Examples: Correlation MAPPING
For example you have SIP CALLS and all SIP messages has been stored in the table hep_proto_1_call
For this protocol HEP: 1 , Profile: Call, you can make an additonal correlation MAPPING:
Click EDIT and in the MAPPING you can add your custom logic.
I.e. you would like to correlate SIP traffic to your LOG: we take callid from JSON body of hep_proto_1_call and do lookup to HEP: 100 (logs), profile: default in destination field: sid, in the timerange (original) from+=-300, to+=200
the SQL query will look like : select * from hep_proto_100_default where sid = 'CALLID';
[
{
"source_field": "data_header.callid",
"lookup_id": 100,
"lookup_profile": "default",
"lookup_field": "sid",
"lookup_range": [
-300,
200
]
}
]
here is example how to do correlation to another protocol: RTCP JSON, HEP: 5, desination SID can be any header from your JSON body.
[
{
"source_field": "data_header.callid",
"lookup_id": 5,
"lookup_profile": "default",
"lookup_field": "sid",
"lookup_range": [
-300,
200
]
}
]
and of coruse you can combine the mappings:
[
{
"source_field": "data_header.callid",
"lookup_id": 100,
"lookup_profile": "default",
"lookup_field": "sid",
"lookup_range": [
-300,
200
]
},
{
"source_field": "data_header.callid",
"lookup_id": 5,
"lookup_profile": "default",
"lookup_field": "sid",
"lookup_range": [
-300,
200
]
}
]
Correlation requests can be emitted to entities through the HEP pub-sub API, and dispatched by type. The following example will emit a data request to any entity providing cdr capabilities using the source_field specified in the mapping configuration:
{
source_field: 'data_header.callid',
lookup_id: 0,
lookup_type: "pubsub",
lookup_profile: 'cdr',
lookup_field: '{"data":$source_field,"fromts":$fromts,"tots":$tots}',
lookup_range: [-300, 200],
}