eagle-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jean Rossier <j...@sqooba.io>
Subject Re: HDFS Data Activity Monitoring - demo in Eagle
Date Wed, 22 Mar 2017 13:17:47 GMT
Ok, thanks a lot !!! It gets a bit clearer

1. Regarding the policy you sent me
  a. Input stream and output stream use the same stream. Is that normal ?
  b. In the 'definition' block, you do 'from' a stream (
HDFS_AUDIT_LOG_ENRICHED_STREAM_SANDBOX) which is neither defined in the
input stream nor the output stream. Is that normal ?
  c. In the 'definition' block, you insert into 'Audit_log_alert'. What is
that ? Should it be a stream ? or a kafka topic ?

2. I read the examples given here:
https://cwiki.apache.org/confluence/display/EAG/Quick+Start+with+Alert+Engine+through+API.
The policy shown in this page (chapter 5.1) seems more consistant to me. I
would like to POST it to my eagle server, but
  a. When installing the 'Hdfs Audit Log Monitor' application, it created
only one hdfs audit log stream (HDFS_AUDIT_LOG_ENRICHED_STREAM_SANDBOX).
How can I create another stream
(e.g. HDFS_AUDIT_LOG_ENRICHED_STREAM_OUT_SANDBOX) ?


Jean


On Wed, Mar 22, 2017 at 12:25 PM, SUDHA JENSLIN <sjenslin@gmail.com> wrote:

> Post : http://localhost:9090/rest/metadata/policies
>
>
> -sudha Jenslin
>
>
>
> On Mar 22, 2017, at 4:47 PM, Jean Rossier <jean@sqooba.io> wrote:
>
> Hi Jean,
>
> You can create policies either through rest API or through Eagle UI.
>
> Rest API:
> Post :
>
> {
>    "name": "hdfsPolicy_1",
>    "description": "hdfsPolicy",
>    "inputStreams": [
>       "HDFS_AUDIT_LOG_ENRICHED_STREAM_EAGLE_LP"
>    ],
>    "outputStreams": [
>       "HDFS_AUDIT_LOG_ENRICHED_STREAM_EAGLE_LP"
>    ],
>    "definition": {
>       "type": "siddhi",
>       "value": "from HDFS_AUDIT_LOG_ENRICHED_STREAM_SANDBOX[src=='/tmp']
> select * insert into Audit_log_alert"
>    },
>    "alertDefinition":
> {"templateType":"TEXT",
> "subject”:”Test Alert : eagle alert",
> "body”:"Tmp : test alert",
> "severity":"CRITICAL",
> "category":"test"
> },
>    "partitionSpec": [
>       {
>          "streamId": "HDFS_AUDIT_LOG_ENRICHED_STREAM_EAGLE_LP",
>          "type": "GROUPBY",
>          "columns" : [
>             "user"
>          ]
>       }
>    ],
>    "parallelismHint": 2
> }
>
> You can follow the below given document:
> https://cwiki.apache.org/confluence/display/EAG/5.1+Create+Alert+Policy
> https://cwiki.apache.org/confluence/display/EAG/Quick+
> Start+with+Alert+Engine+through+API
>
> Regards,
> Sudha Jenslin
>
>
>


-- 


*Jean Rossier*


*Sqooba (Schweiz) AG*Parkterrasse 14
3012 Bern

eMail:   jean@sqooba.io
<forename@sqooba.io>Mobile: +41 79 643 96 57
Web:    www.sqooba.io

Mime
View raw message