riemann - send email when there are more than 5 critical events every 30 seconds

gistfile1.txt

; http://stackoverflow.com/questions/31269170/event-count-at-certain-time-interval-in-riemann

(let [email (mailer {:host "localhost"
                     :port 1025
                     :from "[email protected]"})]
  (streams
    (where (and (service "system_log")
                (description "IE")
                (not (expired? event)))
      ; we are interested in the event count, so let's fix to :metric 1
      (with :metric 1
        ; measure the rate in a 30 seconds interval
        (rate 30
          ; we want the rate per half minutes
          (scale 30
            ; for debugging
            prn
            ; when there were more than 5 events
            (where (> metric 5)
              ; change the status to this value
              (with {:status "login failures"}
                ; for debugging
                prn
                ; send email
                (email "[email protected]")))))))))

I used rate and scale but it didn't works for me. May be I am using it in wrong way.The above edited code is working by using fixed-time-window itseld but it triggering email for N number of condition satisfied with in 30 sec(for eg.If my condition was true for 10 times within that 30 sec means 10 emails got triggered). I want only one email at the end of every 30sec if the condition is satisfied. If no event matches my condition within 30sec interval means no email should trigger. I pasted my latest code.

(let [email (mailer {...})](streams
%28where %28and %28service)
(not (expired? event)))
(fixed-time-window
30
(smap
(fn [events](let [count-of-failures %28count %28filter #%28= "IE" %28:description %)) events))]
(events
{:status "login failures"
:metric count-of-failures
:total-fail (> count-of-failures 5)
})))

(where (and (= (:status event) "login failures")
                  (:total-fail event))
(email "[email protected]")))))))