Incidents: Difference between revisions

Incidents (view source)

14 bytes added , 7 April 2021

m

325

edits

@@ Line 125: / Line 125: @@
 ## global_traffic
-This means you will get repeated incidents for the same element every time span. For example, if an IP address has traffic of 100 mbit/s for 2 minutes and a rule checks for more than 50 mbit/s over 30 seconds, the rule will hit 4 times. There will be one incident which will contain the exact number of repetitions for reference.
+So for repeating incidents you will get repeated incidents for the same attribute every time span. For example, if an IP address has traffic of 100 mbit/s for 2 minutes and a rule checks for more than 50 mbit/s over 30 seconds, the rule will hit 4 times. There will be one incident which will contain the exact number of repetitions for reference.
-For start/stop incident, you will only see two rule hits and the incident description will state the start and stop time.
+For start/stop incidents, you will only see two rule hits and the incident description will state the start and stop time.
 ==== 1.3. Available attributes ====
@@ Line 149: / Line 149: @@
 ** total_packets: The number of packets seen in the configured timespan.
 ** total_bytes: The number of bytes seen in the configured timespan.
-** retransmission_ratio: The number of zero window packets seen in the configured timespan.
+** retransmission_ratio: The TCP retransmission ratio seen in the configured timespan.
 ** zero_window_packets: The number of zero window packets seen in the configured timespan.
 * ip_new_local_ip