需要一些查询的指针 [英] Need some pointers for this query

问题描述

我正在使用ASA构建警报机制.输入是异常消息流.我想拥有的是，当检测到新异常时，它将立即发送到输出，但是之后，我希望将发生次数计入 固定的时间窗口(例如一小时).我该怎么办呢?每小时发生的次数对我来说不是问题，但要立即输出第一个发生的内容是我的工作.

I am building an alerting mechanism using ASA. The input is a stream of exception messages. What I would like to have is that, when a new exception is detected it will be send to the output immediately but after that I want to have the occurence count in a fixed time window (say, one hour). How could I accomplish that? The count of occurences per hour is not a problem for me, but having the first occurence outputted immediately is something I am struggling with.

推荐答案

请查看IsFirst运算符:

Please take a look at the IsFirst operator:

https://docs.microsoft.com/zh-cn/stream-analytics-query/isfirst-azure-stream-analytics

https://docs.microsoft.com/en-us/stream-analytics-query/isfirst-azure-stream-analytics

一个简单的模式是有一个共同的步骤来计算IsFirst，然后有一个步骤在IsFirst = 1时从中选择，而另一个步骤则从第一步中选择所有数据并进行时间窗口汇总.

One simple pattern is to have a common step that calculates IsFirst, then have another step that selects from it when IsFirst = 1 and another step that selects all the data from the first step and does your time window aggregation.

这篇关于需要一些查询的指针的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！