Timer pattern

A timer rule is defined by the timer pattern. It initiates actions at regular intervals. It is a stateful rule. Although a timer rule does not process events, it can be activated or deactivated by an event.

Overview

The timer pattern is analogous to a timer that starts at the beginning of a time period and stops at the end of the time period. The time period is indicated by a mandatory time window, as defined by the <timeWindow> element in the rule language.

Unless specified not to repeat, the timer pattern repeats until the timer rule is deactivated. Therefore, when the timer rule starts, it waits the specified time period before it initiates any actions, and it repeats this behavior until either it is deactivated or the Active Correlation Technology engine shuts down.

The timer rule is unique in that it does not contain event selection criteria. The timer rule starts processing according to the activation interval for the rule, as defined by the <activationInterval> element. If the default <activationInterval> element is used and the timer pattern is set to repeat, the timer rule starts when it is loaded by the Active Correlation Technology engine and stops when the Active Correlation Technology engine shuts down. To activate a timer rule with an event, you must specify the event in the <activateOnEvent> element within the <activationInterval> element for the rule.

Conditions under which the rule response runs

With the timer pattern, the rule response runs when the time window is complete, as defined by the <onTimeWindowComplete> element.

Example usage of this rule pattern

The timer pattern can be useful for implementing cleanup rules. An example usage of the timer pattern is a rule that does the following:
Every 30 minutes, the rule runs an action that clears harmless and informational events that have been open for longer than 48 hours.
Related reference
Timer rule summary