我在执行计划中使用内存表,但编译器正在询问它的定义。查询是
@Import('MAINInStream:1.0.0')
define stream MAINInStream (ts string, uid string, id_orig_h string, id_orig_p int, id_resp_h string, id_resp_p int, proto string, service string, duration double, orig_bytes long, resp_bytes long, conn_state string, local_orig bool, local_resp bool, missed_bytes long, history string, orig_pkts long, orig_ip_bytes long, resp_pkts long, resp_ip_bytes long, tunnel_parents string, sensorname string);
@Export('ProtocolStream:1.0.0')
define stream ProtocolStream (protocol string, count int);
@from(eventtable = 'rdbms' , datasource.name = 'WSO2_CARBON_DB' , table.name ='conn_log_table')
define table conn_log_table (ts string, uid string, id_orig_h string, id_orig_p int, id_resp_h string, id_resp_p int, proto string, service string, duration double, orig_bytes long, resp_bytes long, conn_state string, local_orig bool, local_resp bool, missed_bytes long, history string, orig_pkts long, orig_ip_bytes long, resp_pkts long, resp_ip_bytes long, tunnel_parents string, sensorname string);
define table mem_conn_table (timestamp string, id_orig_h string, id_orig_p int, id_resp_h string, id_resp_p int, proto string);
from MAINInStream
select *
insert into conn_log_table;
from MAINInStream
select time:dateAdd(str:replaceAll(ts,'T',' '), 5, 'hour',"yyyy-MM-dd HH:mm:ss") as timestamp, id_orig_h, id_orig_p, id_resp_h, id_resp_p, proto
insert into mem_conn_table;
from mem_conn_table[time:dateDiff(time:currentTimestamp(), timestamp, "yyyy-MM-dd HH:mm:ss", "yyyy-MM-dd HH:mm:ss") == 0]
SELECT (ifThenElse(id_resp_p == 21,'FTP', ifThenElse(id_resp_p == 22,'SSH', ifThenElse(id_resp_p == 25,'SMTP', ifThenElse(id_resp_p == 445,'SMB','MYSQL'))))) as protocol , count() as count
insert into ProtocolStream;
mem_conn_table 是导致我添加最后一个查询时开始的问题。