: Joel Bernstein
> Priority: Major
> Attachments: SOLR-15132.patch, SOLR-15132.patch, SOLR-15132.patch,
> SOLR-15132.patch
>
>
> The *nodes* Streaming Expression performs a breadth first graph traversal.
> This ticket will add a *window* parameter to allow the nodes expression to
> traverse the graph within a window of time.
> To take advantage of this feature you must index the content with a String
> field which is an ISO timestamp truncated at ten seconds. Then the *window*
> parameter can be applied to walk the graph within a *window prior* to a
> specific ten second window and perform aggregations.
> The main use cases for this feature are *event correlation* and *root cause
> analysis.* This is useful in many different fields.
> Here is an example using Solr logs to answer the following question:
> What types of log events occur most frequently in the 30 second window prior
> to 10 second windows with the most slow queries:
> {code}
> nodes(logs,
> facet(logs, q="qtime_s:[5000 TO *]", buckets="time_ten_seconds",
> rows="25"),
> walk="time_ten_seconds->time_ten_seconds",
> window="3",
> gather="type_s",
> count(*))
> {code}
> This ticket is phase 1. Phase 2 will auto-detect different ISO Timestamp
> truncations so that increments of one second, one minute, one day etc... can
> also be traversed using the same query syntax. There will be a follow-on
> ticket for that after this ticket is completed. This will create a more
> general purpose time graph.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org
For additional commands, e-mail: issues-h...@lucene.apache.org
