Skip navigation

Log in to create and rate content, and to follow, bookmark, and share content with other members.

000032746 - Rules containing a group-by statement with a multi-valued meta fail in RSA Security Analytics 10.6

Document created by RSA Customer Support

on Jun 14, 2016•Last modified by RSA Customer Support on Apr 17, 2019

Version 3Show Document

Like • Show 0 Likes0
Comment • 0
View in full screen mode

Article Content

Article Number	000032746
Applies To	RSA Product Set: Security Analytics RSA Product/Service Type: Event Stream Analysis (ESA) RSA Version/Condition: 10.6 Platform: CentOS O/S Version: EL6
Issue	Rules containing a group-by statement with a multi-valued meta (such as alias_host) fails. Steps to Reproduce Create an ESA Rule with a single statement, having a multi-valued meta field such as alias_host in the condition, and group by that meta value. Inject matching events and attached events. The rule will not trigger.
Resolution	This issue is resolved in Security Analytics 10.6.1.

Attachments

Outcomes

0 Comments

Recommended Content

Incoming Links