Open topic with navigation

Mark Similar Events Fields

This topic is continued from Annotating an Event.

Event “similarity,” for collaboration purposes, is defined as a combination of time constraints and having certain key event attributes in common. For example, you could apply a collaboration change to additional events received in the future on the basis of those events having the same Attacker value and having occurred within the last two days.

After the time constraints have passed, the common event attributes return to default settings for events marked as similar to a specified event.

Purpose: To specify one event attribute that will be the basis for event similarity when annotating fields.

Where: Annotate Events popup dialog as a continuation from the procedure, Annotating an Event.

Procedure:

  1. At the bottom of the Annotate Events dialog, click the plus sign (+) next to Mark Similar Events to expose the available fields.

  2. Set the other attributes as shown:

    Similarity Field

    Usage

    Time Constraints

    Choose a bracketing combination of Start Time and End Time or Duration to determine the scope of the constraints.

    Note: After this time constraint has passed, the events' stage annotation revers to [Queued].

    Start Time

    Date and time values to set the beginning of a time-constraint window. Choose from the drop-down menu of expressions or click the ellipsis button to set exact times.

    End Time

    Date and time values to set the end of a time-constraint window. Choose from the drop-down menu of expressions or click the ellipsis button to set exact times.

    Duration

    The length of the time window, relative to a Start Time or End Time, when using Duration as a time constraint.

    Criteria

    A menu of key event-attribute characteristics you can use to define similarity. The text box below specifies the criteria being set. For example, do you want similarity based on the same event name,?

    Each selection displays the corresponding description. For example, if the original event you selected was called Monitor Event and you selected Same Name as criteria, then that event name is reflected in the text box below.
  3. Click OK to save your entries and to complete your event annotation configuration.

From now on, any event matching the criteria will be assigned to the same Stage attribute as specified in Annotating an Event. Pay attention to the description about setting the Stage and how it can be overridden by a rule action.