read stochastic -source 'srch_cluster'
Simulate a cluster of search engine hosts. This source is similar to read -source 'cdn', but with defaults that simulate multiple hosts undergoing a denial-of-service attack.`
read stochastic -source 'srch_cluster' source-params read-params
Source parameters
| Parameter | Description | Required? |
|---|---|---|
-every |
Historic points are downsampled at the specified interval See Time notation in Juttle for syntax information. |
No; default is the same as -max_samples |
-max_samples |
Historic points are downsampled at an interval calculated so that there are no more than int intervals | No; default is 1000 |
-nhosts |
The number of hosts to simulate | No; the default is 5 |
-pops |
A list of Point of Presence (PoP) names to use with -nhosts Host names are generated by assigning numbers to PoPs in a round-robin fashion, such as pop1.1, pop2.2, pop1.3, pop1.4, and so on. |
No |
-host_names |
A list of host names to use, in which case -nhosts is ignored and the number of hosts equals the number of specified host names | No; when -nhosts is more than 1, and -host_names is omitted, then host names are randomly generated. |
-service_names |
A list of service names to use, including one or more of the following:
|
No; the default is all three service names |
-host_capacities |
The relative capacities of hosts Daily CDN demand are divided among them by these proportions. |
No |
-daily |
The scale factor for daily demand wave A value of n will max out n hosts during peak hours. |
No |
-dos |
The scale of DOS demand load on a host, between 0 and 1. A value of 1 will max out any host it hits. | No; the default is 0.7 |
-dos_dur |
The average time that an attack spends on a host before moving to another host Simulation times increase with this number; keep it to seconds or small minutes. |
No; defaults to 15 seconds |
-dos_id |
The customer ID of the DOS attacker | No; default is 13 |
-dos_router |
The method for selecting the next host for the DOS demand. Roundrobin cycles through the host list, each for dos_dur seconds. markov is more interesting. | No |
-errp |
The syslog error percentage at peak demand | No; defaults to 0.02 |
-lpm |
The average number of syslog lines per minute per host | No; defaults to 60 |
-debug |
"1" to emit additional points with behind-the-scenes information | No |
Read parameters
| Parameter | Description | Required? |
|---|---|---|
-from |
Stream points whose time stamps are greater than or equal to the specified moment See Time notation in Juttle for syntax information. |
Required only if -to is not present; defaults to :now: |
-to |
Stream points whose time stamps are less than the specified moment, which is less than or equal to :now: See Time notation in Juttle for syntax information. :information_source: |
Required if -from is not present; defaults to :now: |
-last |
Given a duration, shorthand for -from (:now: - duration) -to :now: |
No |
filter-expression |
A field comparison, where multiple terms are joined with AND, OR, or NOT See Filtering for additional details. |
No |
Example: Compare response times from the last two minutes to live streaming response times
// Get data from 2 minutes ago and ingest live data and et response_ms metrics from our search demo data
read stochastic -source 'srch_cluster' -from :2 minutes ago: name ='response_ms'
| batch :2 seconds: // Group into 2 second intervals
| reduce p90 = percentile('value', .9) by service // Calculate p90 response time
| view timechart
-valueField 'p90' // Plot data on a chart
-keyField 'service' // Every service should be a line on the chart
-title 'Response time (ms) by Service'