输入时没有可行的替代方案:Siddhi 查询
no viable alternative at input : Siddhi Query
我正在尝试通过简单地导入自定义映射流来编写一个简单的 siddhi 查询。但是一旦我导入流并验证查询,它就会出错。
不过我的完整查询是
@Import('bro.in.ssh.log:1.0.0')
define stream inStream (ts string, uid string, id.orig_h string, id.orig_p int, id.resp_h string, id.resp_p int, version int, client string, server string, cipher_alg string, mac_alg string, compression_alg string, kex_alg string, host_key_alg string, host_key string);
@Export('bro.out.ssh.log:1.0.0')
define stream outStream (ts string, ssh_logins int);
from inStream
select dateFormat (ts,'yyyy-MM-dd HH:mm') as formatedTs, count
group by formatedTs
insert into outStream;
我只想计算一分钟日志中的记录数,然后导出时间并计数到输出流。但是即使在第一行我也会出错。
我的输入是 bro 个 ID、ssh.log 的日志文件。它的示例记录类似于:
{"ts":"2016-05-08T08:59:47.363764Z","uid":"CLuCgz3HHzG7LpLwH9","id.orig_h":"172.30.26.119","id.orig_p":51976,"id.resp_h":"172.30.26.160","id.resp_p":22,"version":2,"client":"SSH-2.0-OpenSSH_5.0","server":"SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.6","cipher_alg":"arcfour256","mac_alg":"hmac-md5","compression_alg":"none","kex_alg":"diffie-hellman-group-exchange-sha1","host_key_alg":"ssh rsa","host_key":"8d:df:71:ac:29:1f:67:6f:f3:dd:c3:e5:2e:5f:3e:b4"}
Siddhi 不允许属性名称包含点 ('.') 字符。因此,请编辑事件流,使属性名称(例如 id.orig_h)不包含点字符。
我正在尝试通过简单地导入自定义映射流来编写一个简单的 siddhi 查询。但是一旦我导入流并验证查询,它就会出错。
不过我的完整查询是
@Import('bro.in.ssh.log:1.0.0')
define stream inStream (ts string, uid string, id.orig_h string, id.orig_p int, id.resp_h string, id.resp_p int, version int, client string, server string, cipher_alg string, mac_alg string, compression_alg string, kex_alg string, host_key_alg string, host_key string);
@Export('bro.out.ssh.log:1.0.0')
define stream outStream (ts string, ssh_logins int);
from inStream
select dateFormat (ts,'yyyy-MM-dd HH:mm') as formatedTs, count
group by formatedTs
insert into outStream;
我只想计算一分钟日志中的记录数,然后导出时间并计数到输出流。但是即使在第一行我也会出错。
我的输入是 bro 个 ID、ssh.log 的日志文件。它的示例记录类似于:
{"ts":"2016-05-08T08:59:47.363764Z","uid":"CLuCgz3HHzG7LpLwH9","id.orig_h":"172.30.26.119","id.orig_p":51976,"id.resp_h":"172.30.26.160","id.resp_p":22,"version":2,"client":"SSH-2.0-OpenSSH_5.0","server":"SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.6","cipher_alg":"arcfour256","mac_alg":"hmac-md5","compression_alg":"none","kex_alg":"diffie-hellman-group-exchange-sha1","host_key_alg":"ssh rsa","host_key":"8d:df:71:ac:29:1f:67:6f:f3:dd:c3:e5:2e:5f:3e:b4"}
Siddhi 不允许属性名称包含点 ('.') 字符。因此,请编辑事件流,使属性名称(例如 id.orig_h)不包含点字符。