Document toolboxDocument toolbox

OrientDB Sink

Owned by Juan Tomás Alonso Nieto (Deactivated)
Last updated: May 16, 2023 by Sarah Bigault (Deactivated)
3 min read
[ 1 Description ] [ 2 Configuration ] [ 3 Input ports ] [ 4 Output ports ] [ 5 Example ]

Description

This unit is a Sink unit type.

A unit that stores events into an OrientDB database.

All events enter through the in port. Then, the unit executes the query specified in its properties. Successful results are sent to the OrientDB database using the connection details configured for the unit.

If an error occurs, an event is enriched with standard error fields and sent to the error output port.

Configuration

After dragging this unit into the Flow canvas, double-click it to access its configuration options. The following table describes the configuration options of this unit:

Tab

Field

Description

Tab

Field

Description

General

Name

Enter a name for the unit. It must start with a letter, and cannot contain spaces. Only letters, numbers, and underscores are allowed.

Description

Enter a description detailing the scope of the unit.

Query

OrientDB SQL query to execute. This is a template and can contain references to the input event fields.

Retries

Number of retries in case of failure.

Parameters

Parameters

A list of field names to be used as parameters in the query.

Connection

OrientDB url

The URL (remote:ip:port/database) of the host running the OrientDB database.

Username

The client name to access OrientDB.

Password

The password requested to access OrientDB.

Input ports

Port

Description

Port

Description

in

All events enter through this port.

Output ports

Port

Description

Port

Description

error

Outputs all events that produced some error during processing. These events have two additional fields, error, and exception, that describe the error.

Example

Imagine you wish to execute a query on a Devo table and write it into an Orient database.

For this, we will use the OrientdbSink unit.

First, we will use a Devo Full Query unit to send a query containing information on Security Operations keys regarding internal source and destination IDs. Enter the following query in the Query field of the properties:

from secops.entities.association where srcEntityType = "investigation" where dstEntityType = "system" group by srcInternalId, dstInternalId every - select "f" as fixedKey

Next, we will use a Memory unit to store the fixed key values and send them to the orientDBSink unit.

In the properties, configure the following input and output fields:

Link the data output port of the Devo Full Query unit to the in port of the Memory unit.

Finally, add the orientDBSink unit to the Flow.

Here we will configure the endpoints of the Orient database to write the values into. In the General tab, enter the query to execute:

BEGIN; FOREACH ($e IN :window) { let s1 = UPDATE Investigation SET internalId = $e.srcInternalId UPSERT RETURN AFTER WHERE internalId = $e.srcInternalId; let s2 = UPDATE System SET internalId = $e.dstInternalId UPSERT RETURN AFTER WHERE internalId = $e.dstInternalId; CREATE EDGE InvestigatedSystemTo UPSERT FROM ($s1) TO ($s2); } COMMIT;

In the Parameters tab, configure the field name to be used as parameters in the query, in this case, window.

In the Connection tab, we need to specify the OrientDB url as well as the client username and password to use to access OrientDB.

Download this example

You can try this flow by downloading the following JSON file and uploading it to your domain using the Import option:

Â