nxlog.conf
The above link is to a copy of my nxlog.conf. I couldn't find any documentation about how to use multiple blocks within a querylist block, but based on the name I assumed that I would be able to do this. My ELK server is receiving ALL events right now, not any of the filtered ones. I wanted to just use one query block but it is limited to 10 select entries. I can't find any examples of people using more than like 3 select entries. Has anyone had any luck with more advance nxlog.conf's? Any help would be appreciated.
Not sure what the issue with the query xml is. If there is a limitation on the number of select entries, that's coming from the Windows Eventlog API so that cannot be helped.
On the other hand you can use nxlog's native filtering using drop():
Query <QueryList>\
<Query Id="0">\
<Select Path="Security">*</Select>\
</Query>\
</QueryList>
Exec if not ($EventID == 1 or $EventID == 2 or ...) drop();
actually there is no issue with the XML. I was viewing old results in my database from when I was testing nxlog.conf with no queries. My bad!
Related
I need to download attachments for over 300 purchase requisitions in the Oracle e-Business suite. Instead of opening the requisitions one-by-one and then going to the "Manage Attachments" section, I would like to do this through a query, where I would enter the PR numbers and then get the attachments. Does anybody know if this would be possible through a query in SQL developer (or Ms Access)? If yes, which tables should I consider to design the query?
Thank you in advance for any help you might be able to give me.
You can use this SQL https://www.enginatics.com/reports/fnd-attached-documents/ as a basis and add a restriction to the req headers you need to see like this
fad.entity_name='REQ_HEADERS' and
fad.pk1_value in (select to_char(prha.requisition_header_id) from po_requisition_headers_all prha where ...) and
note that the to_char() is required to use the fnd_attached_documents_n1 index as fad.pk1_value is varchar2 whereas prha.requisition_header_id is a number
These are stored in the FND_DOCUMENTS and information about which application entity / key it is attached to is in FND_ATTACHED_DOCUMENTS - this blog article does a good job of describing the tables involved.
I'm currently experimenting with sphinx realtime index. I inserted 4,5 millions documents.
Everything was working OK while my json meta attributes were like this:
{"result_type":"publications","publication_type":"essay"}
But yesterday, I wanted to add another value in 'publication_type' key and the json
resulted to:
{"result_type":"publications","publication_type":["essay","big_text"]}
Now I can't find document neither for 'essay', neither for 'big_text'.
The sphinxql query I'm using is like this:
select * from url where meta.publication_type='essay';
Sphinx version is Server version: 2.1.1-beta (rel21-r3701) running on Debian.
Hope you can help me. Is my json string wrong? Where is my mistake?
Thanks in advance.
SELECT *, ANY(x='essay' FOR x IN meta.publication_type) as p FROM url WHERE p=1;
Supported in 2.2.1-dev since r4217.
This was answered on the sphinx forum:
http://sphinxsearch.com/forum/view.html?id=11486
When store arrays, you access the values by index.
So could do
select * from url where meta.publication_type[0]='essay';
It doesnt appear to easy to search 'in any position'. So if essay was ever not the first index, it wouldnt work.
Note, I can't claim credit for figuring this out, just passing this information on.
HI
I have used "setResultSetLimit(1000)" method to limit results to 1000 records. The good thing is It helps to save server resources, but there is noway to get full record count for a query. Is any one know how to get full hit count?
TX
Its not possiblie within my tries...
I suggest u to make a full search store results making a cache file maybe or session and use zend_paginator array adapter
The answer is so easy or I didn't understand the question ?
$results = $index->find("saerch term");
echo count($results); // you will get count
i am wondering how can i select specific number of child objects instead of taking them all with include?
lets say i have object 'Group' and i need to select last ten students that joined the group.
When i use '.Include("Students"), EF includes all students. I was trying to use Take(10), but i am pretty new to EF and programming as well, so i couldn't figure it out.
Any suggestions?
UPDATED:
ok, i have Group object already retrieved from db like this:
Group group = db.Groups.FirstOrDefault(x=>x.GroupId == id)
I know that i can add Include("Students") statement, but that would bring ALL students, and their number could be quite big whether i need only freshest 10 students. Can i do something like this: var groupWithStudents = group.Students.OrderByDescending(//...).Take(10);?
The problem with this is that Take<> no longer appears in intellisense. Is this clear enough? Thanks for responses
I believe Take(10) would be correct.
var Students= (from c in Groups
orderby c.DateAdded descending
select c).Take(10);
My experience with Take though is that it generates some awful sql.
EDIT:
see if this blog post helps, it talks of conditional includes.
http://blogs.msdn.com/b/alexj/archive/2009/10/13/tip-37-how-to-do-a-conditional-include.aspx
Couldn't make Gratzy's suggestion with conditional include work... and found the solution here: http://msdn.microsoft.com/en-us/library/bb896249.aspx
Query would look like this:
group.Students.Attach(group.Students
.CreateSourceQuery()
.OrderByDescending(x=>x.JoinDate)
.Take(10));
This is exactly what i was looking for!
Thanks for all responses anyway!
I have a (very simple and standard) UPDATE statement which works fine either directly in Query Analyser, or executed as a stored procedure in Query Analyser.
UPDATE A
SET
A.field1 = B.col1
, A.field2 = B.col2
FROM
tblA AS A INNER JOIN tblB AS B
ON A.pk1 = B.pk1 AND A.pk2 = B.pk2
Problem is when i execute the same stored proc via microsoft ADP (by double-clicking on the sproc name or using the Run option), it says "query ran successfully but did not return records" AND does NOT update the records when i inspect the tables directly.
Before anyone even says "syntax of MS-Access is different than SQLServer T-SQL", remember that with ADP everything happens on the server and one is actually passing thru to T-SQL.
Any bright ideas from any ADP gurus out there?
Gotcha. Responding to my own question for the benefit of anyone else.
Tools / Options / Advanced / Client-Server Settings / Default max records is set at 10,000 (presumably this is the default). Change this to 0 for unlimited.
My table had 100,000+ rows and whatever set of 10,000 it was updating was difficult to find ( among a sea of 90,000+ un-updated rows ). Hence the update did not work fully as expected.
Try and see whether the query gets executed on the SQL Server using SQL profiler.
Also, I think you might need to close the linked table & re-open it to see the updated records.
Does that work?
Run the query with SQL PRofiler running. Before you start the trace add in all the error events. This will give you any errors that the SQL Server is generating that the Access ADP might not be showing correctly (or at all).
Feel free to post them here.
Just as a reference, here's a paper I wrote on Update Queries that discusses some of the issues associated with when the fail.
http://www.fmsinc.com/microsoftaccess/query/snytax/update-query.html
I seem to remember that I always got the "didn't return any rows" message and had to simply turn off the messaging. It's because it isn't returning any rows!
as for the other - sometimes there's a primary key issue. Does the table being updated have a primary key in SQLServer? If so, check the view of the table in Access - sometimes that link doesn't come through. It's been a while, so I could be wrong, but I think you may need to look at the design view of the table while in access and add the primary key there.
EDIT: Additional thought:
in your debugging, try throwing in print statements to see what the values of your inputs are. Is it actually picking up the data from the table as you expect when you execute from access?