Esper Alert query not triggering

Question

I am using Esper to generate the alert message based on the esper query's which gets fired.

I am using Map as a java object to bind all the log messages and that is defined in the external esper config xml file as follows.

<?xml version="1.0" encoding="UTF-8"?>
<esper-configuration xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://www.espertech.com/schema/esper"
xsi:schemaLocation="http://www.espertech.com/schema/esper
http://www.espertech.com/schema/esper/esper-configuration-2.0.xsd">
<!-- <event-type name="StockTick" class="com.espertech.esper.example.stockticker.event.StockTick"/>
<event-type name="PriceLimit" class="com.espertech.esper.example.stockticker.event.PriceLimit"/>
<auto-import import-name="org.mycompany.mypackage.MyUtility"/>
<auto-import import-name="org.mycompany.util.*"/> -->

<event-type name="b2cAccessLogEvent">
 <java-util-map>
  <map-property name="request" class="string"/>
  <map-property name="response" class="int"/>
  <map-property name="type" class="string"/>
  <map-property name="dc" class="int"/>
  <map-property name="message" class="string"/>
  <map-property name="source" class="string"/>
  <map-property name="source_host" class="string"/>
  <map-property name="source_path" class="string"/>
  <map-property name="agent" class="string"/>
  <map-property name="duration" class="string"/>
  <map-property name="@timestamp" class="string"/>    
 </java-util-map>
</event-type>
</esper-configuration>

I am reading the log messages from queue. My requirement of event getting trigger is as follows 1. If the response field inside log message of type = "b2c_access" is = 302 and the count of log messages with this response code in 1 min is > 10 then fire a event.

I have following EPL

select * from b2cAccessLogEvent(type="b2c_access").win:time(1 minute) having response = 302 and dc like "%s%" and count(request) > 10.

But eventhough the log message contains more than 10 messages is 2 min of time span the event is not getting fired nor any exception. so I tried to make the EPL simple as follows.

select * from b2cAccessLogEvent(type="b2c_access").win:time(1 minute) having response = 302

Still this above query is not getting fired.

I am unable to find any example in the Esper official site which will match what I am looking for.

Answer 1

Actually the issue is with the values getting populated into my Map, for e.g the response field was getting populated as String in the Map but in my query I was treating that as a integer field. Just Because my Map was of type it never threw the exception.