在ksql中使用“groupby”时如何获取分区键或其他列?

i1icjdpr  于 2021-06-06  发布在  Kafka
关注(0)|答案(4)|浏览(347)

基本上,当我使用 group by 我的查询中的表达式。
从主题创建流

CREATE STREAM events_stream \
      ( \
     account VARCHAR, \
     event_id VARCHAR, \
     user_name VARCHAR, \
     event_name VARCHAR, \
     source VARCHAR, \
     message VARCHAR, \
     timestamp STRUCT<iMillis INTEGER>) \
    WITH (KAFKA_TOPIC='console_failure', VALUE_FORMAT='JSON');

从上面的流创建表。

ksql> CREATE TABLE events_table AS \
      SELECT source, count(*) \
      FROM events_stream \
      WINDOW TUMBLING (SIZE 60 SECONDS) \
      WHERE account = '1111111111' \
                  GROUP BY source \
                  HAVING count(*) > 3;

生成此消息4次。

ip="10.10.10.10"

data = {
        "account": "1111111111",
        "event_id": "4cdabe46-690d-494a-a37e-6e455781d8b4",
        "user_name": "shakeel",
        "event_name": "some_event",
        "source": "127.0.0.1",
        "message": "message related to event",
        "timestamp": {
            "iMillis": 1547543309000
             }
        }

producer.send('console_failure', key='event_json', value=dict(data)

这和预期的一样!但是如何获得匹配结果的其他字段(例如:用户名、消息等)?

ksql> select * from events_table;
1550495772262 | 10.10.10.10 : Window{start=1550495760000 end=-} | 10.10.10.10 | 4
ksql>

使用后我明白可能是我们无法得到其他列时使用 group by 声明。

ksql> CREATE TABLE events_table1 AS \
>      SELECT source, event_id, \
>               count(*) \
>     FROM events_stream \
>     WINDOW TUMBLING (SIZE 60 SECONDS) \
>      WHERE account = '1111111111' \
>                  GROUP BY source \
>                  HAVING count(*) > 3;
Group by elements should match the SELECT expressions.
ksql>

我们可以通过对流重新设置密钥来实现这一点吗?
读完这篇文章后,我试着用 event_id 字段,但不确定如何在 group by 声明。
下面是我尝试使用rekey时得到的错误。

ksql> CREATE STREAM events_stream_rekey AS SELECT * FROM events_stream PARTITION BY event_id;

 Message
----------------------------
 Stream created and running
----------------------------
ksql>
ksql> SELECT ROWKEY, EVENT_ID FROM events_stream_rekey;
4cdabe46-690d-494a-a37e-6e455781d8b4 | 4cdabe46-690d-494a-a37e-6e455781d8b4
ksql>

ksql> CREATE TABLE  events_table2 AS \
>      SELECT source, \
>               count(*), \
>     WITH (KAFKA_TOPIC='EVENTS_STREAM_REKEY', VALUE_FORMAT='JSON', KEY='event_id'),
>     WINDOW TUMBLING (SIZE 60 SECONDS) \
>      WHERE account = '1111111111' \
>                  GROUP BY source \
>                  HAVING count(*) > 3;
line 1:70: extraneous input 'WITH' expecting {'(', 'NOT', 'NO', 'NULL', 'TRUE', 'FALSE', 'INTEGER', 'DATE', 'TIME', 'TIMESTAMP', 'INTERVAL', 'YEAR', 'MONTH', 'DAY', 'HOUR', 'MINUTE', 'SECOND', 'ZONE', 'CASE', 'PARTITION', 'STRUCT', 'REPLACE', 'EXPLAIN', 'ANALYZE', 'FORMAT', 'TYPE', 'TEXT', 'CAST', 'SHOW', 'TABLES', 'SCHEMAS', 'COLUMNS', 'COLUMN', 'PARTITIONS', 'FUNCTIONS', 'FUNCTION', 'ARRAY', 'MAP', 'SET', 'RESET', 'SESSION', 'DATA', 'IF', '+', '-', '*', STRING, BINARY_LITERAL, INTEGER_VALUE, DECIMAL_VALUE, IDENTIFIER, DIGIT_IDENTIFIER, QUOTED_IDENTIFIER, BACKQUOTED_IDENTIFIER}

ksql版本details:cli v5.1.0,服务器v5.1.0

apache-kafkakafka-consumer-apiksqldb

4条答案

按热度按时间
gv8xihay

gv8xihay1#

除了罗宾的回答,这个错误:

line 1:70: extraneous input 'WITH' expecting {'(', 'NOT', 'NO', 'NULL', 'TRUE', 'FALSE', 'INTEGER', 'DATE', 'TIME', 'TIMESTAMP', 'INTERVAL', 'YEAR', 'MONTH', 'DAY', 'HOUR', 'MINUTE', 'SECOND', 'ZONE', 'CASE', 'PARTITION', 'STRUCT', 'REPLACE', 'EXPLAIN', 'ANALYZE', 'FORMAT', 'TYPE', 'TEXT', 'CAST', 'SHOW', 'TABLES', 'SCHEMAS', 'COLUMNS', 'COLUMN', 'PARTITIONS', 'FUNCTIONS', 'FUNCTION', 'ARRAY', 'MAP', 'SET', 'RESET', 'SESSION', 'DATA', 'IF', '+', '-', '*', STRING, BINARY_LITERAL, INTEGER_VALUE, DECIMAL_VALUE, IDENTIFIER, DIGIT_IDENTIFIER, QUOTED_IDENTIFIER, BACKQUOTED_IDENTIFIER}

是指你的with子句放错了地方。正确的模式是:

CREATE TABLE <table name> WITH(...) AS SELECT ...

你会说:

ksql> CREATE TABLE events_table2
>     WITH (KAFKA_TOPIC='EVENTS_STREAM_REKEY', VALUE_FORMAT='JSON', KEY='event_id'),
>     AS
>     SELECT source, count(*),
>     WINDOW TUMBLING (SIZE 60 SECONDS)
>      WHERE account = '1111111111'
>                  GROUP BY source
>                  HAVING count(*) > 3;
赞(0)分享  回复(0)举报  2021-06-07
xa9qqrwz

xa9qqrwz2#

------复制步骤

赞(0)分享  回复(0)举报  2021-06-07
qc6wkl3g

qc6wkl3g3#

制作人script:this script 将在30秒内生成4条消息。

import time
import uuid
from kafka import KafkaProducer
from json import dumps

producer = KafkaProducer(bootstrap_servers=['localhost:9092'],
                         value_serializer=lambda x:
                         dumps(x).encode('utf-8'))

for i in range(1, 5):
    time.sleep(1)
    data = {
        "account": "1111111111",
        "event_id": str(uuid.uuid4()),
        "user_name": "user_{0}".format(i),
        "event_name": "event_{0}".format(i),
        "source": "10.0.9.1",
        "message": "message related to event {0}".format(i),
        "timestamp": {
            "iMillis": int(round(time.time() * 1000))
        }
    }
    time.sleep(2)
    producer.send('testing_topic', value=data)

使用来自测试主题的消息时(使用普通使用者脚本)。

{'account': '1111111111', 'event_id': 'c186ba8a-2402-428a-a5d8-c5b8279e14af', 'user_name': 'user_1', 'event_name': 'event_1', 'source': '10.0.9.1', 'message': 'message related to event 1', 'timestamp': {'iMillis': 1551296878444}}
{'account': '1111111111', 'event_id': '4c45bff7-eb40-48a8-9972-301ad24af9ca', 'user_name': 'user_2', 'event_name': 'event_2', 'source': '10.0.9.1', 'message': 'message related to event 2', 'timestamp': {'iMillis': 1551296881465}}
{'account': '1111111111', 'event_id': '4ee14303-e6d1-4847-ae3d-22b49b3ce6eb', 'user_name': 'user_3', 'event_name': 'event_3', 'source': '10.0.9.1', 'message': 'message related to event 3', 'timestamp': {'iMillis': 1551296884469}}
{'account': '1111111111', 'event_id': '3c196ac5-9559-4269-bf51-95b78ce4ffcb', 'user_name': 'user_4', 'event_name': 'event_4', 'source': '10.0.9.1', 'message': 'message related to event 4', 'timestamp': {'iMillis': 1551296887472}}

预期结果:如果消息包含相同的 source 在窗口时间的30秒内为相同的 account 然后我想立即得到下一条完整的消息(在我的例子中是第四条消息,如下所示)。这可以用ksql实现吗?

{'account': '1111111111', 'event_id': '3c196ac5-9559-4269-bf51-95b78ce4ffcb', 'user_name': 'user_4', 'event_name': 'event_4', 'source': '10.0.9.1', 'message': 'message related to event 4', 'timestamp': {'iMillis': 1551296887472}}
赞(0)分享  回复(0)举报  2021-06-07
bfrts1fy

bfrts1fy4#

消息本身实际上告诉您问题所在:)
group by元素应与select表达式匹配。
所以在这里,你有 source 两者都有 SELECT 以及 GROUP BY :

ksql> SELECT source, count(*) \
>      FROM events_stream \
>      WINDOW TUMBLING (SIZE 60 SECONDS) \
>      WHERE account = '1111111111' \
>                  GROUP BY source \
>                  HAVING count(*) > 3;
127.0.0.1 | 4
^CQuery terminated

要添加其他列,请确保将它们添加到 SELECT 也:

ksql> SELECT source, event_id, count(*) \
>      FROM events_stream \
>      WINDOW TUMBLING (SIZE 60 SECONDS) \
>      WHERE account = '1111111111' \
>                  GROUP BY source, event_id \
>                  HAVING count(*) > 3;
127.0.0.1 | 4cdabe46-690d-494a-a37e-6e455781d8b4 | 4

编辑以回答更新的问题:
我不认为用sql(或ksql)可以[轻松地]做到这一点。您可以通过在聚合操作中包含时间戳来实现类似的功能,例如:

CREATE TABLE source_alert AS \
SELECT source, COUNT(*), MAX(timestamp) \
FROM event_stream WINDOW TUMBLING (SIZE 60 SECONDS) \
GROUP BY `source` \
HAVING COUNT(*)>1

然后获取结果表并连接到事件流:

SELECT * \
 FROM event_stream e \
      INNER JOIN \
      source_alert a ON e.source=a.source \
WHERE e.timestamp=a.timestamp

我没试过,但原则上,它可能会让你达到你想要的目的。

赞(0)分享  回复(0)举报  2021-06-07
我来回答

相关问题

    查看更多

    热门标签

    更多
    JavaquerypythonNode开发语言requestUtil数据库Table后端算法LoggerMessageElementParser

    最新问答

    更多
    • 蜀ICP备2022004421号-2 NULL123 https://www.null123.com © All rights reserved
    • 本站内容来源互联网,如果侵犯您的权益请联系我们删除, 联系方式:448109455@qq.com