OrientDB Sink
Description
This unit is a Sink unit type.
A unit that stores events into an OrientDB database.
All events enter through the in port. Then, the unit executes the query specified in its properties. Successful results are sent to the OrientDB database using the connection details configured for the unit.
If an error occurs, an event is enriched with standard error fields and sent to the error output port.
Configuration
After dragging this unit into the Flow canvas, double-click it to access its configuration options. The following table describes the configuration options of this unit:
Tab | Field | Description |
---|---|---|
General | Name | Enter a name for the unit. It must start with a letter, and cannot contain spaces. Only letters, numbers, and underscores are allowed. |
Description | Enter a description detailing the scope of the unit. | |
Query | OrientDB SQL query to execute. This is a template and can contain references to the input event fields. | |
Retries | Number of retries in case of failure. | |
Parameters | Parameters | A list of field names to be used as parameters in the query. |
Connection | OrientDB url | The URL (remote:ip:port/database) of the host running the OrientDB database. |
Username | The client name to access OrientDB. | |
Password | The password requested to access OrientDB. |
Input ports
Port | Description |
---|---|
in | All events enter through this port. |
Output ports
Port | Description |
---|---|
error | Outputs all events that produced some error during processing. These events have two additional fields, error, and exception, that describe the error. |
Example
Imagine you wish to execute a query on a Devo table and write it into an Orient database.
For this, we will use the OrientdbSink unit.
First, we will use a Devo Full Query unit to send a query containing information on Security Operations keys regarding internal source and destination IDs. Enter the following query in the Query field of the properties:
from secops.entities.association
where srcEntityType = "investigation"
where dstEntityType = "system"
group by srcInternalId, dstInternalId
every -
select "f" as fixedKey
Next, we will use a Memory unit to store the fixed key values and send them to the orientDBSink unit.
In the properties, configure the following input and output fields:
Link the data output port of the Devo Full Query unit to the in port of the Memory unit.
Finally, add the orientDBSink unit to the Flow.
Here we will configure the endpoints of the Orient database to write the values into. In the General tab, enter the query to execute:
BEGIN;
FOREACH ($e IN :window) {
let s1 = UPDATE Investigation SET internalId = $e.srcInternalId UPSERT RETURN AFTER WHERE internalId = $e.srcInternalId;
let s2 = UPDATE System SET internalId = $e.dstInternalId UPSERT RETURN AFTER WHERE internalId = $e.dstInternalId;
CREATE EDGE InvestigatedSystemTo UPSERT FROM ($s1) TO ($s2);
}
COMMIT;
In the Parameters tab, configure the field name to be used as parameters in the query, in this case, window.
In the Connection tab, we need to specify the OrientDB url as well as the client username and password to use to access OrientDB.
Download this example
You can try this flow by downloading the following JSON file and uploading it to your domain using the Import option: