Hello everybody,
i'm actually woking on a fraud-detection topic. the fraud-detection-system consists of synthetic logfiles, hadoop & sap hana. Hadoop has to import, parse und filter and persist all incomming logentries. the filtered entries where exported to sap hana using sqoop. to this point everything works fine. but now i stick.
i only got one big table "LOGS" and i want to get out the entries, which corresponds to my detection-patterns. i know i should try to use CE-functions to prevent sap hana to jump to the sql optimizer. but i dont know, if i can get it only with views.
for example i want to check for hugh downloaded files. my table has a column called receivedbytes. my detection-pattern look something like this:
SUM(Receivedbytes) per user / AVG(Receivedbytes) > 1.5 -> Fraud
The format of my table look like this: USER, DATE, TIME, SOURCEIP, DESTIP, DESTPORT, RECEIVEDBYTES
so what should be the best?
Regards
Felix