Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

The general syntax of a TRIX search is as follows:

search query | trix trix.uniqueIds.fields = ([column1])...
search query | trix trix.uniqueIds.fields = ([column1],[column2])...

where,

search query a simple search.

trix.uniqueIds.fields unique and strong column name must be present in the complex event (CE). It can open a CE, it can connect to another CE, and it will pull CE that only has weak keys - mandatory

optional parameters:

trix.uniqueSubIds.fields uniqueSubId column name is not mandatory in the complex event (CE). It can open a CE, it can be added to another CE that has a uniqueId key, it can not connect two uniqueId CEs, uniqueSubId should not close an event.

cep.name the name of each trix transaction will be extracted from the chosen column.

cep.groups each transaction will be associated to a group.

cep.type each transaction will be associated to a type.

startRule a filter query to denote a start condition, such as: startRule = (action = login OR operator = login)

endRule a filter query to denote an end condition, such as: endRule = (action = logout OR operator = logout)

cepNode.maxEventLimit max number of events per CE.

cepNode.timeframe.limit a CE should be closed after limitTime has expired.

cepNode.event.timeframe.limitFromStart a CE should not add events that are more than limitTimeFromStart from the first event.

  • No labels