| Object type: Correlation rule test object | |
|---|---|
| Correlation rule test object along with status of rule test and trigger events | |
| Field | Description |
| Cardinality | Number of strings and related structures held in memory by the rule. |
| endTime | End time for event search. |
| EPSCapacity | The processing time this rule consumes relative to the capacity of the engine. |
| errorMessage | Error message if any. Will get in case of stauts Stopped and Error. |
| EventRefCount | Number of events held in memory by the rule. |
| eventsProcessed | Number of events processed. |
| LastEventTime | Event time of the last event that triggered the Correlation rule while testing. |
| luceneFilter | Lucene expression for event search. |
| OutputRate | The number of times the rule has fired relative to the events processed. |
| percentComplete | Current level of percentage of overall test. |
| progressPhase | Phase the test is currently in. e.g. 1-Searching event, 2-Testing rule. |
| rulelg | Correlation expression to be tested. |
| startTime | Begin time for event search. |
| status | Current state of test. e.g. Running, Stopped, Completed, Error. |
| testFinishedAt | Time, rule test finished at. |
| testId | ID generated for this test. |
| testStartedAt | Time, rule test started at. |
| TotalProcessingTime | Total time taken for processing events. |
| triggers | List of events triggering this correlation rule. |
DELETE correlation/ruletest/84BEC330-C575-102E-A847-000FFEE403E9
{"rulelg":"filter(((e.EventName = "CreateEventSource")) AND ((e.Message match regex (".*EMPTYTZ.*"))))","startTime":1316409588646,"endTime":1316499588000,"luceneFilter":"sev:[0 TO 5]","testId":"84BEC330-C575-102E-A847-000FFEE403E9","progressPhase":1,"percentComplete":2,"status":"stopped","eventsProcessed":0,"LastEventTime":0,"testStartedAt":1316496024393,"TotalProcessingTime":0,"EPSCapacity":0,"OutputRate":0,"testFinishedAt":1316496025773,"Cardinality":0,"EventRefCount":0,"triggers":[]}