hi Suat, are you interested in some rule examples about detecting event sequences, or are you investigating opportunities for creating a new rule type for matching sequences of events? Many event sequences can be handled by combining existing rules and contexts, so a new rule type might not be needed for the task that you have. To clarify the task a little bit, should the solution apply a sliding window based detection if the entire sequence has not been observed within 10 minutes, or is it not important and incomplete sequence after 10 minutes (say, A and B are present but C is missing) terminates the event correlation scheme?
kind regards, risto Kontakt Suat Toksöz (<stok...@gmail.com>) kirjutas kuupäeval K, 5. august 2020 kell 15:52: > hi all, > > is it possible to have multiple (3,4..) correlation rule on SEC? > > For example, If event *A* happens then event *B* happens then event *C* > happens and all events happen within 10 min. > > -- > > Best regards, > > *Suat Toksoz* > _______________________________________________ > Simple-evcorr-users mailing list > Simple-evcorr-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users >
_______________________________________________ Simple-evcorr-users mailing list Simple-evcorr-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
