Filtering fields
A CQ can select desired fields from a stream, cache, or WActionStore and discard the rest. For example, this CQ from MultiLogApp selects only two of the fields (accessTime
and srcIp
) from its input stream:
CREATE TYPE AccessLogEntry ( srcIp String KEY, userId String, sessionId String, accessTime DateTime ... CREATE STREAM HackerStream OF AccessLogEntry; ... CREATE CQ SendHackingAlerts INSERT INTO HackingAlertStream SELECT 'HackingAlert', ''+accessTime, 'warning', 'raise', 'Possible Hacking Attempt from ' + srcIp + ' in ' + IP_COUNTRY(srcIp) FROM HackerStream;