AnsweredAssumed Answered

Correlation rule to check if an event not being received

Question asked by Bechara Abou Rahal on Feb 28, 2017
Latest reply on Mar 5, 2017 by Bechara Abou Rahal

Hello,

 

I am trying to create a rule to check within a time frame if we didnt receive an event matches certain criteria

 

is the below correct?

 


SELECT * FROM Event(isNotOneOfIgnoreCase(action,{ 'test' })).win:time(1 Minutes) GROUP BY action HAVING COUNT(*) = 0;

Outcomes