I am looking for guidance on using the TUMBLE window function in RisingWave to display multiple authentication failure attempts within the last 10 minutes, grouped by either user_id or source_ip. The objective is to identify and count multiple failure attempts within specific time windows for each user or source IP.
Jim
Asked on Feb 14, 2024
Example queries:
user_id
SELECT
TUMBLE_START("timestamp", INTERVAL '10' MINUTE) AS window_start,
user_id,
COUNT(*) AS failure_attempts
FROM
auth_logs
WHERE
"timestamp" >= NOW() - INTERVAL '10' MINUTE
AND auth = 'Failure'
GROUP BY
TUMBLE("timestamp", INTERVAL '10' MINUTE),
user_id
HAVING
COUNT(*) > 1;
source_ip
SELECT
TUMBLE_START("timestamp", INTERVAL '10' MINUTE) AS window_start,
source_ip,
COUNT(*) AS failure_attempts
FROM
auth_logs
WHERE
"timestamp" >= NOW() - INTERVAL '10' MINUTE
AND auth = 'Failure'
GROUP BY
TUMBLE("timestamp", INTERVAL '10' MINUTE),
source_ip
HAVING
COUNT(*) > 1;