The Rule dashboard displays overall information of the rule. The Rule dashboard helps you to deploy or undeploy a rule on a Correlation Engine, and also helps you manage the rule status. After a rule is deployed, you can monitor the health of the rule, activities such as the events processed, and the memory usage by the rule.
To view the Rule dashboard, select the desired rule in the Correlation panel.
After a rule is deployed, the dashboard displays the following information:
Rule health statistics: Indicates the overall performance of the rule and enables you to monitor the activities of the rule.
Activity statistics: Indicates the activities of the rule since it was deployed in the Correlation Engine:
Fire count: The number of times the rule fired. You can use this information to discover a rule that fires more than expected and that might need to be tuned, or to discover a rule that does not fire as often as you would expect. In either case, this tab guides you to the rules that are the most and least active. The search icon allows you to view the events generated since the rule was deployed or enabled.
Fire rate: The number of times the rule has been fired relative to the events processed by the rule. This statistic is similar to fire count in that it gives an indication of how active a rule is. However, instead of giving a raw count, the fire rate gives a percentage that is relative to the number of events a rule has processed.
EPS utilization: The processing time this rule consumes relative to the capacity of the engine. This statistic provides an estimate of the amount of engine capacity a given rule is currently consuming. Rules that are more complex, have time-consuming actions, or fire frequently consume more capacity. You can use this statistic to determine whether the rule needs to be tuned or perhaps moved to another Correlation Engine for scalability reasons.
Events processed: The number of events processed by the rule since the rule was deployed.
Total processing time: Total time spent by the Correlation Engine processing the rule since it was deployed or enabled.
Memory statistics: Indicates the memory consumed by the rule:
Estimated memory utilization: Gives a snapshot of roughly how much memory a rule is consuming. Rules consume memory when they have discriminators specified for fields with multiple values (through the Group by list), and when rules hold events in memory for operations like the advanced “window” operation. Rules that consume a lot of memory are a potential liability to a healthy system and should be carefully reviewed to ensure they are properly written or possibly moved to another Correlation Engine for scalability reasons.
Events in memory: Number of events held in memory by the rule.
Cardinality: Number of strings and related structures held in memory by the rule.
Deploy/Undeploy: Lists the available Correlation Engines.You can select an engine, then click Deploy or Undeploy to add or remove the rule in the Correlation Engine.
Associated actions: Lists the actions associated with the rule.
Status: Indicates the current status of the rule. You can also use this option to enable or disable the rule.
NOTE:If you modify a deployed rule, you must redeploy the rule in the Correlation Engine for the changes to take effect. For information on deploying a rule, see Deploying Rules in the Correlation Engine.
You can delete rules that are not deployed in the Correlation Engine. To delete a deployed rule, you must first undeploy the rule from the Correlation Engine.