July 02, 2017 / by jburks / In release-notes /

Release Note — v6.7.0

  • Entire Subject Line Customizable — The modules triggered by _raise can have their own subject line if defined in the message template.

  • Error codes updated - added to all executing methods — Debugging and error codes added to every executing methods.

  • Labels on aggregations — The result set of aggregation can be used as set which can be forwarded to the data stack, this enables the user to run multiple _fetch functions and label them for further aggregation.

Add context to your data via labels
_Use of #Labels in the _fetch query directive
  • Statistical aggregation in _fetchmin, max, avg, stats available using the stat_unique functionality has been a part of the _agg query directive, now is also available directly at the group aggregator within the _fetch query function.
retrieve unique sting values
_Sample of stat_unique_stats within the _fetch query directive
  • Time comparison with _checkif — Ability to compare date and time using _checkif was available added functionality to compare just time with datetime fields.
compare date time values
_Sample shows a _checkif function used against the $CNAMTime field
  • Mathematical Expression using _field — Ability to compute a complex mathematical functions using the _field query directive now enables DNIF to process analytical functions in real-time.
define custom calculations
_Sample shows a _field query directive using the expr function
  • Usage statistics available in metrics store — The values of the logs processed it now added to Adapter (AD) data for more deep dive on data usage.

Bug fixes
  • Device list on the Adapter (AD) is not populated after docker instance start up — When the docker instance for the AD is run for the first time or it has been restarted, the saved devices should be populated in the configuration. Previously this list was updated every 6 hours with process execution, now that process refresh has been reduced to 1 sec.

  • Notif email service does not start by default — The configuration in supervisor for notif-email was not configured to start by default. It has been changed to start by default.

  • Memory not locked by Elasticsearch — Elasticsearch to function needs to lock the memory which has been allotted to it in the configuration. This was not happening due to the configurations within the docker container. It has been resolved by adding additional parameters that needs to be setup while running the docker instance.

  • Error in the parser when a substitution value not available — There are set of keys to be substituted for each encountered value, when a key does not exist it would raise an error killing the service. Default key has been added when such conditions happen safeguarding the service.

  • Simultaneously updating the correlator (CR) queue — The queue object may be updated by various processes and because it is a file based operation there was a possibility of encountering a concurrency issue.

  • AEReporter breaks - needs restart — On start the process tries to communicate with Datastore (DS) API, usually on first run there can be incidents where it would not be able to connect due to which it terminates and had to restarted manually, this has now been fixed.

  • Default memory limit for Elasticsearch to be preset at startup — Predefined memory limit for Elasticsearch was not able to set which was occasionally causing a momentary stale state has now been solved.

Photo Credit
Nicola Jones