Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-07 00:58:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Change the standalone sumstats mode to work incrementally.

Browse source
This commit is contained in:
Seth Hall 2014-03-17 16:06:14 -04:00
parent 8061a34b3e
commit af36915186
3 changed files with 39 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

40
scripts/base/frameworks/sumstats/non-cluster.bro
View file

@ -2,23 +2,47 @@
module SumStats; module SumStats;
event SumStats::process_epoch_result(ss: SumStat, now: time, data: ResultTable)
{
# TODO: is this the right processing group size?
local i = 50;
for ( key in data )
{
ss$epoch_result(now, key, data[key]);
delete data[key];
if ( |data| == 0 )
{
if ( ss?$epoch_finished )
ss$epoch_finished(now);
# Now that no data is left we can finish.
return;
}
i = i-1;
if ( i == 0 )
{
# TODO: is this the right interval?
schedule 0.01 secs { process_epoch_result(ss, now, data) };
break;
}
}
}
event SumStats::finish_epoch(ss: SumStat) event SumStats::finish_epoch(ss: SumStat)
{ {
if ( ss$name in result_store ) if ( ss$name in result_store )
{ {
local now = network_time();
if ( ss?$epoch_result ) if ( ss?$epoch_result )
{ {
local data = result_store[ss$name]; local data = result_store[ss$name];
# TODO: don't block here. event SumStats::process_epoch_result(ss, network_time(), data);
for ( key in data )
ss$epoch_result(now, key, data[key]);
} }
if ( ss?$epoch_finished ) # We can reset here because we know that the reference
ss$epoch_finished(now); # to the data will be maintained by the process_epoch_result
# event.
reset(ss); reset(ss);
} }

0
testing/btest/Baseline/scripts.base.frameworks.sumstats.basic/.stdout → testing/btest/Baseline/scripts.base.frameworks.sumstats.basic/standalone..stdout
View file

10
testing/btest/scripts/base/frameworks/sumstats/basic.bro
View file

@ -1,5 +1,8 @@
# @TEST-EXEC: bro %INPUT # @TEST-EXEC: btest-bg-run standalone bro %INPUT
# @TEST-EXEC: btest-diff .stdout # @TEST-EXEC: btest-bg-wait 5
# @TEST-EXEC: btest-diff standalone/.stdout
redef exit_only_after_terminate=T;
event bro_init() &priority=5 event bro_init() &priority=5
{ {
@ -19,8 +22,9 @@ event bro_init() &priority=5
{ {
local r = result["test.metric"]; local r = result["test.metric"];
print fmt("Host: %s - num:%d - sum:%.1f - var:%.1f - avg:%.1f - max:%.1f - min:%.1f - std_dev:%.1f - unique:%d - hllunique:%d", key$host, r$num, r$sum, r$variance, r$average, r$max, r$min, r$std_dev, r$unique, r$hll_unique); print fmt("Host: %s - num:%d - sum:%.1f - var:%.1f - avg:%.1f - max:%.1f - min:%.1f - std_dev:%.1f - unique:%d - hllunique:%d", key$host, r$num, r$sum, r$variance, r$average, r$max, r$min, r$std_dev, r$unique, r$hll_unique);
terminate();
} }
]); ])
SumStats::observe("test.metric", [$host=1.2.3.4], [$num=5]); SumStats::observe("test.metric", [$host=1.2.3.4], [$num=5]);
SumStats::observe("test.metric", [$host=1.2.3.4], [$num=22]); SumStats::observe("test.metric", [$host=1.2.3.4], [$num=22]);