type norikra_filter norikra localhost:26571 path /home/user/.rbenv/versions/jruby-1.7.4/bin/norikra remove_tag_prefix event target_map_tag yes # or # target_map_key KEYNAME # or # target_string TARGET_STRING include * exclude yyyymmdd,hhmmss exclude_regexp f_.* # OR # exclude * # include foo,bar,baz # include_regexp status.* field_boolean flag field_integer status,duration,bytes name pv_${target} expression SELECT count(*) AS cnt FROM ${target}.win:time_batch(1 minutes) WHERE not flag tag pv.${target} # group pv_query_group # default: nil (default group) fetch_interval 15s # default -> time_batch / 4 ? -> (none) -> 60s # fetch_interval is ignored when section specified name errors_${target} expression SELECT count(*) AS cnt FROM ${target}.win:time_batch(1 minutes) WHERE status >= 500 tag errors.${target} fetch_interval 15s field_int display name search_words expression SELECT count(distinct query_search) AS cnt FROM ${target}.win:time_batch(1 minutes) WHERE query_search.length() > 0 tag search.words name search_rate expression SELECT count(*) AS cnt FROM ${target}.win:time_batch(1 minutes) WHERE query_search.length() > 0 tag search.rate method sweep # listen(not implemented) tag query_name # tag field FIELDNAME # tag string TAG_STRING tag_prefix cep interval 5s