welch

Bit-O-Data

Data for use in juttle examples. These are JSON arrays of points, and you get them into your juttle by sourcing their "raw" URL, eg,

source "https://gist.githubusercontent.com/welch/85872ad486a56eb9556a/raw/984b1504f7036ff548d59b2a7cb500109779869f/events.json"

welch

[
    {
        "time": "2015-07-15T23:07:12.000Z",
        "value": 0,
        "source_type": "metric",
        "name": "gauges.import.queued",
        "host_id": "172dcec1-7238-4be6-9322-5d36599f1cbc",
        "rocket_id": "4e7cf4d7-d4ec-4813-a083-c7b2a724ca5f",
        "hostname": "jut-10-0-3-231",
        "source": "collector-http",

welch

[
    {
        "time": "2015-08-03T23:20:13.000Z",
        "value": 1545,
        "source_type": "metric",
        "name": "counters.import.success",
        "import_type": "metric",
        "import_space": "jut_internal",
        "hostname": "ip-172-31-9-54",
        "source": "service-data",

welch

reducer normal(mean, sigma) {
    // return a Box-Muller approximate normal with given mean and stddev.
    // this is written as a custom "reducer" because Box-Muller values come
    // in pairs, and we want to save one for next time. 
    // 
    var leftover = null;
    function update() {}
    function result() {
        if (leftover != null) { 
            var result = mean + sigma * leftover; 

welch

WTF?

The basic set, fed a steady stream of two groups; A group

Juttle

emit -from Date.new(0) -limit 10
| put T = Duration.seconds(time - Date.new(0))
| ( put name = "A" ; put name = "B", T = -T)

| (

welch

// stats demos: statistics 101 for juttle data flows
//
// Each of the stream standardization approaches offered in stats is
// appropriate in a different setting. The demos here show some good
// and some bad choices.
//
import "stats.juttle" as stats;

// cpuZ: visualize z-scores for a cpu metric.
//

welch

// stdlib.random demos:
//
import "random.juttle" as random;

export sub poissonHisto() {
    // render draws from 3 poisson distributions as a scatter chart.
    // see https://en.wikipedia.org/wiki/Poisson_distribution
    emit -limit 10000 -from 0
        | put lambda_1=random.poisson(1), lambda_4=random.poisson(4), lambda_10=random.poisson(10)
        | split lambda_1, lambda_4, lambda_10

welch

// example of ingesting multiple metrics at a regular 20s pulse from
// collectd (timestamps are aligned across streams, simulated here),
// and merging them onto a single point so relative percentages can be computed.
//
// Useful patterns in add_streams:
//   put *name = value applied to points having {name=foo, value=bar} layout,
//     gives the values unique names in preparation for joining
//   use of single-stream join to combine a variable number of input streams
//   reduce -groupby by, which is the same as reduce by, but is convenient inside a sub.
//   reduce time=first(time) gives reducer results same timestamp as their inputs

welch

[
    {"time":"2016-01-01T00:00:00.000Z", "cust_id":1, "email":"lou@grainger.com"},
    {"time":"2016-01-01T00:00:02.000Z", "cust_id":2, "email":"bubba@nytimes.com"},
    {"time":"2016-01-01T00:00:03.000Z", "cust_id":3, "email":"sam@hotmail.com"}
]

welch

// Alerting with context:
//
// This example shows how to annotate an alert event with recent lines from
// a logging stream, to give context for the alert. This is accomplished with
// a custom reducer that tails the log stream, and a join of the current tail
// against each alert event as it occurs. 
//
// The log-tailing stream is joined using the -table option, which means the
// join will fire only when the alert stream gets a new point, but not fire
// when the log stream gets new points.