-1

im totally new to Esper, so please don't shoot me, if the following question sounds stupid.

I am sending POJO-events to an esper instance. This POJOS have some attributes, as follows:

MyEventPOJO {
final String sourceIP;
final String destIP;
final Calendar transmissionTime;
final List<WorkingDay> WorkingDays;

The List<WorkingDay> holds a List of WorkingDays that indicate, at which time a host is allowed to do certain things. Each one of the WorkingDay's has a unique dayName(see class discription below). The event MyEventPOJO is sent to esper as soon as an activity of the host with sourceIP has been found. The event is created in another part of the software. In that part a database is queried for the WorkingDays of the host. This information is put into the List<WorkingDay> and sould then be correlateed with the transmissionTime. The transmission time represents the time(date and time of activity) at which the activity of the host has been tracked.

The result of the correlation should be all the MyEventPOJO's where the host was active outside of the permitted times that are specified by the List<WorkingDay>

A WorkingDay looks like this:

public class WorkingDay {
final String dayName;
final Calendar startTimeOfDay;
final Calendar endTimeOfDay;
.
.
.

I want to create a statement that filters out the events, where following things are true:

  • MyEventPOJO.tramissionTime has the same day name as WorkingDay.dayName
  • MyEventPOJO.tramissionTime's time of day is outside of the range of WorkingDay.startTimeOfDay and WorkingDay.endTimeOfDay

Edit: The statement should collect all MyEventPOJO's, that match the expressions stated above using a time_batch window of 10 minute length.

I appreciate any advice you can give me. Thanks in advance.

I wish you a nice weekend and hope i can solve this problem with your help.

Kai
  • 3
  • 2
  • What is the output? Is the output a MyEventPOJO? Or is the output a WorkingDay? Or a row that contains one of each? Also if "MyEventPOJO.sourceIP equals WorkingDay.hostIP" what happens if that is not true, nothing gets output or just the matching ones get output? This sounds like you want to apply whats in the documentation under "Contained Event" see http://espertech.com/esper/release-6.0.1/esper-reference/html_single/index.html#epl-containedeventselect – user3613754 Mar 17 '17 at 13:42
  • Thanks for the question, i edited my inital post. Correct me if i'm wrong, but i dont think thats what i am searching for, since the `List` is not an event itself. – Kai Mar 17 '17 at 13:54
  • I can't correct you - they are your requirements not mine. If the output is just the MyEventPOJO and nothing else then the question is when "MyEventPOJO.sourceIP equals WorkingDay.hostIP" should that be true for ALL WorkingDay objects, or for ANY or EXACTLY ONE? Your requirements are unclear. Same for "tramissionTime". – user3613754 Mar 17 '17 at 14:20
  • i edited the post again, hopefully the requirements are more clear now. Thank you for your patience =) – Kai Mar 17 '17 at 14:50
  • Basically, what i want to do is find activities of hosts outside of their permitted working hours. The `List` holds the information, at which times a host ia allowed to send traffic. Thank you for your patience =) – Kai Mar 17 '17 at 15:00
  • You haven't answered my question and instead added unrelated detail and added design stuff like batch windows instead of clarifying requirements. Lets say a MyEventPOJO comes in that has two WorkingDay objects. You are asking that tramissionTime has the same day name as WorkingDay.dayName. Now since there are two WorkingDay instances, which one to compare to? (a) ANY (b) ALL (c) EXACTLTY ONE or (d) something else – user3613754 Mar 17 '17 at 15:25
  • I want to compare it to all of the workigDays – Kai Mar 19 '17 at 16:28

1 Answers1

0

I used a script to get the day name from the calendar.

expression string getCalendarDayName(ts) [
  getCalendarDayName(ts);
  function getCalendarDayName(ts) {
    return new java.text.SimpleDateFormat("EEEE").format(ts.getTime());
  }
]
select * from MyEventPOJO(
  workingDays.allOf(v => dayName = getCalendarDayName(transmissionTime)) 
  and
  workingDays.allOf(v => transmissionTime.before(startTimeOfDay) or transmissionTime.after(endTimeOfDay))
)
user3613754
  • 816
  • 1
  • 5
  • 5