Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-04 15:48:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Updates for SumStats API to deal with high memory stats.

Browse source 
- The code is a mess and will need to be cleaned up, but the
    tests do pass.
This commit is contained in:
Seth Hall 2013-08-02 12:44:33 -04:00
parent 7db531e162
commit 4f8100774c
16 changed files with 391 additions and 230 deletions
Download patch file Download diff file Expand all files Collapse all files

13
testing/btest/scripts/base/frameworks/sumstats/basic-cluster.bro
View file

@ -26,14 +26,13 @@ event bro_init() &priority=5
SumStats::create([$name="test",
$epoch=5secs,
$reducers=set(r1),
$epoch_finished(rt: SumStats::ResultTable) =
$epoch_result(ts: time, key: SumStats::Key, result: SumStats::Result) =
{
local r = result["test"];
print fmt("Host: %s - num:%d - sum:%.1f - avg:%.1f - max:%.1f - min:%.1f - var:%.1f - std_dev:%.1f - unique:%d", key$host, r$num, r$sum, r$average, r$max, r$min, r$variance, r$std_dev, r$unique);
},
$epoch_finished(ts: time) =
{
for ( key in rt )
{
local r = rt[key]["test"];
print fmt("Host: %s - num:%d - sum:%.1f - avg:%.1f - max:%.1f - min:%.1f - var:%.1f - std_dev:%.1f - unique:%d", key$host, r$num, r$sum, r$average, r$max, r$min, r$variance, r$std_dev, r$unique);
}
terminate();
}]);
}

9
testing/btest/scripts/base/frameworks/sumstats/basic.bro
View file

@ -14,13 +14,10 @@ event bro_init() &priority=5
SumStats::create([$name="test",
$epoch=3secs,
$reducers=set(r1),
$epoch_finished(data: SumStats::ResultTable) =
$epoch_result(ts: time, key: SumStats::Key, result: SumStats::Result) =
{
for ( key in data )
{
local r = data[key]["test.metric"];
print fmt("Host: %s - num:%d - sum:%.1f - var:%.1f - avg:%.1f - max:%.1f - min:%.1f - std_dev:%.1f - unique:%d", key$host, r$num, r$sum, r$variance, r$average, r$max, r$min, r$std_dev, r$unique);
}
local r = result["test.metric"];
print fmt("Host: %s - num:%d - sum:%.1f - var:%.1f - avg:%.1f - max:%.1f - min:%.1f - std_dev:%.1f - unique:%d", key$host, r$num, r$sum, r$variance, r$average, r$max, r$min, r$std_dev, r$unique);
}
]);

8
testing/btest/scripts/base/frameworks/sumstats/cluster-intermediate-update.bro
View file

@ -23,11 +23,13 @@ event bro_init() &priority=5
SumStats::create([$name="test",
$epoch=10secs,
$reducers=set(r1),
$epoch_finished(data: SumStats::ResultTable) =
$epoch_result(ts: time, key: SumStats::Key, result: SumStats::Result) =
{
print result["test.metric"]$sum;
},
$epoch_finished(ts: time) =
{
print "End of epoch handler was called";
for ( res in data )
print data[res]["test.metric"]$sum;
terminate();
},
$threshold_val(key: SumStats::Key, result: SumStats::Result) =

21
testing/btest/scripts/base/frameworks/sumstats/on-demand-cluster.bro
View file

@ -22,7 +22,7 @@ global n = 0;
event bro_init() &priority=5
{
local r1: SumStats::Reducer = [$stream="test", $apply=set(SumStats::SUM, SumStats::MIN, SumStats::MAX, SumStats::AVERAGE, SumStats::STD_DEV, SumStats::VARIANCE, SumStats::UNIQUE)];
local r1 = SumStats::Reducer($stream="test", $apply=set(SumStats::SUM, SumStats::MIN, SumStats::MAX, SumStats::AVERAGE, SumStats::STD_DEV, SumStats::VARIANCE, SumStats::UNIQUE));
SumStats::create([$name="test sumstat",
$epoch=1hr,
$reducers=set(r1)]);
@ -61,23 +61,24 @@ event on_demand2()
when ( local result = SumStats::request_key("test sumstat", [$host=host]) )
{
print "SumStat key request";
print fmt(" Host: %s -> %.0f", host, result["test"]$sum);
if ( "test" in result )
print fmt(" Host: %s -> %.0f", host, result["test"]$sum);
terminate();
}
}
event on_demand()
{
when ( local results = SumStats::request("test sumstat") )
{
print "Complete SumStat request";
print fmt(" Host: %s -> %.0f", 6.5.4.3, results[[$host=6.5.4.3]]["test"]$sum);
print fmt(" Host: %s -> %.0f", 10.10.10.10, results[[$host=10.10.10.10]]["test"]$sum);
print fmt(" Host: %s -> %.0f", 1.2.3.4, results[[$host=1.2.3.4]]["test"]$sum);
print fmt(" Host: %s -> %.0f", 7.2.1.5, results[[$host=7.2.1.5]]["test"]$sum);
#when ( local results = SumStats::request("test sumstat") )
# {
# print "Complete SumStat request";
# print fmt(" Host: %s -> %.0f", 6.5.4.3, results[[$host=6.5.4.3]]["test"]$sum);
# print fmt(" Host: %s -> %.0f", 10.10.10.10, results[[$host=10.10.10.10]]["test"]$sum);
# print fmt(" Host: %s -> %.0f", 1.2.3.4, results[[$host=1.2.3.4]]["test"]$sum);
# print fmt(" Host: %s -> %.0f", 7.2.1.5, results[[$host=7.2.1.5]]["test"]$sum);
event on_demand2();
}
# }
}
global peer_count = 0;

25
testing/btest/scripts/base/frameworks/sumstats/on-demand.bro
View file

@ -4,17 +4,18 @@
redef exit_only_after_terminate=T;
event on_demand()
{
when ( local results = SumStats::request("test") )
{
print "Complete SumStat request";
for ( key in results )
{
print fmt(" Host: %s -> %.0f", key$host, results[key]["test.reducer"]$sum);
}
}
}
## Requesting a full sumstats resulttable is not supported yet.
#event on_demand()
# {
# when ( local results = SumStats::request("test") )
# {
# print "Complete SumStat request";
# for ( key in results )
# {
# print fmt(" Host: %s -> %.0f", key$host, results[key]["test.reducer"]$sum);
# }
# }
# }
event on_demand_key()
{
@ -39,7 +40,7 @@ event bro_init() &priority=5
SumStats::observe("test.reducer", [$host=1.2.3.4], [$num=42]);
SumStats::observe("test.reducer", [$host=4.3.2.1], [$num=7]);
schedule 0.1 secs { on_demand() };
#schedule 0.1 secs { on_demand() };
schedule 1 secs { on_demand_key() };
}

23
testing/btest/scripts/base/frameworks/sumstats/sample-cluster.bro
View file

@ -23,21 +23,18 @@ event bro_init() &priority=5
SumStats::create([$name="test",
$epoch=5secs,
$reducers=set(r1),
$epoch_finished(rt: SumStats::ResultTable) =
$epoch_result(ts: time, key: SumStats::Key, result: SumStats::Result) =
{
local hosts: vector of addr = vector(6.5.4.3, 10.10.10.10, 1.2.3.4, 7.2.1.5);
for ( i in hosts )
{
local key = [$host=hosts[i]];
local r = rt[key]["test"];
local r = result["test"];
print fmt("Host: %s Sampled observations: %d", key$host, r$sample_elements);
local sample_nums: vector of count = vector();
for ( sample in r$samples )
sample_nums[|sample_nums|] =r$samples[sample]$num;
print fmt("Host: %s Sampled observations: %d", key$host, r$sample_elements);
local sample_nums: vector of count = vector();
for ( sample in r$samples )
sample_nums[|sample_nums|] =r$samples[sample]$num;
print fmt(" %s", sort(sample_nums));
}
print fmt(" %s", sort(sample_nums));
},
$epoch_finished(ts: time) =
{
terminate();
}]);
}

13
testing/btest/scripts/base/frameworks/sumstats/sample.bro
View file

@ -8,15 +8,12 @@ event bro_init() &priority=5
SumStats::create([$name="test",
$epoch=3secs,
$reducers=set(r1),
$epoch_finished(data: SumStats::ResultTable) =
$epoch_result(ts: time, key: SumStats::Key, result: SumStats::Result) =
{
for ( key in data )
{
print key$host;
local r = data[key]["test.metric"];
print r$samples;
print r$sample_elements;
}
print key$host;
local r = result["test.metric"];
print r$samples;
print r$sample_elements;
}]);
SumStats::observe("test.metric", [$host=1.2.3.4], [$num=5]);