hi Richard,
there are several pattern types like TValue and SubStr which have been
designed for fast matching and which do not support match variables
(including $0). Handling of match variables involves additional
computational cost, since after successful match, all variables in rule
definition
Hello,
this is free continuation of
https://sourceforge.net/p/simple-evcorr/mailman/message/36867012/. That
post was about possibilities of user-friendly configurations of event
correlations outside of SEC (without knowing SEC syntax and low-level
principles), and generation of SEC rules from
Thank you for comprehensive answer, Risto. Maybe, hyperlink to it could be
added to that FAQ item.
(I found searching in this forum bit harder, due to traditional e-mail
from, and maybe we could categorize threads in this forum into topics on ,
I am inspired with this by
