In general I am writing rules for events which equal (by attributes values) events can occur any time in consecutive manner (every second). I want to fire rules for matched events only on an hourly bases.
In more details:
I want to fire a rule when an event is inserted for the first time (not exist yet) OR when an event is inserted and if and only if equal events are already inserted to the working memory BUT the newest of them is at least one hour ago old.
What is a reasonable way of writing a rule of that kind, taking events duration will be 24H?
rule X
when
$e : MyEvent() from entry-point "s"
not( MyEvent( this != $e, id == $e.id, this before[0s,1h] $e ) from entry-point "s" )
then
// $e arrived and there is no other event with the same
// id that happened during the last hour
end
Replace "id == $e.id" by whatever constraints you use to decide two events are related to each other.
You could create a global queue like this:
global java.util.List eventQueue;
Your also need to access your global queue from java, so just use:
session.getGlobals();
session.setGlobal(name, value);
In this queue save an event and related time. Then check hourly form java code this queue, and execute rules based on timestamp. This is not poor drools approach, but is straightforward.
Related
I would like to create a cyclic event that every 24 hours at a certain hour removes all the agents (in my case Person which are part of the population called Customers) from the flowchart in order to start the next morning whit noone in the loop.
Thanks in advance
I tried to put in the Action of the event : Object Customer=null;
This should do the trick, be sure to name your customers population with a lowercase initial c:
List <Customer> tempCustomers=findAll(customers,t->true);
for(Customer c : tempCustomers){
remove_customers(c);
}
But if your agents are in a process modeling block or other library, i'm not sure if it will work in 100% of the cases and won't cause erratic behaviors... i would try instead to be sure that your model is robust, to remove them through the sink block
I am fairly new to Prometheus alertmanager and had a doubt regarding firing alerts only during a particular period
I have a microservice which receives a file and does some processing on it, which is only invoked when it gets a message through a Kafka queue. The aforementioned is supposed to come every day between 5 am and 6 am(UTC time). The microservice has a metric which is incremented by 1 every time it receives a file. I want to raise an alert if it does not receive a file in the interval. I have created a query like this :
expr : sum(increase(metric_name[1m]) and on() hour(vector(time()))==5) < 1
for: 1h
My questions:-
1) Is it correct or is there a better way to do it
2) In case of no update, will it return 0 or "datapoints not found"
3) Is increase the correct function as it tends to give results in decimals due to extrapolation, but I understand if increase is 0, it will show 0
I can't really play around with scrape_intervals, which is set at 30s.
I have not run this expression but I expect it will cause an alert to fire at 06:00 only and then go off at 06:01. It is the only time the expression would hold true for one hour.
Answering your questions
It is correct if what you want is a single fire of alert (sending a mail by example) but then no longer firing. Even with that, the schedule is a bit tight and may get hurt by alertmanager delay causing the alert to be lost.
In case of no increase, you will get the expression will evaluate to 0. It will be empty when there is an update
Increase is the right function. It even takes into account reset of the counter.
Answering if there is a better way to do it.
Regarding your expression, you can have the same result, without for clause, with:
expr: increase(metric_name[1h])==0 and on() hour()==6 and on() minute()<1
It reads a : starting at 6am and for 1 minutes, if there was no increase of metric over the lasthour.
Alerting longer
If you want the alert to last longer (say for the day and you silence it when it is solved), you can use sub-queries;
expr: increase((metric and on() hour()==5)[18h:])==0 and on() hour()>5
It reads as : starting at 6am (hour()>5), compute the increase over 5-6am for the next 18 hours. If you like having a pending, you can drop the trailing on() hour()>5 and use a for: 1h clause.
If you want to alert until a file is submitted and thus detect a resolution, simply transform the expression to evaluate the increase until now:
expr: increase((metric and on() hour()>5)[18h:])==0 and on() hour()>5
I try to update a projection from event store. The following line will load all events:
$events = $this->eventStore->load(new StreamName('mystream'));
Currently i try to load only not handled events by passing the fromNumber parameter:
$events = $this->eventStore->load(new StreamName('mystream'), 10);
This will load all events eg from 15 to 40. But i found no way to figure out which is the current/highest "no" of the results. But this is necessary for me to load only from this entry on the next time.
If the database is truncated (with restarted sequences) this is not a real problem cause i know that the events will start with 1. But if the primary key starts with a number higher than 1 can not figure out which event has which number in the event store
When you are using pdo-event-store, you have a key _position in the event metadata after loading, so your read model can track which position was the last you were working on. Other then that, if you are working with proophs event-store projections, you don't need to take care of that at all. The projector will track the current event position for all needed streams internally, you just need to provide callbacks for each event where you need to do something.
I need to collect event logs from Windows those are logged before 10 seconds. Using pull subscription I could collect already saved logs before execution of program and saving logs while program is running. I tried with the code available on MSDN:
Subscribing to Events
"I need to start to collect the event logged 10 seconds ago". Here I think I need to set value for LPWSTR pwsQuery to achieve that.
L"*[System/Level= 2]" gives the events with level equal to 2.
L"*[System/EventID= 4624]" gives events with eventID is 4624.
L"*[System/Level < 1]" gives events with level < 2.
Like that I need to set the value for pwsQuery to get event logged near 10 seconds. Can I do in the same way as above? If so how? If not what are the other ways to do it?
EvtSubscribe() gives you new events as they happen. You need to use EvtQuery() to get existing events that have already been logged.
The Consuming Events documentation shows a sample query that retrieves events beginning at a specific time:
// The following query selects all events from the channel or log file where the severity level is
// less than or equal to 3 and the event occurred in the last 24 hour period.
XPath Query: *[System[(Level <= 3) and TimeCreated[timediff(#SystemTime) <= 86400000]]]
So, you can use TimeCreated[timediff(#SystemTime) <= 10000] to get events in the last 10 seconds.
The TimeCreated element is documented here:
TimeCreated (SystemPropertiesType) Element
The timediff() function is described on the Consuming Events documentation:
The timediff function is supported. The function computes the difference between the second argument and the first argument. One of the arguments must be a literal number. The arguments must use FILETIME representation. The result is the number of milliseconds between the two times. The result is positive if the second argument represents a later time; otherwise, it is negative. When the second argument is not provided, the current system time is used.
Can I get total number of events (=data points) for a time period?
The 'events' method (http://mixpanel.com/api/2.0/events/)
seems almost what I need, it's just that it requires a list of event names, and I need the total count of my events, I do not have the names.
I could not find this one in the API.
You can first hit the events by name API to return the list of your events at http://mixpanel.com/api/2.0/events/names/. Then, you can pump the return as a list into your request to http://mixpanel.com/api/2.0/events/ to get the count for each of your events.
Depending on your usage case, it may make more sense to use a URL hack on the main segmentation report instead of hitting the API. If you add union:1 as a new parameter to the URL (they are comma separated at the end) the report will display the union of all your events over a time period -- if you are viewing totals, this will be the total event count.
You can use the JQL console within Mixpanel, under the "Applications" menu in the left-nav. Just run the following, and it'll count the total number of events. See the JQL API reference here: https://mixpanel.com/help/reference/jql/api-reference#api/concepts
function main() {
return Events({
from_date: '2010-02-02',
to_date: '2017-02-03'
}).reduce(mixpanel.reducer.count());
}
// 989322