School project - Analysis of Intranet appliaction traffic

Hey!

Every GET/POST request to the university intranet is tracked and saved to a
table that contains following information:

  • UserId
  • Date
  • IPAddress
  • TargetUrl
  • BrowserInfo (headers)
  • ResponseTime (in miliseconds)

This is database is running on another server and I need to replicate the
data on another server.

I would like to persist the data and then perform some statistical analysis
and display alerts when something seems wrong. For example:

  • User is usually connecting from IP in CZ but now he logged from China
  • There is 50% more requests from this user compared to an average user.
  1. Is this something that I should be able to achieve with logstash /
    elasticsearch?
  2. What approach would you suggest to get data from external oracle
    database to logstash?
  3. Does Elastic search support such queries or does it expose some API so
    it's possible to build alerting engine on top of it?

Thanks a lot in advance!

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/0ffd37ab-3a72-4bbc-8c25-fd65e0e59384%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Your examples seem to be more from the Complex Event Processing
domain: http://en.wikipedia.org/wiki/Complex_event_processing

Regards,
Alex.
Personal: http://www.outerthoughts.com/ and @arafalov
Solr resources and newsletter: http://www.solr-start.com/ and @solrstart
Solr popularizers community: https://www.linkedin.com/groups?gid=6713853

On 15 October 2014 04:38, Vojtěch Bašta vojtech@nabastu.cz wrote:

Hey!

Every GET/POST request to the university intranet is tracked and saved to a
table that contains following information:

  • UserId
  • Date
  • IPAddress
  • TargetUrl
  • BrowserInfo (headers)
  • ResponseTime (in miliseconds)

This is database is running on another server and I need to replicate the
data on another server.

I would like to persist the data and then perform some statistical analysis
and display alerts when something seems wrong. For example:

  • User is usually connecting from IP in CZ but now he logged from China
  • There is 50% more requests from this user compared to an average user.
  1. Is this something that I should be able to achieve with logstash /
    elasticsearch?
  2. What approach would you suggest to get data from external oracle database
    to logstash?
  3. Does Elastic search support such queries or does it expose some API so
    it's possible to build alerting engine on top of it?

Thanks a lot in advance!

--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/0ffd37ab-3a72-4bbc-8c25-fd65e0e59384%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/CAEFAe-HoXGENNJG8G3FnEK_vhZQncooB1qQzPvXjgCD9DmaQJQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.