TRIX is a new events correlation function (the “new generation” of the previous transaction function) that builds complex events correlated by different keys and display results in new dedicated screens.
A complex event (CE) is an event that consists of one or more events.
These events have a connection between them based on a several pre-defined rules so they are connected using fields that should represent a unique (enough) key.
Main result of correlated events to CEP (complex events / transactions):
Zoom in to a specific flow:
The general syntax of a TRIX search is as follows:
search query | trix trix.uniqueIds.fields = ([column1])... search query | trix trix.uniqueIds.fields = ([column1],[column2])...
where,
search query a simple search
trix.uniqueIds.fields unique and strong column name must be present in the complex event (CE). It can open a CE, it can connect to another CE, and it will pull CE that only has weak keys - mandatory
trix.uniqueSubIds.fields uniqueSubId column name is not mandatory in the complex event (CE). It can open a CE, it can be added to another CE that has a uniqueId key, it can not connect two uniqueId CEs, uniqueSubId should not close an event - optional
name = [column] the name of each trix transaction will be extracted from the chosen column - optional
groups = [column1,column2,column3] each transaction will be associated to a group - optional
type = [column] each transaction will be associated to a type - optional