Risto, Thank you for this. It makes sense, and you've taken the trouble to explain all the nuances that I would have otherwise missed. Wow.
I'm going to work through this on Monday. Jim -- Jim Van Meggelen ClearlyCore Inc. +1-416-639-6001 (DID) +1-877-253-2716 (Canada) +1-866-644-7729 (USA) +1-416-425-6111 x6001 jim.vanmegge...@clearlycore.com [ http://www.clearlycore.com/ | http://www.clearlycore.com ] Asterisk: The Definitive Guide FIFTH EDITION NOW AVAILABLE TO DOWNLOAD: [ https://cdn.oreillystatic.com/pdf/Asterisk_The_Definitive_Guide.pdf | https://cdn.oreillystatic.com/pdf/Asterisk_The_Definitive_Guide.pdf ] > From: "Risto Vaarandi" <risto.vaara...@gmail.com> > To: "Jim Van Meggelen" <jim.vanmegge...@clearlycore.com> > Cc: "simple-evcorr-users" <simple-evcorr-users@lists.sourceforge.net> > Sent: Friday, 22 September, 2023 15:42:28 > Subject: Re: [Simple-evcorr-users] Storing a sequence counter in a context > hi Jim, > let me provide some suggestions how to accomplish this task. First, you could > utilize the context based approach that you have described in your post. In > that case, the numeral that has been retrieved from the context with the 'pop' > action needs to be incremented, and you can do it with the 'lcall' action that > invokes the relevant Perl code. Here is one example (I have added several of > extra actions into the rule for initializing the context): > type=single > ptype=regexp > pattern=call_id (\S+) > desc=call id $1 > action=exists %e call_uniqueid_seq_$1; \ > if %e ( none ) else ( add call_uniqueid_seq_$1 0); \ > pop call_uniqueid_seq_$1 %sequence_num; \ > lcall %sequence_num %sequence_num -> ( sub { $_[0] + 1 } ); \ > add call_uniqueid_seq_$1 %sequence_num > The first two actions check if the context call_uniqueid_seq_* for the given > call exists, and if not, 0 is written into that context to initialize it: > exists %e call_uniqueid_seq_$1; \ > if %e ( none ) else ( add call_uniqueid_seq_$1 0); > The 'pop' and 'add' actions (the 3rd and 5th action in the above rule) are > identical to the actions from your email. > The 'lcall' action (4th action in the above rule) increments the counter value > retrieved from the context by executing the following Perl one-line function: > sub { $_[0] + 1 } > That function takes the value of its parameter (that is, %sequence_num) and > returns an incremented value which is stored back into %sequence_num. Note > that > %sequence_num appears twice in the 'lcall' action, since it acts both as an > input parameter for the Perl function and as the variable where the return > value from the function is stored. > There is also an alternative way for addressing the same assignment. This > approach involves keeping the counter for each call ID not in a SEC context, > but rather in a Perl hash table. That approach is more efficient, since the > counter value is not copied back and forth between the Perl function and the > SEC context each time it needs to be incremented. Instead, the counter value > stays in a Perl data structure during these increments. Here is a relevant > rule > example: > type=single > ptype=regexp > pattern=call_id (\S+) > desc=call id $1 > action=lcall %sequence_num $1 -> ( sub { ++$calls{$_[0]} } ); \ > write - the new value for counter for call $1 is %sequence_num > The above example involves the use of a Perl hash (associative array) 'calls', > where the call ID serves as a key into the hash. For each key (call ID), the > hash stores the counter for that call ID. Each time the function > sub { ++$calls{$_[0]} } > gets called, the counter for the relevant call ID (the value of $1) is > incremented in the hash 'calls', and the result is stored to %sequence_num. > If you just want to retrieve the current value of the counter for some call ID > (the value of $1) without incrementing it, you can simply invoke the following > action: > lcall %sequence_num $1 -> ( sub { $calls{$_[0]} } ) > With both the context-based and Perl-hash-based approach, one needs to think > about dropping stale contexts (or stale hash keys) for calls that are no > longer > relevant. With contexts, you can remove them with the 'delete' action. In the > case you use the Perl hash for storing the counters, you can use the following > 'lcall' action for deleting a key from the hash 'calls': > lcall %sequence_num $1 -> ( sub { delete $calls{$_[0]} } ) > I hope the above examples are useful. > kind regards, > risto > Kontakt Jim Van Meggelen (< [ mailto:jim.vanmegge...@clearlycore.com | > jim.vanmegge...@clearlycore.com ] >) kirjutas kuupƤeval R, 22. september 2023 > kell 19:50: >> I am using SEC for an atypical use case, where rather than using log events >> to >> correlate events for things like security events, I am using it to parse >> through Asterisk logs in order to capture a sequence of phone call events >> (call >> comes in, auto attendant answers, user selects a digit, call is transferred, >> etc). I have SEC write each to a CSV file, which can then be processed >> downstream for reporting (for example, I produced a Sankey chart using this >> data). >> SEC has proven fantastic for this, however one minor issue has been that the >> timestamps in the logs are not granular to smaller than a second, so it's >> possible for two or more events to occur within the same second. Generally >> this >> doesn't cause a problem, but when sorting the CSV file elsewhere, this can >> result in out-of-sequence lines, if they both contain the exact same >> timestamp. >> So, what I've been trying to figure out is how to store a counter that is >> tied >> to the uniqueid of the call, and increment that with each event. I figured >> I'd >> be able to do this by storing an integer in the event store of a context >> (tied >> to the uniqueid for that call). I can then increment it as the various log >> lines of the call are processed in turn. >> The part I think I'm not getting is due to my lack of understanding of Perl >> (and >> specifically perl syntax). >> The first rule can create the context: >> add call_uniqueid_seq_$4 1 (where $4 is the unique ID for that call) >> But then in subsequent rules I want to do something like this: >> call_uniqueid_seq_$4 ++ >> However I don't expect that to be valid syntax (especially since that store >> is >> for strings), so I have to figure out something else. >> I was working my head around just 'pop'ing the value off the event store, and >> then adding 1 to it, but I realized I have no clue how to do this. >> So, I am hoping that I am just missing something obvious, but, failing that, >> I >> guess I need to understand how I would do something like: >> pop call_uniqueid_seq_$4 %sequence_num >> add call_uniqueid_seq_$4 %sequence_num+1 >> I feel like I'm on the wrong track here, but I'm not finding the answers in >> the >> man page, or tutorial, or anywhere else, and my knowledge of Perl is >> insufficient to help make sense of this. >> Any thoughts or advice or clues would be greatly appreciated. >> -- >> Jim Van Meggelen >> ClearlyCore Inc. >> +1-416-639-6001 (DID) >> +1-877-253-2716 (Canada) >> +1-866-644-7729 (USA) >> +1-416-425-6111 x6001 >> [ mailto:jim.vanmegge...@clearlycore.com | jim.vanmegge...@clearlycore.com ] >> [ http://www.clearlycore.com/ | http://www.clearlycore.com ] >> Asterisk: The Definitive Guide >> FIFTH EDITION NOW AVAILABLE TO DOWNLOAD: >> [ https://cdn.oreillystatic.com/pdf/Asterisk_The_Definitive_Guide.pdf | >> https://cdn.oreillystatic.com/pdf/Asterisk_The_Definitive_Guide.pdf ] >> _______________________________________________ >> Simple-evcorr-users mailing list >> [ mailto:Simple-evcorr-users@lists.sourceforge.net | >> Simple-evcorr-users@lists.sourceforge.net ] >> [ https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users | >> https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users ]
_______________________________________________ Simple-evcorr-users mailing list Simple-evcorr-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
