AnsweredAssumed Answered

Alert: EPL rule followed by another rule?

Question asked by Miguel Alvarez on May 4, 2017
Latest reply on May 9, 2017 by Volodymyr Rozhniatovskyi

Hi everyone,

I need help with one advanced EPL rule.

I'm trying to do a condition followed by another condition, but my problem is that my first condition has a group by and a having count in the condition... How can I concatenate rules?

For example:

 

event.x = "something" && device.type = "smdevice"

group by alias.host

HAVING COUNT (7,10)

 

"and now I need to do next rule (followed by)"

 

(device.type = "smdevice" && event.x = "somethingdiferent")

group by alias.host

 

 

 

Thanks

Outcomes