| Object type: Correlation rule test object | ||
|---|---|---|
| Correlation rule test object along with status of rule test and trigger events | ||
| Field | Required | Description |
| Cardinality | false | Number of strings and related structures held in memory by the rule. |
| endTime | false | End time for event search. |
| EPSCapacity | false | The processing time this rule consumes relative to the capacity of the engine. |
| errorMessage | false | Error message if any. Will get in case of stauts Stopped and Error. |
| EventRefCount | false | Number of events held in memory by the rule. |
| eventsProcessed | false | Number of events processed. |
| LastEventTime | false | Event time of the last event that triggered the Correlation rule while testing. |
| luceneFilter | false | Lucene expression for event search. |
| OutputRate | false | The number of times the rule has fired relative to the events processed. |
| percentComplete | false | Current level of percentage of overall test. |
| progressPhase | false | Phase the test is currently in. e.g. 1-Searching event, 2-Testing rule. |
| rulelg | false | Correlation expression to be tested. |
| startTime | false | Begin time for event search. |
| status | false | Current state of test. e.g. Running, Stopped, Completed, Error. |
| testFinishedAt | false | Time, rule test finished at. |
| testId | false | ID generated for this test. |
| testStartedAt | false | Time, rule test started at. |
| TotalProcessingTime | false | Total time taken for processing events. |
| triggers | false | List of events triggering this correlation rule. |
| Object type: Correlation rule test object | |
|---|---|
| Correlation rule test object along with status of rule test and trigger events | |
| Field | Description |
| Cardinality | Number of strings and related structures held in memory by the rule. |
| endTime | End time for event search. |
| EPSCapacity | The processing time this rule consumes relative to the capacity of the engine. |
| errorMessage | Error message if any. Will get in case of stauts Stopped and Error. |
| EventRefCount | Number of events held in memory by the rule. |
| eventsProcessed | Number of events processed. |
| LastEventTime | Event time of the last event that triggered the Correlation rule while testing. |
| luceneFilter | Lucene expression for event search. |
| OutputRate | The number of times the rule has fired relative to the events processed. |
| percentComplete | Current level of percentage of overall test. |
| progressPhase | Phase the test is currently in. e.g. 1-Searching event, 2-Testing rule. |
| rulelg | Correlation expression to be tested. |
| startTime | Begin time for event search. |
| status | Current state of test. e.g. Running, Stopped, Completed, Error. |
| testFinishedAt | Time, rule test finished at. |
| testId | ID generated for this test. |
| testStartedAt | Time, rule test started at. |
| TotalProcessingTime | Total time taken for processing events. |
| triggers | List of events triggering this correlation rule. |
POST correlation/ruletest
{"startTime":1316409588646, "endTime":1316499588000, "rulelg":"filter(((e.EventName = "CreateEventSource")) AND ((e.Message match regex (".*EMPTYTZ.*"))))", "luceneFilter":"sev:[0 TO 5]"}
{"rulelg":"filter(((e.EventName = "CreateEventSource")) AND ((e.Message match regex (".*EMPTYTZ.*"))))","startTime":1316409588646,"endTime":1316499588000,"luceneFilter":"sev:[0 TO 5]","testId":"84BEC330-C575-102E-A847-000FFEE403E9","progressPhase":1,"percentComplete":0,"status":"running","eventsProcessed":0,"LastEventTime":0,"testStartedAt":1316496024393,"TotalProcessingTime":0,"EPSCapacity":0,"OutputRate":0,"triggers":[]}