Ok I understand your scenario.. but generally what our customers do is simply alert on the summary record at 10s as good enough as it is timely enough for a decline scenario but I agree does not detect back-to-back declines.. but you script itself as @Leon_Arens_FNNI mentioned would have timing issues in getting exactly what you want as well.
OK so the "SORT DESC LOGTIME" and knowing Analysts 'should' process the transactions incrementally in the order presented is the only thing that makes this different than the standard summary though as it resets the counter on an approval. You still REALLY should have a limit clause (even if high for 2x your refresh interval) and have your lookback timeframe for TRANDET also only slightly buffered.. otherwise it could be searching through 10s of thousands of transactions. Otherwise I get what you are trying to do and cannot think of a way to do it in summary at this granular of a level but usually 10s Summary Interval DENYCNT & DENY% usually work for most.
If you are curious of how many records the rule is processing every 30 seconds you could add the following bolded lines.
You can then add the following highlighted code to see if it reduces the records processes from many(history) to just the records for the trans that occurred in the last 30 seconds.
Note: if the date restriction in the where clause reduced the records processed then this could also reduce the amount of memory the analyst uses.
Note: I have not tested this logic because we do not have the TSV product at the current time but are concidering it. So if I have a typo please correct it.
SECTION CONFIG MAX_SIZE 5.0 MB
NUMERIC G_RECs_processed [0] := 0 NUMERIC TXNCOUNT [0] := 0 NUMERIC ALERTFLAG [0] := 1 END_SECTION SECTION RULE_DEF ! Get all records from TRANDET record and set counter ! increment the counter if it is declined response code and reset the counter if approve response code RULE TRAN_COUNT PRIMARY RECORD TRANDET WHERE BIN = "402872"
AND (SRCNAME="NSX7DRP2" OR SRCNAME="NSX7DRA2")
AND LOGTIME > ( CurrentTime - 30 seconds ) REFRESH 30 SECONDS NODE ( #NI\BASE24-active ) SORT DESC LOGTIME !Increment the counter when the transaction is declined IF @TRANDET.RESPCODE NOT IN {"00","01","000","001","076","206"} SET TXNCOUNT := TXNCOUNT + 1 END_IF !Reset the counter when the transaction is approved IF @TRANDET.RESPCODE = "00" OR @TRANDET.RESPCODE = "01" OR @TRANDET.RESPCODE = "000" OR @TRANDET.RESPCODE = "001" SET TXNCOUNT := 0 END_IF ACTION
SET G_RECs_processed := G_RECs_processed + 1
END_ACTION END_RULE !Check if the counter value is greater than the threshold and if the send alert flag is on (1) !If the condition is true, set the alert flag to off (0) to avoid the sending of multiple alerts RULE SEND_ALERT PRIMARY STRING MsgText RECORD PNODES WHERE ALL REFRESH 30 SECONDS NODE ( #NI\ConsDecAnalystNode ) IF TXNCOUNT > 9 AND ALERTFLAG = 1 LOG SNMPTRAP 0101 VERSION v1 HOST 10.129.88.82 PORT 162 PRIORITY CRITICAL IMMEDIATELY EXEC #DISPMAN 0100 IMMEDIATELY SET ALERTFLAG := 0 SET TXNCOUNT := 0 END_IF ACTION
SET MsgText := subst ("@G_RECs_processed@ records processed at ^timestamp")
EXEC #DISPMAN 00200 IMMEDIATELY
END_ACTION END_RULE !Rule to reset the send alert flag to on (1) and reset the counter to 0 after x seconds/minutes !x seconds/minutes refresh has to match the refresh interval in the rule above RULE RESET_ALERT_FLAG PRIMARY RECORD PNODES WHERE ALL REFRESH 30 SECONDS NODE ( #NI\BASE24-active ) ACTION SET ALERTFLAG := 1 !SET TXNCOUNT := 0 END_ACTION END_RULE END_SECTION SECTION MSG_TEXT MSG 0100 "DISPREQ CMD_SRC 402872ConsDenial MSG_CODE_NUM 100 MSG_DEST ConsDecGroup MSG_TITLE Consecutive BIN 402872 decline @TXNCOUNT@ txns MSG_TEXT Consecutive BIN 402872 decline @TXNCOUNT@ txns." MSG 0101 "Consecutive BIN 402872 decline more than 10 transactions" MSG 00200 "DISPREQ CMD_SRC 402872ConsDenial MSG_CODE_NUM 100 MSG_DEST ConsDecGroup MSG_TITLE @MsgText@ MSG_TEXT @MsgText@"
END_SECTION
If you can verify that the TRAN_COUNT rule only gets the transactions for the last 30 seconds and they are processed in the order they are received (timestamp always increasing) then I believe the following changes to the analyst will address the issue of missing consecutive declined transactions over consecutive 30 second intervals. This logic should capture the first occurrence of 10+ consecutive decline transactions within a 30 second window. If 10+ consecutive transactions occur more than once in a 30 second window, this will not alarm on them until the next 30 second interval. if you want it to alert on every occurrence of 10+ declined transactions, just comment out the "SET ALERTFLAG := 0" and you could get rid of the "RESET_ALERT_FLAG" rule.
SECTION CONFIG MAX_SIZE 5.0 MB NUMERIC TXNCOUNT [0] := 0 NUMERIC ALERTFLAG [0] := 1 END_SECTION SECTION RULE_DEF ! Get all records from TRANDET record and set counter ! increment the counter if it is declined response code and reset the counter if approve response code RULE TRAN_COUNT PRIMARY RECORD TRANDET WHERE BIN = "402872" AND (SRCNAME = "NSX7DRP2" OR SRCNAME = "NSX7DRA2") AND LOGTIME > ( CurrentTime - 30 seconds ) REFRESH 30 SECONDS NODE ( #NI\BASE24-active ) SORT DESC LOGTIME !Increment the counter when the transaction is declined IF @TRANDET.RESPCODE NOT IN {"00","01","000","001","076","206"} SET TXNCOUNT := TXNCOUNT + 1 END_IF !Check if the counter value is greater than the threshold and if the send alert flag is on (1) !If the condition is true, set the alert flag to off (0) to avoid the sending of multiple alerts IF TXNCOUNT > 9 AND ALERTFLAG = 1 LOG SNMPTRAP 0101 VERSION v1 HOST 10.129.88.82 PORT 162 PRIORITY CRITICAL IMMEDIATELY EXEC #DISPMAN 0100 IMMEDIATELY SET ALERTFLAG := 0 SET TXNCOUNT := 0 END_IF !Reset the counter when the transaction is approved IF @TRANDET.RESPCODE = "00" OR @TRANDET.RESPCODE = "01" OR @TRANDET.RESPCODE = "000" OR @TRANDET.RESPCODE = "001" SET TXNCOUNT := 0 END_IF END_RULE !Rule to reset the send alert flag to on (1) and reset the counter to 0 after x seconds/minutes !x seconds/minutes refresh has to match the refresh interval in the rule above RULE RESET_ALERT_FLAG PRIMARY RECORD PNODES WHERE ALL REFRESH 30 SECONDS NODE ( #NI\BASE24-active ) ACTION SET ALERTFLAG := 1 !SET TXNCOUNT := 0 END_ACTION END_RULE END_SECTION SECTION MSG_TEXT MSG 0100 "DISPREQ CMD_SRC 402872ConsDenial MSG_CODE_NUM 100 MSG_DEST ConsDecGroup MSG_TITLE Consecutive BIN 402872 decline @TXNCOUNT@ txns MSG_TEXT Consecutive BIN 402872 decline @TXNCOUNT@ txns." MSG 0101 "Consecutive BIN 402872 decline more than 10 transactions" END_SECTION
Members | Likes |
---|---|
14 | |
7 | |
4 | |
3 | |
3 |