Object type: Correlation rule test object | ||
---|---|---|
Correlation rule test object along with status of rule test and trigger events | ||
Field | Required | Description |
Cardinality | false | Number of strings and related structures held in memory by the rule. |
endTime | false | End time for event search. |
EPSCapacity | false | The processing time this rule consumes relative to the capacity of the engine. |
errorMessage | false | Error message if any. Will get in case of stauts Stopped and Error. |
EventRefCount | false | Number of events held in memory by the rule. |
eventsProcessed | false | Number of events processed. |
LastEventTime | false | Event time of the last event that triggered the Correlation rule while testing. |
luceneFilter | false | Lucene expression for event search. |
OutputRate | false | The number of times the rule has fired relative to the events processed. |
percentComplete | false | Current level of percentage of overall test. |
progressPhase | false | Phase the test is currently in. e.g. 1-Searching event, 2-Testing rule. |
rulelg | false | Correlation expression to be tested. |
startTime | false | Begin time for event search. |
status | false | Current state of test. e.g. Running, Stopped, Completed, Error. |
testFinishedAt | false | Time, rule test finished at. |
testId | false | ID generated for this test. |
testStartedAt | false | Time, rule test started at. |
TotalProcessingTime | false | Total time taken for processing events. |
triggers | false | List of events triggering this correlation rule. |
Object type: Correlation rule test object | |
---|---|
Correlation rule test object along with status of rule test and trigger events | |
Field | Description |
Cardinality | Number of strings and related structures held in memory by the rule. |
endTime | End time for event search. |
EPSCapacity | The processing time this rule consumes relative to the capacity of the engine. |
errorMessage | Error message if any. Will get in case of stauts Stopped and Error. |
EventRefCount | Number of events held in memory by the rule. |
eventsProcessed | Number of events processed. |
LastEventTime | Event time of the last event that triggered the Correlation rule while testing. |
luceneFilter | Lucene expression for event search. |
OutputRate | The number of times the rule has fired relative to the events processed. |
percentComplete | Current level of percentage of overall test. |
progressPhase | Phase the test is currently in. e.g. 1-Searching event, 2-Testing rule. |
rulelg | Correlation expression to be tested. |
startTime | Begin time for event search. |
status | Current state of test. e.g. Running, Stopped, Completed, Error. |
testFinishedAt | Time, rule test finished at. |
testId | ID generated for this test. |
testStartedAt | Time, rule test started at. |
TotalProcessingTime | Total time taken for processing events. |
triggers | List of events triggering this correlation rule. |
POST correlation/ruletest
{"startTime":1316409588646, "endTime":1316499588000, "rulelg":"filter(((e.EventName = "CreateEventSource")) AND ((e.Message match regex (".*EMPTYTZ.*"))))", "luceneFilter":"sev:[0 TO 5]"}
{"rulelg":"filter(((e.EventName = "CreateEventSource")) AND ((e.Message match regex (".*EMPTYTZ.*"))))","startTime":1316409588646,"endTime":1316499588000,"luceneFilter":"sev:[0 TO 5]","testId":"84BEC330-C575-102E-A847-000FFEE403E9","progressPhase":1,"percentComplete":0,"status":"running","eventsProcessed":0,"LastEventTime":0,"testStartedAt":1316496024393,"TotalProcessingTime":0,"EPSCapacity":0,"OutputRate":0,"triggers":[]}