I downloaded the jar file from here -

When I pass stmp password int he cli I get the following error
Exception in thread "main" com.beust.jcommander.ParameterException: Unknown option: --smtp-password

Here is what my command look like.

java -Dlog4j.configuration=file:/home/ubuntu/sherlock/sherlock/src/main/resources/log4j.properties -jar sherlock-1.5 --version 1.5 --project-name "Metrics and Monitoring" --port 3000 --enable-email --failure-email "[email protected]" --from-mail "[email protected]" --reply-to "[email protected]" --smtp-host "smtp.outlook.office365.com" --smtp-port 587 --smtp-password "passowrd" --redis-host "127.0.0.1" --redis-port 6379 --egads-config-filename /home/ubuntu/sherlock/sherlock/src/main/resources/egads_config.ini

FYI I'm referring to : https://github.com/yahoo/sherlock/blob/master/src/main/java/com/yahoo/sherlock/model/AnomalyReport.java#L272

int percentageDeviation = (int) (((interval.actualVal - interval.expectedVal) / interval.expectedVal) * 100);

Whenever the interval.expectedVal = 0.0f then, no matter what is the value of interval.actualVal we always get
percentageDeviation = 2147483647; // max value that can fit in int(32-bit signed integer)

Is it the expected behaviour or do we need to handle this case ?

currently, only one table data source can be queried.
support of the union of two or more table data sources will be much helpful .
can ref : https://druid.apache.org/docs/latest/querying/datasource.html

{
       "type": "union",
       "dataSources": ["<string_value1>", "<string_value2>", "<string_value3>", ... ]
}

My config has TS_MODEL -> OlympicModel and AD_MODEL -> KSigmaModel. However, for the anomaly I am defining, I selected different models. The models defined by me are not picked up for anomaly detection, the default one from config is used.

currently hard-coded value can cause 'Read timeout' in various environment so It should be configurable by user.

I've been using Sherlock for a few days, and it seems to be working fine for some time.
I'm generating hourly reports, and it works for a few hours. However, after a day or two, the reports start to fail, throwing a java.lang.ArrayIndexOutOfBoundsException: 1 error.

I've looked at the logs and this is the error log:

32893 [INFO ] 2018-09-30 12:30:01,105 com.yahoo.sherlock.store.redis.LettuceAnomalyReportAccessor - Getting anomaly reports for job [4] with frequency [hour]
32894 [ERROR] 2018-09-30 12:30:01,108 com.yahoo.sherlock.Routes - Error while viewing job report!
32895 java.lang.ArrayIndexOutOfBoundsException: 1
32896     at com.yahoo.sherlock.store.redis.LettuceAnomalyReportAccessor.decodeAndSetTimestamp(LettuceAnomalyReportAccessor.java:336)
32897     at com.yahoo.sherlock.store.redis.LettuceAnomalyReportAccessor.getAnomalyReports(LettuceAnomalyReportAccessor.java:311)
32898     at com.yahoo.sherlock.store.redis.LettuceAnomalyReportAccessor.getAnomalyReportsForJob(LettuceAnomalyReportAccessor.java:119)
32899     at com.yahoo.sherlock.Routes.viewJobReport(Routes.java:626)
32900     at spark.TemplateViewRouteImpl$1.handle(TemplateViewRouteImpl.java:66)
32901     at spark.http.matching.Routes.execute(Routes.java:61)
32902     at spark.http.matching.MatcherFilter.doFilter(MatcherFilter.java:126)
32903     at spark.embeddedserver.jetty.JettyHandler.doHandle(JettyHandler.java:50)
32904     at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:189)
32905     at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
32906     at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:119)
32907     at org.eclipse.jetty.server.Server.handle(Server.java:517)
32908     at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:308)
32909     at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:242)
32910     at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:261)
32911     at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:95)
32912     at org.eclipse.jetty.io.SelectChannelEndPoint$2.run(SelectChannelEndPoint.java:75)
32913     at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.produceAndRun(ExecuteProduceConsume.java:213)
32914     at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.run(ExecuteProduceConsume.java:147)
32915     at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:654)
32916     at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:572)
32917     at java.lang.Thread.run(Thread.java:748)

I've looked at the redis logs and they are not showing any errors. I'm not sure how to fix it.
Any ideas what going on?

Hello folks,

I am trying to run a job with Sherlock on event time data that implies that at run time I have not all the data. I therefore would like to run a daily job, which query druid until two days before the run time. But it does not seem to work. When I query druid by setting in my query "intervals": "ZonedDateTime.now().minusDays(18),ZonedDateTime.now().minusDays(2)" it seems that Sherlock still queries on the run time.

In Flash query, we have the possibility to change the end Time of the query in the UI. Something strange to me is that when I set in the query Druid: "intervals": "ZonedDateTime.now().minusDays(18),ZonedDateTime.now().minusDays(2)" and I change in the UI the end Date of the query and set a day different from ZonedDateTime.now().minusDays(2) , Sherlock will consider the endDate defined in the UI. Does that mean that Sherlock does not take into account the values set in the intervals of query Druid?

In the setting of the jobs, it is not possible to set the End Date (which is normal because this date will change every day) as in the Flash Query. But it seems that the end Date run each day for the job is actually Date.now() even if in my intervals of the query Druid, I have set ZonedDateTime.now().minusDays(2) which is what I need. Have you got any idea how I could run a job that returns an anomaly detection 2 days before the current date?

Thanks all for your help

Can someone help me in understanding how the Visualization URL works in Jobs? What URL needs to be provided here?

Hi, I saw sherlock demoed at the 2021 Druid conference and it really stoked my interest. I haven't used it yet because I noticed the log4j version is within the range of versions vulnerable to the JNDI lookup vulnerability that was discovered earlier this year(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228). I was curious: is the corresponding lookup feature currently disabled in sherlock and/or are there are plans to upgrade to log4j2.15 or later?
Thanks!

It will be great if users can directly download the jar file from tag release instead of compiling itself

Tried to run the make file. Got an error like this:

C:...\sherlock>make jar
mvn clean checkstyle:check package
[INFO] Scanning for projects...
[INFO]
[INFO] --------------------< com.yahoo.sherlock:sherlock >---------------------
[INFO] Building sherlock 1.12-SNAPSHOT
[INFO] --------------------------------[ jar ]---------------------------------
Downloading from bintray-yahoo-maven: https://yahoo.bintray.com/maven/com/yahoo/egads/egads/0.4.0/egads-0.4.0.pom
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 2.057 s
[INFO] Finished at: 2021-09-20T10:34:08+03:00
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal on project sherlock: Could not resolve dependencies for project com.yahoo.sherlock:sherlock:jar:1.12-SNAPSHOT: Failed to collect dependencies at com.yahoo.egads:egads:jar:0.4.0: Failed to read artifact descriptor for com.yahoo.egads:egads:jar:0.4.0: Could not transfer artifact com.yahoo.egads:egads:pom:0.4.0 from/to bintray-yahoo-maven (https://yahoo.bintray.com/maven): authorization failed for https://yahoo.bintray.com/maven/com/yahoo/egads/egads/0.4.0/egads-0.4.0.pom, status: 403 Forbidden -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/DependencyResolutionException
make: *** [Makefile:7: jar] Error 1

any idea how to solve this?

my Apache Maven version is 3.8.2 (latest)

Hi @ALL,

is it possible to train Sherlock/EGADS with data from the past to get better results in the future ?
I think I heard somethingh like that in a video, but I can't find any Howto or hint in the menus.

Thanks a lot !

Bye, Dirk

Is it possible to connect to Druid Broker with Basic Auth ?

We have a mail server which needs authentication in order to send emails correctly. How can I configure sherlock in order to get emails?

when trying building the Jar file
Compilation Error is thrown.
Can you please tell me what i'm missing here?

Hi,
I've been desperately trying to set up a job in Sherlock, but I keep getting a "Requested page not found. [404]" error when trying to get flash results like you can see in the following screenshot.

I get the following error in the logs of Sherlock

When requesting the series from Druid in the shell with the following command curl -X POST 'http://localhost:8082/druid/v2/?pretty' -H 'Content-Type:application/json' -H 'Accept:application/json' -d @query.json, I don't have any issues. I attached the result I get with my query in this TXT-file query_with_response.txt. What could possibly be the issue here?

Hello guys;
I am new in Sherlock, I have got some issues with the installation, when I create a new job the job is going to error without further information. My druid is stand-alone server so I use broker port 8082 my server is debian 10/11 and my java is 11.0 but I install java 8 in order to see if that solve the problem.

Any idea about where is the mistake?
Regards and thanks in advance

recently added argument --druid-query-timeout is not for druid query timeout. It's just timeout value of HttpClient.
Description of Druid query timeout is in this doc. please check it and change argument name or add real druid query timeout setting.

Hi Security Team,

The build files indicate that this project is resolving dependencies over HTTP instead of HTTPS. Any of these artifacts could have been MITM to maliciously compromise them and infect the build artifacts that were produced. Additionally, if any of these JARs or other dependencies were compromised, any developers using these could continue to be infected past updating to fix this.

Description:

This attack leverages the build infrastructure loading dependencies over HTTP without any other sort of integrity check to allow them to be maliciously compromised.

POC code has existed since 2014 to maliciously compromise a JAR file inflight.
See:

https://max.computer/blog/how-to-take-over-the-computer-of-any-java-or-clojure-or-scala-developer/

https://github.com/mveytsman/dilettante

Source Location

https://github.com/yahoo/sherlock/blob/5d1bf481255eda73837a2f61f2b72e4d704c822a/pom.xml

    <repositories>
        <repository>
            <snapshots>
                <enabled>false</enabled>
            </snapshots>
            <id>bintray-yahoo-maven</id>
            <name>bintray</name>
            <url>http://yahoo.bintray.com/maven</url>
        </repository>
    </repositories>

    <pluginRepositories>
        <pluginRepository>
            <id>bintray-yahoo-maven</id>
            <name>bintray-plugins</name>
            <url>http://yahoo.bintray.com/maven</url>
        </pluginRepository>
    </pluginRepositories>

References :

1. https://serverfault.com/a/153065
2. https://security.stackexchange.com/a/12050
3. https://thenextweb.com/insights/2017/12/11/comcast-continues-to-inject-its-own-code-into-websites-you-visit/#
4. https://medium.com/bugbountywriteup/want-to-take-over-the-java-ecosystem-all-you-need-is-a-mitm-1fc329d898fb
5. github/codeql#2413
6. GHSA-rcj2-vvjx-87pm
7. GHSA-jwqm-c9f2-2cq3

This vulnerability has a CVSS v3.0 Base Score of 8.1/10

https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Hi,

Thanks for this amazing library. I was trying to build this. got following error. Please help me to resolve this. Also after build. what command should run to get the UI as you showed in the Demo.

Error: Could not resolve dependencies for project com.yahoo.sherlock:sherlock:jar:1.7-SNAPSHOT: Could not find artifact com.sun:tools:jar:0 at specified path /Library/Java/JavaVirtualMachines/openjdk-13.0.1.jdk/Contents/Home/../lib/tools.jar

Hello, I am trying to experiment with this utility to see if it helps some of our use cases and having trouble running a Timeseries query, i am able to run the Timeseries query against my druid instance using post man, however when i run the same query in flash query UI, i get zero results back. Any help is appreciated in this regard.
Attached is the JSON req and resp used in postman.
SharlockQuestion.txt
Parameters on Falsh Query Screen:

I am using Druid version 0.17.0

When compiling with the latest jdk8 version, making jar will fail with following error:

-------------------------------------------------------
 T E S T S
-------------------------------------------------------
Error: Could not find or load main class org.apache.maven.surefire.booter.ForkedBooter

Results :

Tests run: 0, Failures: 0, Errors: 0, Skipped: 0

[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 02:54 min
[INFO] Finished at: 2018-11-30T10:42:36+00:00
[INFO] Final Memory: 43M/615M
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.apache.maven.plugins:maven-surefire-plugin:2.17:test (default-test) on project sherlock: Execution default-test of goal org.apache.maven.plugins:maven-surefire-plugin:2.17:test failed: The forked VM terminated without properly saying goodbye. VM crash or System.exit called?
[ERROR] Command was /bin/sh -c cd /sherlock && /usr/lib/jvm/java-8-openjdk-amd64/jre/bin/java -javaagent:/root/.m2/repository/org/jacoco/org.jacoco.agent/0.7.6.201602180812/org.jacoco.agent-0.7.6.201602180812-runtime.jar=destfile=/sherlock/target/jacoco.exec -jar /sherlock/target/surefire/surefirebooter6254102860528815040.jar /sherlock/target/surefire/surefire345989798278468220tmp /sherlock/target/surefire/surefire_02363878781743491197tmp
[ERROR] -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/PluginExecutionException
Makefile:7: recipe for target 'jar' failed
make: *** [jar] Error 1`

That is a known issue fixed already by Surefire in 3.0.0-M1
See furthermore: https://issues.apache.org/jira/browse/SUREFIRE-1588

Workaround for users at the moment:

• use at least jdk8u118
• use command: make jar-no-test

This is a really useful tool. Was wondering if you'd add support for redshift as well as druid in the future.

The program can potentially fail to release a system resource.