Correlation Views

ELM Correlation Views watch for specific pairs of event.  The most basic configuration requires an Include Filter, a Correlation Filter, and a timer setting.  When an event matches the Include Filter, it is designated as the "start event" and the timer begins counting down.  If an event matching the Correlation Filter is found before the timer expires, then it is designated as the "end event" and a correlation pair has been found.

The basic Correlation View described above can have a Notification Method assigned, so ELM users can be alerted to the occurrence of a correlation pair.  If the timer counts down to zero, then a separate Notification Method can be triggered alerting ELM users that a correlation pair was not found.

Note
Correlation View Icons will change depending on the assignment of Notification Methods.
- No Notification Methods assigned to the View
- One or more Notification Methods assigned to only the Matching result.
- One or more Notification Methods assigned to only the Timeout result.
- One or more Notification Methods assigned to both the Matching and Timeout results.