Once you start writing more complex ESA rules, it is useful to be able to see what values are being stored in named windows. Lee Kirkpatrick posted the following recently which will hopefully help a few people out.
All the following is done on an ESA.
Run the following command to open the esa-client:
When run, the following prompt will be displayed:
How many and what values exist in my window(s)?
Let’s say, for example, I created the following window in EPL:
CREATE WINDOW ActiveUsers.win:time(1 hour) (user_dst string);
INSERT INTO ActiveUsers
SELECT user_dst FROM Event(user_dst IS NOT NULL);
And wanted to know how many values are stored in the window, I can perform the following from the esa-client:
localhost:com.rsa.netwitness.esa:/CEP/Engine/windows>jmx-invoke getWindowSize --param ActiveUsers
If I wanted to see what these 2 values were, I could run the following:
localhost:com.rsa.netwitness.esa:/CEP/Engine/windows>jmx-invoke query --param "SELECT * FROM ActiveUsers"