Striim 3.9.4 / 3.9.5 documentation

WarningHandling
Screen_Shot_2016-01-07_at_11.03.16_AM.png

This flow sends an alert once an hour with the count of warnings for each API call for which there has been at least one warning. The following code creates a one-hour jumping window of application log warning messages:

CREATE CQ GetWarnings 
INSERT INTO WarningStream 
SELECT log4j 
FROM Log4ErrorWarningStream log4j WHERE log4j.level = 'WARN';

CREATE JUMPING WINDOW WarningWindow 
OVER WarningStream KEEP WITHIN 60 MINUTE ON logTime;

The HAVING clause in the SendWarningAlerts CQ filters out API calls that have had no warnings.

CREATE CQ SendWarningAlerts 
INSERT INTO WarningAlertStream 
SELECT 'WarningAlert', ''+logTime, 'warning', 'raise', 
        COUNT(logTime) + ' Warnings in log for api ' + api 
FROM WarningWindow 
GROUP BY api 
HAVING count(logTime) > 1;