Sentinel 7 Lucene Query

Similar Messages

• Lucene query syntax

  I'm trying to create a lucene query for a jasper report that mirrors sql
  implicit join syntax. The lucene documentation is pretty light and I'm
  not sure if what I'm trying to do is possible and if so, what the syntax
  is.
  So what I want to do is something like this:
  SELECT
  start.dt AS eventstarttime,
  last.dt AS eventfinishtime
  WHERE
  start.evt:"Workflow Started" AND last.evt:"Workflow Ended" AND
  start.pn:"Novell Identity Manager" AND start.rv51:Workflow AND
  start.evtgrpid = last.evtgrpid
  Is it possible to extract information from two entries like this?
  nate_spears
  nate_spears's Profile: http://forums.novell.com/member.php?userid=7564
  View this thread: http://forums.novell.com/showthread.php?t=439799

  Well, so within the report you can declare sorting and grouping based on
  specific fields within the returned data. That may be sufficient to get
  you to where you want to be. Beyond that you can do all sorts of things
  since Jasper can basically include arbitrary Java code to do whatever
  you need to do. Most of the features I'm talking about, however, are
  really Jasper/iReport features and not so much anything special about
  our SDK - as a result you may be able to find Jasper/iReport
  documentation/forums etc that have examples of this sort of thing (you
  can, of course, look at our existing reports if they have structures you
  are interested in replicating).
  DCorlette
  DCorlette's Profile: http://forums.novell.com/member.php?userid=4437
  View this thread: http://forums.novell.com/showthread.php?t=439799

• Lucene Bottom N type report

  I have a requirement to write a report which shows the least occurances
  of some events. I have found example of Top N type reports, but is it
  possible to reverse the order to get Bottom N report in lucene?
  For Top N we have following:
  GROUP BY $P{EventTag} TOP $P{TopN}, sev TOP 6
  Changing TOP to BOTTOM in this query doesn't work. Also, I can change
  TOP to WHATEVER and it still does not complain about syntax.
  Could you help?
  Adam
  admroz
  admroz's Profile: https://forums.netiq.com/member.php?userid=3440
  View this thread: https://forums.netiq.com/showthread.php?t=46307

  Hi Adam,
  you could try to use a PrintWhen expression based on the build-in
  REPORT_COUNT variable:
  http://jasperreports.sourceforge.net...engine/JRVaria
  ble.html#REPORT_COUNT
  Norbert
  >>> On 12.12.2012 at 14:14, admroz<[email protected]> wrote:
  > Norbert,
  >
  > Thanks for your reply. We are trying to go a way you described, but we
  > still have some problems ‑ let me explain.
  >
  > The Top 10 Report (which is our base for Bottom 10 Report) uses
  > following lucene query:
  > SELECT
  > $P{EventTag} AS event_tag_value,
  > sev AS severity
  > WHERE
  > sev:[$P{MinSevStr} TO $P{MaxSevStr}] AND notnull:$P{EventTag}
  > $P{VendorProduct_Query} $P{SEARCH_QUERY_USE}
  > GROUP BY $P{EventTag} TOP $P{TopN},sev TOP 6
  > OVER $P{FromDtQry}, $P{ToDtQry}
  > $P{MaximumResultsStr}
  >
  > and there is also:
  > <field name="count" class="java.lang.Integer"/>
  >
  > Now, I don't know how the magic "TOP" clause is implemented, but I
  > assume that it does its job. Important thing is that there is grouping
  > on both on EventTag (eg. sip) and severity. Which means that "count"
  > columns contain amout of occurances of sip/sev pairs rather than sum of
  > sip occurances with any sev.
  >
  > So the first question is ‑ is the Top 10 Report working correctly? Does
  > it take biggest values in regards of sums for sip with any sev?
  >
  > As you advised, to have Bottom 10 we've removed TOP clause for EventTag
  > from lucene query. We also have to add sorting on count:
  > <sortField name="count" order="Ascending"/>
  >
  > and filter to limit results on a chart:
  > <filterExpression><![CDATA[new Boolean($V{SumOfCNT}.intValue() <=
  > Integer.parseInt($P{TopN}))]]></filterExpression>
  >
  > With an assumption that $P{TopN} is 10 then it should show 5 bars on a
  > chart. However, let's consider following data:
  >
  > sip | sev | count
  > 10.0.0.1 | 1 | 1
  > 10.0.0.1 | 2 | 1
  > 10.0.0.1 | 3 | 1
  > 10.0.0.2 | 1 | 2
  > 10.0.0.3 | 1 | 2
  > 10.0.0.4 | 1 | 2
  > 10.0.0.5 | 1 | 2
  > 10.0.0.6 | 1 | 2
  > 10.0.0.7 | 1 | 2
  >
  > Because data is ordered by "count" then it takes three times 10.0.0.1
  > and puts it on a first bar with a value of 3 (which is a sum for each
  > severity). It also increases counter by 3, so it shows only two more
  > bars on a chart for 10.0.0.2 and 10.0.0.3. Of cours the value for
  > 10.0.0.1 should not appear at all, because its sum is bigger than values
  > for other IPs.
  >
  > The only solution which we have for now is removing "sev" from group by
  > clause, but that way we are loosing some functionality of original Top
  > 10 Report.
  >
  > Is it possible to solve it in any other way? Even if it was normal sql
  > query I would doubt if it was possible to be done with one query only.
  >
  > Thanks
  > Adam

• Maximum output number of logs

  There is something to acquire a large amount of logs according to the
  product.
  To about how many PDF reports can the log be output in maximums?
  Event count and capacity, etc.
  k-shizuma
  k-shizuma's Profile: http://forums.novell.com/member.php?userid=90919
  View this thread: http://forums.novell.com/showthread.php?t=420187

  Hello,
  I'm not quite sure I understand your question: how is this related to
  the SDK? This forum is intended for people to discuss SDK issues, e.g.
  issues related to creating and maintaining plug-ins for Sentinel (and
  IDM).
  If your question has to do with the performance of the Sentinel
  platform for event storage, reporting, and so on, then that's a platform
  question which should be posted to the Sentinel forum, not the Plug-in
  SDK forum.
  'Sentinel'
  (http://forums.novell.com/novell-prod...rums/sentinel/)
  That said, if I understand your question correctly, it's not possible
  to answer - it's like asking "how many documents can OpenOffice have
  open at a time?" Well, it depends on how large they are, what kind of
  system you're running on, etc etc. Each report in Sentinel issues a
  database (or Lucene) query, and depending on how much data is returned
  (and how much data processing is performed), different system resources
  will be used.
  So I guess your answer is something like "as much as you're willing to
  pay for".
  Hope this helps!
  DCorlette
  DCorlette's Profile: http://forums.novell.com/member.php?userid=4437
  View this thread: http://forums.novell.com/showthread.php?t=420187

• Sentinel 7 using ldap query to eDirectory

  Hi,
  Is it possible for me to generate a custom report that will perform a
  ldapsearch on my eDirectory to retrieve attributes of users? Or is there
  a way where i can create a collector to connect to my eDirectory
  database?. What I'm planning to do is i would like to customized a
  report to display all users attribute in a report using iReport and
  upload it into Sentinel 7 system, please advise thanks.
  albertngfalls2012
  albertngfalls2012's Profile: https://forums.netiq.com/member.php?userid=4894
  View this thread: https://forums.netiq.com/showthread.php?t=49182

  On 11/13/2013 11:04 AM, albertngfalls2012 wrote:
  >
  > Hi ab,
  >
  > Firstly thanks for your reply, actually i do have an IDM server running
  > currently but how do I export user data to Sentinel using Identity
  > Integration? Correct me if I'm wrong when you say Identity Integration
  > do you mean the driver used for Identity Tracking? If that's the driver
  The Sentinel 7 driver for IDM is for "Identity Tracking", yes, which is
  the feature that feeds data from user objects in the Identity Vault into
  Sentinel, which then means that the data are held in Sentinel for direct
  reporting.
  > that you're mentioning how do I actually pull out all this user data to
  > compile as a report and what tool or language (MySQL, Lucene and etc)
  > should I use? and once I compile this report can I upload it to my
  I'd check the default, built-in reports first to see if there are any that
  report on identities in the system. If so, what you're after may be
  really easy. If not, you could build a report with iReport that queries
  the built-in PostgreSQL database (like other stock reports already can do
  out of the box, so maybe use them as templates if that helps, vs. the
  Lucene ones that will not be as helpful as templates) for the identities.
  I forget the table names now, but I believe they have identity in the
  name... something like usr_identity or similar.
  Good luck.
  If you find this post helpful and are logged into the web interface,
  show your appreciation and click on the star below...

• Sentinel 7/LM: events sub-queries, DB queries...

  Hi,
  Im using Sentinel 7 but I think that SLM works at the same way.
  I have an IDM workflow with tree forms: request, approval1 and
  approval2. I need show all the history based on my activities, ie:
  Activity0: requested by user1, date, request text;
  Activity1: approved by user2, date, approval text;
  Activity2: approved by user3, date, approval text.
  My query needs to be like:
  Code:
  SELECT
  msg as message
  WHERE
  evtgrpid: (SELECT evtgrpid WHERE (evt"User Message \: Activity") AND msg:requester*) OR (evt"User Message \: Activity1") AND msg:approver1*) OR (evt"User Message \: Activity2") AND msg:approver2*)
  GROUP BY msg
  But this not work. There is a way to do this?
  I need also to use two or more queries. As IDM logs only the CN and DN
  and I need to search by Full Name, EmployeeID and so on, Im thinking to
  develop a JDBC driver and extend the SIEM database schema, but first I
  will need to search the database to convert search fields in CN
  information (ie: Full Name in CN) and then use this result as parameter
  in a new search. Is that possible?
  I thought to create a final log action that summarizes everything but
  this brings me other problems with search and status (reports will not
  show running workflows).
  agorian
  agorian's Profile: http://forums.novell.com/member.php?userid=53023
  View this thread: http://forums.novell.com/showthread.php?t=452204

  Hi,
  >>> On 13.02.2012 at 15:46, agorian<[email protected]> wrote:
  > Hi,
  >
  > I’m using Sentinel 7 but I think that SLM works at the same way.
  >
  > I have an IDM workflow with tree forms: request, approval1 and
  > approval2. I need show all the history based on my activities, ie:
  >
  > Activity0: requested by user1, date, request text;
  > Activity1: approved by user2, date, approval text;
  > Activity2: approved by user3, date, approval text.
  >
  > My query needs to be like:
  >
  >
  > Code:
  > ‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑ ‑‑‑
  >
  > SELECT
  > msg as message
  > WHERE
  > evtgrpid: (SELECT evtgrpid WHERE (evt"User Message \: Activity") AND
  > msg:requester*) OR (evt"User Message \: Activity1") AND msg:approver1*)
  > OR (evt"User Message \: Activity2") AND msg:approver2*)
  > GROUP BY msg
  >
  > ‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑ ‑‑‑
  You can't do subselects in lucene style queries. BTW what are you trying to
  achieve with "GROUP BY msg"?
  >
  >
  > But this not work. There is a way to do this?
  Try adding a subreport to your detail band.
  >
  > I need also to use two or more queries. As IDM logs only the CN and DN
  > and I need to search by Full Name, EmployeeID and so on,
  Take a look at Identity Tracking in the Compliance Management Platform or
  IDM4 Advanced Edition. They provide such kind of information.
  Norbert
  > I’m thinking to
  > develop a JDBC driver and extend the SIEM database schema, but first I
  > will need to search the database to convert search fields in CN
  > information (ie: Full Name in CN) and then use this result as parameter
  > in a new search. Is that possible?
  >
  > I thought to create a final log action that summarizes everything but
  > this brings me other problems with search and status (reports will not
  > show running workflows).
  >

• Sentinel 7 - mid 2011 (SIEM and iReport, SDK)

  Hello,
  New to developing Crystal Reports, and iReport for that matter, but;
  how soon till 7?
  We need development of reports for SIEM, but kinda waiting until 7 so
  all dev is with iReport (hopefully)?
  Have been getting started with SDK and SLM setup, brings to mind the
  question, could iReport connect to SIEM SQL some how right now?
  Seems like needed are the iReport data connection definition Query
  Executer similar to -
  (com.novell.reports.jasper.data.event.LuceneEventQ ueryExecutorFactory)
  Along with what files to copy from the SIEM or SLM server like:
  activemqclientkeystore.jks, etc...
  My guess the upgrade to 7 will upgrade SQL tables and views anyway so
  any advanced development (if even possible) would be trashed.
  So, any insight into whats next? Thanks.
  jabrownzz
  jabrownzz's Profile: http://forums.novell.com/member.php?userid=79568
  View this thread: http://forums.novell.com/showthread.php?t=441628

  DCorlette;2121118 Wrote:
  > Sure, let me clarify...
  >
  > Sentinel 7 is targeted for a fall 2011 release - I'm not sure what the
  > exact date is (we're talking about things like re-branding and so forth
  > now that we've been acquired) but you should definitely have it by the
  > end of the year. You can also request access to the Beta, which might
  > help jumpstart your implementation.
  >
  > Sentinel 7 can be thought of as Sentinel Log Manager with a set of SIEM
  > services running on top of it. What this means for reporting is that the
  > bulk of your reports will work just like SLM reports - they will use
  > Lucene queries against file-based indexed data. You might occasionally
  > write a report against the Sentinel configuration, however, which will
  > be in Postgres a lot like it appears in Sentinel RD (or SLM, for that
  > matter, minus the identity/Asset/Vuln stuff).
  >
  > There are a couple advanced reporting modes, however, that allow you to
  > extract data subsets or summaries to the Postgres DB (or external data
  > warehouse) for more advanced reporting. In that case you'll be writing
  > SQL queries in your reports, but both are possible from iReport.
  >
  > In fact, our Sentinel 7 reports will work equally well on both Sentinel
  > 7 and SLM - the only difference really is that Sentinel 7 includes some
  > new fields in its schema, both net new fields and also the
  > Identity/Asset fields. The reports are set up to automatically detect
  > which platform they are running on and query for those fields, or not,
  > as the case may be.
  >
  > It should be safe for you to write your reports against SLM today, and
  > then do a couple simple steps to migrate them to Sentinel 7. At the same
  > time you can evaluate whether adding the new Sentinel 7 fields to the
  > query will be interesting or necessary for that report.
  >
  > Does this help?
  Hi,
  You mentioned that is possible to migrate report from SLM to Sentinel
  7, could you indicate which simple steps should I do to migrate
  reports?
  Regards
  edgargc
  edgargc's Profile: http://forums.novell.com/member.php?userid=115743
  View this thread: http://forums.novell.com/showthread.php?t=441628

• Bug while using string parameter values in postgresql query

  Hi,
  I have the following query for the postgresql database:
  Code:
  <queryString><![CDATA[SELECT
  evt_src_mgr_rpt_v."evt_src_mgr_name" AS esm_name,
  evt_src_collector_rpt_v."evt_src_collector_name" AS collector_name,
  evt_src_grp_rpt_v."evt_src_grp_name" AS grp_name,
  evt_src_grp_rpt_v."state_ind" AS state_ind,
  evt_src_rpt_v."evt_src_name" AS src_name,
  evt_src_rpt_v."date_modified" AS date_modified,
  evt_src_rpt_v."date_created" AS date_created,
  CASE WHEN $P{mysortfield} = 'evt_src_mgr_name' THEN evt_src_mgr_name
  WHEN $P{mysortfield} = 'evt_src_collector_name' THEN evt_src_collector_name
  WHEN $P{mysortfield} = 'evt_src_grp_name' THEN evt_src_grp_name
  ELSE evt_src_name END as sort
  FROM
  "evt_src_mgr_rpt_v" evt_src_mgr_rpt_v
  LEFT JOIN
  "evt_src_collector_rpt_v" evt_src_collector_rpt_v
  ON EVT_SRC_MGR_RPT_V."evt_src_mgr_id" = evt_src_collector_rpt_v."evt_src_mgr_id"
  LEFT JOIN
  "evt_src_grp_rpt_v" evt_src_grp_rpt_v
  ON evt_src_collector_rpt_v."evt_src_collector_id" = evt_src_grp_rpt_v."evt_src_collector_id"
  LEFT JOIN
  "evt_src_rpt_v" evt_src_rpt_v
  ON evt_src_grp_rpt_v."evt_src_grp_id" = evt_src_rpt_v."evt_src_grp_id"
  LEFT JOIN
  "evt_src_offset_rpt_v" evt_src_offset_rpt_v
  ON evt_src_rpt_v."evt_src_id" = evt_src_offset_rpt_v."evt_src_id"
  WHERE
  $P!{mysortfield} LIKE '$P!{searchvalue}' || '%']]></queryString>
  That is I try to select only the records where the field which is
  selected by user as report parameter ($P{mysortfield}) contains data
  starting with the text entered by user as a report parameter
  ($P{searchvalue}).
  When I try to run the report in iReport with active connection to the
  database the report is generated as expected.
  But when I try to run the report from Sentinel Log Manager I get the
  following error: "java.lang.String cannot be cast to
  net.sf.jasperreports.engine.JRValueParameter".
  After several detailed debug sessions I finally came into a conclusion
  that this error is related to the use of parameter values (
  $P!{mysortfield} and $P!{searchvalue} ).
  I even tried using the following WHERE clause (which emulates the
  queries as used in standart reports (especially at VendorProduct related
  SQL queries ) with no success:
  Code:
  WHERE
  ($P{mysortfield} = 'evt_src_mgr_name' AND evt_src_mgr_name LIKE ($P{searchvalue} || '%')) OR
  ($P{mysortfield} = 'evt_src_collector_name' AND evt_src_collector_name LIKE ($P{searchvalue} || '%')) OR
  ($P{mysortfield} = 'evt_src_grp_name' AND evt_src_grp_name LIKE ($P{searchvalue} || '%')) OR
  ($P{mysortfield} = 'evt_src_name' AND evt_src_name LIKE ($P{searchvalue} || '%'))
  Any suggestions?
  hkalyoncu
  hkalyoncu's Profile: http://forums.novell.com/member.php?userid=63527
  View this thread: http://forums.novell.com/showthread.php?t=450687

  bweiner12345;2167651 Wrote:
  > I'm not 100% sure the $P! (instead of just $P) is needed in that WHERE
  > portion of your SQL statement.
  >
  > What I would suggest doing is building the WHERE portion of your query
  > up again step by step. That is, instead of using any parameters in your
  > WHERE:
  >
  > $P!{mysortfield} LIKE '$P!{searchvalue}' || '%'
  >
  > ... take a step back and literally hard-code some values in there, such
  > as:
  >
  > evt_src_mgr_name LIKE '%' || '%'
  >
  > ... and run it on your box to make sure it works fine.
  >
  > If it works fine, start substituting the parameters one by one:
  >
  > $P{mysortfield} LIKE '%' || '%'
  >
  > .... test on the box.
  >
  > $P{mysortfield} LIKE '$P{searchvalue}' || '%'
  >
  > .... test on the box.
  >
  > It may be a little tedious, but at least you'll find out where the
  > problem is occurring... and may be quicker in the long run.
  >
  > (Note: In my above example steps I didn't use the ! in with the
  > parameters, as I don't think they are needed in the WHERE clause... but
  > I could be wrong... and by following the above step-by-step technique
  > should answer that for sure.)
  Thank you for the suggestions:
  While trying to implement your suggestions I realized that there was a
  error at the parameter name I used inside the where clause (it should be
  $P{searchfield}).
  Here are my results:
  Code:
  vt_src_mgr_name LIKE '%' || '%'
  worked as expected.
  Code:
  $P{searchfield} LIKE '%' || '%'
  produced PDF but wrong output.
  Code:
  $P!{searchfield} LIKE '%' || '%'
  resulted with the error "java.lang.String cannot be cast to
  net.sf.jasperreports.engine.JRValueParameter" and no PDF.
  Then I tried the following where clause which resulted in exactly as
  expected PDF:
  Code:
  WHERE
  ($P{searchfield} = 'evt_src_mgr_name' AND evt_src_mgr_name LIKE ($P{searchvalue} || '%')) OR
  ($P{searchfield} = 'evt_src_collector_name' AND evt_src_collector_name LIKE ($P{searchvalue} || '%')) OR
  ($P{searchfield} = 'evt_src_grp_name' AND evt_src_grp_name LIKE ($P{searchvalue} || '%')) OR
  ($P{searchfield} = 'evt_src_name' AND evt_src_name LIKE ($P{searchvalue} || '%'))
  As a summary:
  * The query which works in iRepord do not work in Sentinel Log
  Manager.
  * I found a workaround for my case.
  * I did not checked, but the reports provided in Sentinel RD which use
  the same technique for VendorProduct parameter (i.e. the reports with
  query string containing
  Code:
  LIKE ($P{VendorProduct} || '%')
  will most probably not work as expected IF Sentinel RD uses the same
  code as Sentinel Log Manager.
  hkalyoncu
  hkalyoncu's Profile: http://forums.novell.com/member.php?userid=63527
  View this thread: http://forums.novell.com/showthread.php?t=450687

• Bug SQL Dev 1.5.4 Build MAIN-5940 Exporting count(*) query results

  when trying to export query results containing an analytic count the export dialog fails to open:
  When running the following query
  select count(*) over (partition by dummy order by rownum) xx
    from dual;right clicking on the results grid and selecting export->xls (or any other format) fails to open the export dialog box.
  changing the asterisk (*) to another value e.g. 1 or dummy corrects this issue for this particular query as does changing the analytic fuction to an aggregate function.
  Edited by: Sentinel on Aug 12, 2009 11:05 AM

  I get the same error when exporting the same statement - however, there is a known problem with 1.5.4 and failing on exports of certain statements (see 1.5.3 - Export results to XLS ORA-00936 which talks about there still being problems in 1.5.4 although the thread is titled 1.5.3).
  theFurryOne

• XQuery performance vs. Lucene

  I'm trying to tune some databases for better query performance. I'm using the BDB XML Java API. The queries I'm trying to tune all return counts, i.e. count(...). Presently a query might take about 500ms to execute, but ideally it would take 50-100ms. I have indexes defined on all the elements/attributes I'm referencing in the queries, but still I can't get them to execute any faster. I was hoping to achieve the 50-100ms query time by comparing the execution time of Lucene queries on a similar dataset, i.e. I take the same set of data and then both index it with Lucene and also store it in BDB XML, then run equivalent queries in each. Lucene consistently can execute in the 50ms range, and BDB XML consistently 10x-20x slower.
  Is this just an inherit property of BDB XML? Should the btree indices in BDB execute in the same order of time as Lucene indices, or are my expectations too high? I realize this is highly dependent on the queries, but again BDB is using indexes in all its lookups, and the query can be expressed as an simple XPath.
  I have tweaked my BDB cache settings, but db_stat lists 99% cache hits, like this:
  31MB 256KB 740B Total cache size
  1 Number of caches
  31MB 264KB Pool individual cache size
  0 Maximum memory-mapped file size
  0 Maximum open file descriptors
  0 Maximum sequential buffer writes
  0 Sleep after writing maximum sequential buffers
  55 Requested pages mapped into the process' address space
  169M Requested pages found in the cache (99%)
  145924 Requested pages not found in the cache
  24572 Pages created in the cache
  145924 Pages read into the cache
  97563 Pages written from the cache to the backing file
  148863 Clean pages forced from the cache
  17646 Dirty pages forced from the cache
  0 Dirty pages written by trickle-sync thread
  3971 Current total page count
  3952 Current clean page count
  19 Current dirty page count
  4099 Number of hash buckets used for page location
  168M Total number of times hash chains searched for a page (168995875)
  6 The longest hash chain searched for a page
  274M Total number of hash chain entries checked for page (274808266)
  0 The number of hash bucket locks that required waiting (0%)
  0 The maximum number of times any hash bucket lock was waited for
  0 The number of region locks that required waiting (0%)
  170665 The number of page allocations
  334509 The number of hash buckets examined during allocations
  9 The maximum number of hash buckets examined for an allocation
  166509 The number of pages examined during allocations
  2 The max number of pages examined for an allocation
  Is there anything I'm missing, configuration-wise perhaps?

  Thanks for the info, John. Without changing the index definitions, changing the query to
  count(collection('sales.dbxml')//als:match-back-matches[@sale-month=200512 and @sale-model='Jetta'])
  with a query plan of
  n(V(node-attribute-equality-string,@sale-model,=,'Jetta'),V(node-attribute-equality-decimal,@sale-month,=,'200512'),P(node-element-presence-none,=,match-back-matches:http://autoleadservice.com/xml/als))
  seems to make the query consistently on the low-end of the previous query's speed, meaning around 3100ms for 11415 results.
  Changing the query to
  count(collection('sales.dbxml')//als:match-back-matches[@sale-month=200512][@sale-model='Jetta'])
  with a query plan of
  n(V(node-attribute-equality-decimal,@sale-month,=,'200512'),V(node-attribute-equality-string,@sale-model,=,'Jetta'),P(node-element-presence-none,=,match-back-matches:http://autoleadservice.com/xml/als))
  does not seem to make any difference in speed.
  Then I added the edge indices as you described, and for the same previous query the query plan becomes
  n(V(edge-attribute-equality-decimal,match-back-matches:http://autoleadservice.com/xml/als.@sale-month,=,'200512'),V(edge-attribute-equality-string,match-back-matches:http://autoleadservice.com/xml/als.@sale-model,=,'Jetta'))
  I saw this execute in as little as 2625ms... still 187x longer than Lucene.
  I appreciate how Lucene and BDB XML are quite different and the things pointed out in this thread have been very helpful. I only mean to compare them in this very simplified view of direct index lookups, and I wanted to know if it would be reasonable to expect BDB XML index lookups, for queries as similar as possible to a Lucene index query, could perform in the same order of time.
  For reference to the XML I'm using, I have a XML collection defined with 170,000-ish documents loaded that look similar to the XML below. The Lucene index I'm querying contains all all of the same 170,000 documents as well as some more data loaded bringing it's collection to about 195,000 documents.
  <als:match-back-matches xmlns:als="http://autoleadservice.com/xml/als" direct-sale="true"
  has-match="true" sale-area="18 " sale-date="2005-12-14-05:00" sale-day="20051214"
  sale-dealer="409460" sale-model="Jetta" sale-month="200512" sale-region="MAR"
  sale-year-month="2005-12-05:00" vin="XXX">
  <als:match lead-area="18 " lead-date="2005-12-12-05:00" lead-day="20051212"
  lead-dealer="409460" lead-id="196973" lead-model="Jetta" lead-month="200512"
  lead-region="MAR" lead-source="cobalt-vw" lead-unique-all="true" lead-unique-area="true"
  lead-unique-dealer="true" lead-unique-region="true" lead-year-month="2005-12-05:00"
  match-range="0-30" owner-address="1200 Main St." owner-alternate-phone="555-863-7264"
  owner-email="[email protected]" owner-first-name="rani" owner-last-name="adzarne"
  owner-phone="703-742-0900" owner-postal-code="10191"/>
  <als:match lead-area="18 " lead-date="2005-12-12-05:00" lead-day="20051212"
  lead-dealer="409460" lead-id="197007" lead-model="Jetta" lead-month="200512"
  lead-region="MAR" lead-source="vw.com" lead-unique-all="false" lead-unique-area="true"
  lead-unique-dealer="false" lead-unique-region="false" lead-year-month="2005-12-05:00"
  match-range="0-30" owner-address="1200 Main St." owner-email="[email protected]"
  owner-first-name="rani" owner-last-name="zarnegar" owner-postal-code="20191"/>
  </als:match-back-matches>
  <als:match-back-matches xmlns:als="http://autoleadservice.com/xml/als" direct-sale="true"
  has-match="true" sale-area="29 " sale-date="2005-12-29-05:00" sale-day="20051229"
  sale-dealer="425213" sale-model="Jetta" sale-month="200512" sale-region="SER"
  sale-year-month="2005-12-05:00" vin="YYY">
  <als:match lead-area="29 " lead-date="2005-12-14-05:00" lead-day="20051214"
  lead-dealer="425213" lead-id="199347" lead-model="Jetta" lead-month="200512"
  lead-region="SER" lead-source="edmunds" lead-unique-all="true" lead-unique-area="true"
  lead-unique-dealer="true" lead-unique-region="true" lead-year-month="2005-12-05:00"
  match-range="0-30" owner-email="[email protected]" owner-first-name="Monique"
  owner-last-name="single" owner-phone="555-495-8933" owner-postal-code="60130"/>
  </als:match-back-matches>
  and the indexes I have defined presently are:
  Default Index: node-element-presence-none
  Index: node-attribute-equality-boolean for node {}:captured-sale
  Index: node-attribute-equality-boolean for node {}:direct-sale
  Index: node-attribute-equality-boolean for node {}:has-match
  Index: node-attribute-equality-string for node {}:lead-area
  Index: node-attribute-equality-date for node {}:lead-date
  Index: node-attribute-equality-decimal for node {}:lead-day
  Index: node-attribute-equality-string for node {}:lead-dealer
  Index: edge-attribute-equality-decimal for node {}:lead-id
  Index: node-attribute-equality-string for node {}:lead-model
  Index: node-attribute-equality-decimal for node {}:lead-month
  Index: node-attribute-equality-string for node {}:lead-region
  Index: node-attribute-equality-string for node {}:lead-source
  Index: node-attribute-equality-yearMonth for node {}:lead-year-month
  Index: node-attribute-equality-string for node {}:match-range
  Index: unique-node-metadata-equality-string for node {http://www.sleepycat.com/2002/dbxml}:name
  Index: node-attribute-equality-string for node {}:sale-area
  Index: node-attribute-equality-date for node {}:sale-date
  Index: node-attribute-equality-decimal for node {}:sale-day
  Index: node-attribute-equality-string for node {}:sale-dealer
  Index: node-attribute-equality-string edge-attribute-equality-string for node {}:sale-model
  Index: node-attribute-equality-decimal edge-attribute-equality-decimal for node {}:sale-month
  Index: node-attribute-equality-string for node {}:sale-region
  Index: node-attribute-equality-yearMonth for node {}:sale-year-month
  Index: node-attribute-equality-string for node {}:vin

• Problems with Views based on a Hierarchical Query

  Datamodeler 3.1.3.706 (SQL Dev 3.2.10.09):
  When creating a view that utilizes a Hierarchical Query, the Query Builder encounters various difficulties:
  When pasting in SQL code, if the view is saved without first clicking the update diagram button, the object in the view entity relationship diagram provides a faithful representation of the view without errors, but when reopening the view, the code is missing.
  Simple Example using the classic emp table:
  SELECT level lev
        , emp.*
     FROM emp
    CONNECT BY prior empno = mgr
    START WITH mgr        IS NULLIf the update diagram button is pushed to refresh the graphical view. It mangles the connect by clause and the view gets marked with a warning/error icon in the relationship diagram, but the now mangled code remains available on reopening the query builder.
  Same code as above after clicking the Update Diagram button:
  SELECT Level lev
  , emp.*
     FROM emp
    CONNECT BYFurther issues are encountered if the query contains any of the CONNECT_BY_% hierarchical pseudo columns:
  SELECT level
        , emp.*
        , connect_by_root emp.ename root_ename
     FROM emp
    CONNECT BY prior empno = mgr
    START WITH mgr        IS NULL;In this case pasting in the code and clicking either the Update Diagram button or the OK button results in an "Unexpected Token" parsing error.
  These issues are encountered with both the Logical and Relational models.
  Is this a known issue? I've searched this forum but haven't found any references to it.
  Thanks,
  Sentinel

  Hi Sentinel,
  I logged a bug for that.
  You can try DM 3.3 it deals better with first problem, parsing of connect_by_root operator will pass if you don't use alias.
  Philip

• Lucene search and order by Date attribute

  Hello,
  We have a requirement where we have to search assets and sort assets via some date attribute (Article Publication Date) using Lucene Search. There is no issue in searching and displaying results in any order we want.
  Problem occurs when some assets don't have "Article Publication Date" value as it is optional and hence, we don't know how the sorting is decided of assets is decided when the output comes after lucene search? Can anyone suggest?
  Regards,
  Guddu

  user11268895 wrote:
  ... you are in an PL/SQL forum not in a mysql forum.
  if you want we can translate your query in a Oracle DB query...Well... MySql is an Oracle Database...
  to the op:
  If you want to order then you need an ORDER BY clause at the end of your statement.
  Instead of date_format you can use TO_DATE if dealing if strings. If it is a datatype date, then there is no need of a conversion.
  group by T.ARRIVAL_DATE, T.foreign_network_id
  order by t.arrival_date descyou could also group on the day or the month if that is what you want.
  day groups
  select trunc(T.ARRIVAL_DATE), ...
  group by trunc(T.ARRIVAL_DATE), T.foreign_network_id
  order by trunc(T.ARRIVAL_DATE) desc;
  month groups
  select trunc(T.ARRIVAL_DATE,'mm'), ...
  group by trunc(T.ARRIVAL_DATE,'mm'), T.foreign_network_id
  order by trunc(T.ARRIVAL_DATE,'mm') desc;
  boy groups
  select trunc(T.ARRIVAL_DATE,'boy'), ...
  group by trunc(T.ARRIVAL_DATE,'boy'), T.foreign_network_id
  order by trunc(T.ARRIVAL_DATE,'boy') desc;
  /* Ok, ignore the last one, I was just testing if you read until the end. */ Edited by: Sven W. on Aug 26, 2010 2:25 PM

• How does sentinel report calculate KPI?

  Dear Friends,
  I have a requirement about KPI, I ever achieved it through
  ArcSight, But I don`t know if Sentinel can achieve the need(now I am
  working in Novell) , ArcSight collect IPS events, Customer need a report
  to summary monthy security event score by priority, requirement is
  following, how does arcsight implement? at first, building a active list
  table included following information, then building a query, the query
  surpport to build variable and reference active list and the variable
  used query fields to calculate Score, Then building a Trend to invoke
  the query and schedule daily 2:00 exclude, report invoke the trend to
  implement monthly report KPI Score, How to implement it via Sentinel?
  Priority Desc NewPriority Weight Event Count(Monthly) Score
  Very High 0.004 50% 4000
  8.000000
  High 0.0005 20% 30000
  3.000000
  Medium 0.0001 15% 15000 0.225000
  Low 0.00005 10% 10000
  0.050000
  Very Low 0.000001 5% 10000
  0.000500
  KPI Value 88.72
  Security Health Good
  KPI Value = 100-SUM(Priority * Weight * Event Count)
  steve_zeng
  steve_zeng's Profile: https://forums.netiq.com/member.php?userid=3875
  View this thread: https://forums.netiq.com/showthread.php?t=46741

  Could you provide a few examples of the data going into this report?
  Also, could you explain the business case provided by this report and how
  it will help the organization? Often knowing the business case and how
  the data are used can help with the creation of the correct reports.
  Sentinel already comes with several reports of events by severity, and has
  the capability of acting in certain ways based on event data depending on
  if the affected system(s) are high priority (e.g. user-facing production
  website) or lower priority (e.g. development workstation) which may be
  what you are after.
  Good luck.

• 2011.1r1 SDK Can't Connect to Sentinel 7.1.0.1

  Hi
  When testing the connections in preference. The following error message
  will be generated.
  ====
  [java] Attempting query:
  [java] Authenticaton succeeded for admin
  [java] Setting credentials for admin
  [java] Done setting credentials for admin
  [java] 2013/10/11 下午 09:03:56
  esecurity.base.error.SentinelErrorCodes <clinit>
  [java] 資訊: There are 76 defined error codes.
  [java] 2013/10/11 下午 09:03:56
  com.novell.reports.jasper.data.event.ConnectionChe ck main
  [java] 嚴重的: Connection failed: No param
  searchTargets for method id = _startSearch_,name = startSearch
  [java] param=startTime, type=java.util.Date,
  value=nullparam=limit, type=long, value=1param=sortFields,
  type=java.util.List, value=nullparam=searchString, type=String,
  value=sev:[1 TO 1] MAXCOUNT=1param=corrEventId, type=String,
  value=nullparam=pageSize, type=integer, value=10000param=endTime,
  type=java.util.Date, value=nullparam=auditInfo,
  type=esecurity.base.datamodel.DataObject,
  value=IndexedLogSearchAuditInfo: JobType='REPORT'
  InitiatingUserName='admin'param=corrEventTime, type=java.util.Date,
  value=null
  [java] Java Result: 9
  ====
  I also try to download the .jar file from Sentinel Server
  /opt/novell/sentinel/lib/*.jar to
  ../current/sdk/build/lib/connections/sentinel. However, the different
  error occur.
  ===
  [echo] Performing connection test...please wait...
  [echo] (This test will take approximately 1 minute... But may
  take up to 5 minutes if the test fails with a connection timeout.)
  [java] Java Result: 1
  [echo] Exception in thread "main"
  java.lang.UnsupportedClassVersionError:
  com/novell/reports/jasper/data/event/ConnectionCheck : Unsupported
  major.minor version 51.0
  [echo] at java.lang.ClassLoader.defineClass1(Native Method)
  [echo] at
  java.lang.ClassLoader.defineClassCond(ClassLoader. java:631)
  [echo] at
  java.lang.ClassLoader.defineClass(ClassLoader.java :615)
  [echo] at
  java.security.SecureClassLoader.defineClass(Secure ClassLoader.java:141)
  [echo] at
  java.net.URLClassLoader.defineClass(URLClassLoader .java:283)
  [echo] at
  java.net.URLClassLoader.access$000(URLClassLoader. java:58)
  [echo] at
  java.net.URLClassLoader$1.run(URLClassLoader.java: 197)
  [echo] at java.security.AccessController.doPrivileged(Native
  Method)
  [echo] at
  java.net.URLClassLoader.findClass(URLClassLoader.j ava:190)
  [echo] at
  java.lang.ClassLoader.loadClass(ClassLoader.java:3 06)
  [echo] at
  sun.misc.Launcher$AppClassLoader.loadClass(Launche r.java:301)
  [echo] at
  java.lang.ClassLoader.loadClass(ClassLoader.java:2 47)
  [echo] ERROR: Unable to successfully create a connection to
  172.16.6.33. Return code: 1
  ===
  Regards,
  Steven
  steven_cjhsiao
  steven_cjhsiao's Profile: https://forums.netiq.com/member.php?userid=544
  View this thread: https://forums.netiq.com/showthread.php?t=48934

  steven_cjhsiao;235369 Wrote:
  > Hi
  >
  > This issue seem not using a newer version of iReport or Eclipse can be
  > solved. I had install Eclipse 4.3.1 , iReport 5.1.0 and Sentinel SDK
  > 2011.1r1. The error message is the same.
  >
  > [echo] java.lang.UnsupportedClassVersionError:
  > com/novell/reports/jasper/data/event/ConnectionCheck : Unsupported
  > major.minor version 51.0
  >
  > The current Sentinel SDK 2011.1r1 only support in JDK 6, however the jar
  > files for Sentinel 7.1 connection are based on JDK 7.
  >
  > The Sentinel SDK 2011.1r1 should upgrade to JDK 7 first, then we can
  > connect to Sentinel 7.1.
  >
  > Regards,
  > Steven
  We're planning an update in the foreseeable future, but at this point
  we're early enough in the process I can't give out any specifics just
  yet. In the meantime, and barring oracle magically fixing another
  underlying security issue in Java that impacts our functionality, we've
  discovered the following workarounds for people trying to do reports:
  1) First, the main issue that we're seeing has to do with how Java
  handles encryption. There's an underlying change that has impacted the
  SSH library we use, and is causing it to have a prompt in the middle of
  what is supposed to be a fully-automated process. The good news is,
  this was partially fixed in ant/Eclipse. So...
  2) Manually deploying the plug-in into the latest Eclipse (Kepler 4.3)
  seems to cause this problem to be bypassed entirely. Also, you need to
  ensure that you are selecting 7.0.x in the drop-down, and selecting
  Advanced/Copy Libraries when you create the connection.
  3) Do NOT edit a connection to fix a broken one - apparently we have
  another minor bug dealing with jars not being cleaned out, and if
  you've created a connection with an older set of jars, this seems to
  cause a conflict. If you really, really want to edit for convenience
  sake, go into %userprofile%\.netiq\pluginsdk\connections and empty the
  jars out of that connection's folder before editing it. I do not
  promise that fixes it, but we've had lots of reports that simply
  creating fresh solves the problem.
  4) Another change that was made in 7.1.0.1 that we will be accounting
  for....the default 'dbauser' that we have in the UI will be changed to
  'rptuser'. 'dbauser' is now more strongly secured, and is no longer a
  good choice for this process. 'rptuser' is designed for this purpose.
  I'll try to keep people updated with more details as we have them, if
  this doesn't solve the problem or you run into additional issues, let me
  know, and if we can't solve them here, we'll try to help you out
  offline.
  Thanks,
  Brandon
  brandon.langley
  brandon.langley's Profile: https://forums.netiq.com/member.php?userid=350
  View this thread: https://forums.netiq.com/showthread.php?t=48934

• Lucene import statements not working

  I'm new to Tomcat, Lucene, and JSP, so bare with me...
  I just installed all three and Tomcat and JSP are working and Lucene is working. Now I'm trying to get them working together but I don't know where my issue is. I have a sample page I found and it's not working and giving me the following error messages...
  org.apache.jasper.JasperException: Unable to compile class for JSP:
  An error occurred at line: 6 in the generated java file
  Only a type can be imported. com.knowledgebooks.servlet.StartupWorkServlet resolves to a package
  An error occurred at line: 7 in the generated java file
  Only a type can be imported. org.apache.lucene.document.Document resolves to a package
  An error occurred at line: 8 in the generated java file
  Only a type can be imported. org.apache.lucene.search.Searcher resolves to a package
  An error occurred at line: 9 in the generated java file
  Only a type can be imported. org.apache.lucene.search.IndexSearcher resolves to a package
  An error occurred at line: 10 in the generated java file
  Only a type can be imported. org.apache.lucene.analysis.Analyzer resolves to a package
  An error occurred at line: 11 in the generated java file
  Only a type can be imported. org.apache.lucene.analysis.standard.StandardAnalyzer resolves to a package
  An error occurred at line: 14 in the generated java file
  Only a type can be imported. org.apache.lucene.search.Query resolves to a package
  An error occurred at line: 15 in the generated java file
  Only a type can be imported. org.apache.lucene.queryParser.QueryParser resolves to a package
  An error occurred at line: 16 in the generated java file
  Only a type can be imported. org.apache.lucene.search.Hits resolves to a package
  An error occurred at line: 17 in the generated java file
  Only a type can be imported. com.knowledgebooks.API resolves to a packageI'm not even sure where to begin looking. Does anyone have any idea?
  Thanks in advance!

  can you provide me your jsp code? so i can look into and advice you.