For both numeric and string there is no "Not equal to" operation supported. How to implement "Not equal" using event-ruler. Should we use anything-but? or any alternate?
When we write the rules, can we have multiple conditions for the same field? For example in the below rule we want to check whether the source starts with EC2 and source not equal to EC2TestMachine (JSON cannot have 2 keys with same name. So how to achieve this requirement)
{
"source": [ { "prefix": { "equals-ignore-case": "EC2" } } ],
"source": [ { "anything-but": [ "EC2TestMachine" ] } ],
}
Is there any limit on the number of rules that matches a given event? for example: Suppose we had a 100 thousand rules. And the incoming event matches with 10 thousand rules. Then the rulesForJsonEvent() function will return all the 10 thousand matched rules? or is there any limit on this? also is there any performance impact when the matched rules are more?
any way to write rule for "String does not contain". Is the below rule supported
{
"detail": {
"state": [ { "anything-but": { "wildcard": "init" } } ]
}
}
I'm not aware of any limits in the code. So the only real "limit" would be when your memory is exhausted trying to return all the matches. There shouldn't be performance impact to the machine traversal (by design), but there could be some impact just in constructing the list of 10 thousand rules to return as a response.
Hi,