• 1 reply
  • Latest Post - ‏2016-09-28T13:50:33Z by Nikodim
2 Posts

Pinned topic See events that contributed to a rule triggering

‏2016-09-28T13:22:05Z |

Hello everybody!
I have a rule that triggers when at least 5 events are received that meet certain conditions. Once the rule is triggered, I need to know exactly what those 5 (or more) events are that contributed to the rule triggering, but I don't know how to do it.

I tried the filter "Custom rule equals" but it only returns the event or events that triggered the rule, not the ones before (that is, to simplify, the first 4)

As for the filter "Custom rule partially matched" it returns more than that, because it also shows events that could have contributed to a rule but since there never was a 5th event the rule never triggered for that case (maybe I didn't explain it in the best way ut you know what I mean).


So, can anyone tell me how to achieve what I'm trying to achieve?


Thanks and regards

  • Nikodim
    11 Posts

    Re: See events that contributed to a rule triggering


    You can try AQL:

    SELECT * FROM events WHERE InOffense(123)