A TRIX search is used to perform advanced correlations of events from one or more logs. The correlation is done by connecting multiple log events that share one or more keys into a CEP (Complex Event).
TRIX then allows to run analysis, statistics, anomalies and monitoring on the CEP level (the correlated log events).
The general syntax of a TRIX search is as follows:
...
trix.uniqueIds.fields unique and strong column name must be present in the complex event (CE). It can open a CE, it can connect to another CE, and it will pull CE that only has weak keys - mandatory
optional parameters:
trix.uniqueSubIds.fields uniqueSubId column name is not mandatory in the complex event (CE). It can open a CE, it can be added to another CE that has a uniqueId key, it can not connect two uniqueId CEs, uniqueSubId should not close an event.
...