Hello,
can anybody help with my problem with the Pair rule?
My logfile gets the following input from a monitoring script:
moncheck:WARNING:node:itservice:source:subsource1:message
moncheck:WARNING:node:itservice:source:subsource2:message
The events should be treated as equal for action and
hi Uwe,
the problem you are seeing is caused by a side effect of Pair rule, but
can easily be fixed by changing the 'pattern2' field just a bit.
Let me explain why this happening. After you have submitted SEC the
first 4 input lines, SEC has two event correlation operations running
that have