Versions Compared

Old Version 1

changes.mady.by.user Noga Aviram

Saved on

compared with

New Version 2

changes.mady.by.user Noga Aviram

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Basic Trix Queries

Query

Explanation

* in log.audit | trix trix trix.uniqueIds.fields = (thread)

thread column as a unique id - mandatory

* in log.audit | trix trix.uniqueIds.fields = (thread) trix.uniqueSubIds.fields = (user)

user column as an optional unique key

* in log.audit | trix trix.uniqueIds.fields = (thread) trix.uniqueSubIds.fields = (user) cep.name=(session id)

The name for each transaction is the session id

* in log.audit | trix trix.uniqueIds.fields = (thread) cep trix.uniqueSubIds.fields = (user) cep.name=(session id) cep.groups=(session id)

groups list will be determined by the session id values

* in log.audit | trix trix.uniqueIds.fields = (thread) cep trix.uniqueSubIds.fields = (user) cep.name=(session id) cep.groups=(session id) type=(thread)

types list will be determined by the thread values

Data-filtered Trix Queries

...

Query

Explanation

* in log.audit | trix trix.uniqueIds.fields = (thread) cepNode.maxEventLimit=3

Set a limit for

Max number of events

in

for each transaction

* in log.audit | trix trix.uniqueIds.fields = (thread)

 cep.name=(session id) cep.groups=(session id) maxEventLimit=3 type=(thread)

types list will be determined by the thread values

Time-filtered Trix Queries

 startRule = (message contains opened) endRule = (message contains login)

Start and End conditions

* in log.audit | trix trix.uniqueIds.fields = (thread) cepNode.timeframe.limit = (5 seconds)

The transaction will be closed after limit-Time has expired

* in log.audit | trix trix.uniqueIds.fields = (thread) cepNode.event.timeframe.limitFromStart = (10 minutes)

Only events which are less than limitTimeFromStart from the first event will be added to the transaction.

Complex Trix Queries