TRIX is a new events correlation function (the “new generation” of the previous transaction function) that builds complex events correlated by different keys and display results in new dedicated screens.
A complex event (CE) is an event that consists of one or more events.
These events have a connection between them based on a several pre-defined rules so they are connected using fields that should represent a unique (enough) key.
Main result of correlated events to CEP (complex events / transactions):
...
Zoom in to a specific flow:
...
The general syntax of a TRIX search is as follows:
| Code Block |
|---|
search query | trix trix.uniqueIds.fields = ([column1])...
search query | trix trix.uniqueIds.fields = ([column1],[column2])... |
where,
search query a simple search
trix.uniqueIds.fields unique and strong column name must be present in the complex event (CE). It can open a CE, it can connect to another CE, and it will pull CE that only has weak keys - mandatory
trix.uniqueSubIds.fields uniqueSubId column name is not mandatory in the complex event (CE). It can open a CE, it can be added to another CE that has a uniqueId key, it can not connect two uniqueId CEs, uniqueSubId should not close an event - optional
name = [column] the name of each trix transaction will be extracted from the chosen column - optional
groups = [column1,column2,column3] each transaction will be associated to a group - optional
type = [column] each transaction will be associated to a type - optionalLogX TRIX connects multiple log events with common key(s) using deep data pattern correlations and complex pattern recognition.
The TRIX technology provides comprehensive capabilities to monitor, correlate, troubleshoot. predict and understand observability and security data flows.