I am trying to batch together a bunch of events from a time window based on a matching property (User). Say, for example, the following events pass through esper in 1 second:
User | File
A | a1.sys
A | a2.inf
A | a3.sys
B | b1.sys
B | b2.sys
A | a4.sys
B | b3.inf
I want to batch the events by user and output the following 2 groups of events:
Output 1
A | a1.sys
A | a2.inf
A | a3.sys
A | a4.sys
Output 2
B | b1.sys
B | b2.sys
B | b3.inf
The key thing is that these groups need to be output as a collection and not one output per event. I need to emulate the type of response I would get from the below query (where events a, b and c are returned as a collection):
SELECT * FROM pattern[every a -> b -> c]
I just cant figure out how to shape such a query. I've tried the following but it doesnt batch the events together.
select * from ActivityEvent().std:groupwin(User).win:time_batch(5)
There is batch expression window that can compare events and release batches. It is described in [1]. [1] http://esper.codehaus.org/esper-5.0.0/doc/reference/en-US/html_single/index.html#view-win-exprbatch