Object type: Correlation rule test object | |
---|---|
Correlation rule test object along with status of rule test and trigger events | |
Field | Description |
Cardinality | Number of strings and related structures held in memory by the rule. |
endTime | End time for event search. |
EPSCapacity | The processing time this rule consumes relative to the capacity of the engine. |
errorMessage | Error message if any. Will get in case of stauts Stopped and Error. |
EventRefCount | Number of events held in memory by the rule. |
eventsProcessed | Number of events processed. |
LastEventTime | Event time of the last event that triggered the Correlation rule while testing. |
luceneFilter | Lucene expression for event search. |
OutputRate | The number of times the rule has fired relative to the events processed. |
percentComplete | Current level of percentage of overall test. |
progressPhase | Phase the test is currently in. e.g. 1-Searching event, 2-Testing rule. |
rulelg | Correlation expression to be tested. |
startTime | Begin time for event search. |
status | Current state of test. e.g. Running, Stopped, Completed, Error. |
testFinishedAt | Time, rule test finished at. |
testId | ID generated for this test. |
testStartedAt | Time, rule test started at. |
TotalProcessingTime | Total time taken for processing events. |
triggers | List of events triggering this correlation rule. |
DELETE correlation/ruletest/84BEC330-C575-102E-A847-000FFEE403E9
{"rulelg":"filter(((e.EventName = "CreateEventSource")) AND ((e.Message match regex (".*EMPTYTZ.*"))))","startTime":1316409588646,"endTime":1316499588000,"luceneFilter":"sev:[0 TO 5]","testId":"84BEC330-C575-102E-A847-000FFEE403E9","progressPhase":1,"percentComplete":2,"status":"stopped","eventsProcessed":0,"LastEventTime":0,"testStartedAt":1316496024393,"TotalProcessingTime":0,"EPSCapacity":0,"OutputRate":0,"testFinishedAt":1316496025773,"Cardinality":0,"EventRefCount":0,"triggers":[]}