I have two correlation rules both deisgned to provide the same output. One is based upon standard filters and works. The other uses a script condition 'count(*)>=4' and does not.
RULE WITHOUT COUNT (WORKS)
RULE WITH COUNT (DOES NOT WORK)
The rule with the count added does not seem to produce a correlated alarm. I have tried various combinations of filtering etc. Can I have some advice?
The rule condition apply to the buckets you've created with the 'group by'. However, using the 'trigger on single events only', I believe there are no buckets being kept in memory and as such, your condition will never match.
Have you tried to uncheck 'trigger on single events only'?
Likely you will need to add spaces near the operator.
Instead of "count(*)>=4", it should be "count(*) >= 4".
Could you give a try and verify if this works?
Documentation source: Examples of script conditions | DataMiner Docs
Hope this helps you further.