The data monitor type is chosen when you create a new data monitor. For information on how to create a data monitor, see Creating a Data Monitor.
Displays rules that have partial matches and the total number of partial match events within a specified time frame. See also Automatically Disabled Rules .
|
Parameter |
Description |
|---|---|
|
Data Monitor Name |
Type a data monitor name. |
|
Enable Data Monitor |
Select the check box to enable the data monitor and collect data from the Manager. If not selected, the associated viewer configuration will not display any data. Depending on the permissions associated with the user group to which you belong, you may or may not have an option to Enable (deploy) or disable (un-deploy) the data monitor. For more information, see Enabling or Disabling a Data Monitor. |
|
Window Size |
Specifies the time interval used to report partial match counts, in seconds. For example, if using 1 hour as the Window Size, each window displays partial match counts in hour intervals. The default is 3600. |
|
Number of Windows To Display |
Type the number of Window Sizes to display. The default is 5. |
|
Fixed or Sliding |
Specifies when to begin the Window Size time interval. Choose Fixed to begin at time units, such as every hour, 1:00, 2:00, and so forth, or Sliding to begin at the current time and move backwards in Window Size time intervals. For example, if the window size is 10 minutes, and the current time is 1:15 PM and Fixed was selected, the window time frames would be 1:00 to 1:09 and 1:10 to 1:15. If Sliding was selected, window time frames would be 1:00 to 1:04 and 1:05 to 1:15. |
For example, you could design a Rules Partial Match data monitor that displays all events that have partially matched and enabled real-time rule conditions, and are currently stored in memory.