Details
-
Type: Bug
-
Status: Open
-
Priority: Major
-
Resolution: Unresolved
-
Affects Version/s: 1.0.0
-
Fix Version/s: None
-
Component/s: Examples
-
Labels:None
-
Environment:5.2 VM
Description
The Spark job emits records that users would have to scroll through horizontally and note that the timestamps are within 300,000 of one another.
Joey's suggested analytic provides a more digestible set of results.
SELECT ip, SUM(numCorrelations) AS numCorrelations FROM
(SELECT event.ip AS ip, size(correlated) AS numCorrelations
FROM correlated_events) correlated_counts
GROUP BY ip
SORT BY numCorrelations DESC
LIMIT 10;