TRIX is a new events correlation function (the “new generation” of the previous transaction function) that builds complex events correlated by different keys and display results in new dedicated screens.
...
search query a simple search.
trix.uniqueIds.fields unique and strong column name must be present in the complex event (CE). It can open a CE, it can connect to another CE, and it will pull CE that only has weak keys - mandatory
optional parameters:
trix.uniqueSubIds.fields uniqueSubId column name is not mandatory in the complex event (CE). It can open a CE, it can be added to another CE that has a uniqueId key, it can not connect two uniqueId CEs, uniqueSubId should not close an event - optional.
name = [column] the name of each trix transaction will be extracted from the chosen column - optional.
groups = [column1,column2,column3] each transaction will be associated to a group - optional.
type = [column] each transaction will be associated to a type - optional.
startRule = [search query] a filter query to denote a start condition, such as: startRule = (action = login or operator = login)
endRule = [search query] a filter query to denote an end condition, such as: endRule = (action = logout or operator = logout)