@Override public Iterable<Tuple2<CorrelationKey, StandardEvent>> call(Tuple2<StandardEvent, Void> t) throws Exception { List<Tuple2<CorrelationKey, StandardEvent>> result = new ArrayList<Tuple2<CorrelationKey, StandardEvent>>(2); StandardEvent event = t._1(); long loTimestamp = createLoTimestamp(event.getTimestamp()); long hiTimestamp = createHiTimestamp(event.getTimestamp()); String ip = event.getIp().toString(); result.add(new Tuple2<CorrelationKey, StandardEvent>( new CorrelationKey(loTimestamp, ip), event)); result.add(new Tuple2<CorrelationKey, StandardEvent>( new CorrelationKey(hiTimestamp, ip), event)); return result; } });
@Override public Iterable<Tuple2<CorrelatedEvents, Void>> call(Tuple2<List<StandardEvent>, List<StandardEvent>> t) throws Exception { List<Tuple2<CorrelatedEvents, Void>> results = new ArrayList<Tuple2<CorrelatedEvents, Void>>(); List<StandardEvent> alerts = t._1(); List<StandardEvent> clicks = t._2(); for (StandardEvent alert : alerts) { List<StandardEvent> correlated = new ArrayList<StandardEvent>(); for (StandardEvent click : clicks) { if (Math.abs(alert.getTimestamp() - click.getTimestamp()) <= FIVE_MIN_MILLIS) { correlated.add(click); } } if (!correlated.isEmpty()) { results.add(new Tuple2(CorrelatedEvents.newBuilder() .setEvent(alert) .setCorrelated(correlated) .build(), null)); } } return results; } });
long startTime = firstEvent.getTimestamp(); long endTime = firstEvent.getTimestamp(); int numEvents = 1; startTime = Math.min(startTime, event.getTimestamp()); endTime = Math.max(endTime, event.getTimestamp()); numEvents += 1;
assertTrue(v1.includes(standardEvent(sepEvent.getTimestamp()))); assertFalse(v1.includes(standardEvent(octEvent.getTimestamp()))); assertFalse(v1.includes(standardEvent(novEvent.getTimestamp()))); assertFalse(v2.includes(standardEvent(sepEvent.getTimestamp()))); assertTrue(v2.includes(standardEvent(octEvent.getTimestamp()))); assertFalse(v2.includes(standardEvent(novEvent.getTimestamp()))); assertFalse(v3.includes(standardEvent(sepEvent.getTimestamp()))); assertFalse(v3.includes(standardEvent(octEvent.getTimestamp()))); assertTrue(v3.includes(standardEvent(novEvent.getTimestamp())));
unbounded); long octInstant = octEvent.getTimestamp();
@Test public void testEmptyCheck() throws IOException { Assert.assertTrue("New dataset should be empty", unbounded.isEmpty()); // NOTE: this is an un-restricted write so all should succeed DatasetWriter<StandardEvent> writer = null; try { writer = unbounded.newWriter(); writer.write(sepEvent); } finally { Closeables.close(writer, false); } Assert.assertFalse("Should not be empty after write", unbounded.isEmpty()); Assert.assertFalse("Should find event in September", unbounded.with("timestamp", sepEvent.getTimestamp()).isEmpty()); Assert.assertTrue("Should not find event in October", unbounded.with("timestamp", octEvent.getTimestamp()).isEmpty()); }
long octInstant = octEvent.getTimestamp(); long novStart = new DateTime(2013, 11, 1, 0, 0, DateTimeZone.UTC).getMillis();
final long nov12Start = new DateTime(2013, 11, 12, 0, 0, DateTimeZone.UTC).getMillis(); long decStart = new DateTime(2013, 12, 1, 0, 0, DateTimeZone.UTC).getMillis(); final long sepInstant = sepEvent.getTimestamp(); final long sep12End = new DateTime(2013, 9, 13, 0, 0, DateTimeZone.UTC).getMillis() - 1; final long octInstant = octEvent.getTimestamp();
public ReflectStandardEvent(StandardEvent event) { setEvent_initiator(event.getEventInitiator()); setEvent_name(event.getEventName()); setIp(event.getIp()); setSession_id(event.getSessionId()); setTimestamp(event.getTimestamp()); setUser_id(event.getUserId()); }
final long nov12Start = new DateTime(2013, 11, 12, 0, 0, DateTimeZone.UTC).getMillis(); long decStart = new DateTime(2013, 12, 1, 0, 0, DateTimeZone.UTC).getMillis(); final long sepInstant = sepEvent.getTimestamp(); final long sep12End = new DateTime(2013, 9, 13, 0, 0, DateTimeZone.UTC).getMillis() - 1; final long octInstant = octEvent.getTimestamp();
final long later = end + 1; final long earlier = start - 1; long included = octEvent.getTimestamp(); final RefinableView<StandardEvent> oct = unbounded .from("timestamp", start).to("timestamp", end);