Sliding Window Examples (Cache Queries)

A sliding window policy maintains a queue of a specified size, into which entities flow. When the queue is full and a new entity arrives, the oldest entity in the queue is removed from the window (FIFO).

The following query has a sliding window over Car events. It retains the last 5 car events that have passed through the query. Every time a new event arrives, the query produces output that matches the latest event that arrived.

select car from /CarEvent {policy: maintain last 5 sliding} car;

The following query is similar to the previous one except for the emit clause. The query maintains a sliding window over the last 5 events. However, instead of echoing the event that just arrived, it emits the oldest event in the window that got displaced when the new event arrived. The query starts producing output only after the window has filled up and reached its full size.

select car from /CarEvent {policy: maintain last 5 sliding; emit: dead} car;

The following query maintains a count of the number of events in the sliding window. Every time an event arrives or drops out of the window (or both), the query produces output. Note that when the query starts and events start arriving, the count progresses towards the maximum window size (25). Once it reaches 25, the number stops changing, because the window will always have a count of 25 from then on.

select count(*) from /CarEvent {policy: maintain last 25 sliding} car group by 1;

The following query performs a rolling average and a count over a sliding window of size 30. The window has a pre-filter clause that only consumes StockTick events whose symbols match "ABCD" or "WXYZ." All other symbol types are dropped and prevented from entering the window. Also, the by clause indicates that a sliding window must be maintained per symbol. The group by clause matches the by clause because both of them specify grouping on symbol. As as result, the query correctly maintains a rolling average and count over the last 30 events, per symbol.

select stock.symbol, avg(stock.price), count(*)
  from /StockTick {policy: maintain last 30 sliding
    where symbol = "ABCD" or symbol = "WXYZ"
    by symbol} stock
  group by stock.symbol;

The by and group by clauses in the following query are used differently here from the way they are used in the prior example. This query maintains a sliding window of size 30 based on price. However, the group by clause is on the symbol. So, the windowing based on price is of little use here.

select stock.symbol, avg(stock.price), count(*)
  from /StockTick {policy: maintain last 30 sliding
    where symbol = "ABCD" or symbol = "WXYZ"
    by price} stock
  group by stock.symbol;

Copyright © Cloud Software Group, Inc. All rights reserved.