Juniper NETWORKS STRM - TECHNICAL NOTE REV 6-2008 Manual page 3

Table 2 Match Group Parameters (continued)
Parameter Description
Specify a different device's QID. Allows the particular match group
device-type-
to search in the specified device for the event type. It must be a
id-override
(Optional) valid device type ID, represented as an integer. A list of device type
IDs is presented in
If not specified, this parameter defaults to the device type of the
device to which the extension is attached.
Match groups can have up to three different types of entities:
• Matcher (matcher)
Single-Event Modifier (event-match-single)
•
Multi-Event Modifier (event-match-multiple)
•
Matcher ( )
matcher
A matcher entity is a field that is parsed (for example, EventName) and is paired
with the appropriate pattern and group for parsing. Matchers have an associated
order, so if multiple matchers are specified for the same field name, the matchers
are executed in the order presented until a successful parse is found or a failure
occurs.
Table 3 Matcher Entity Parameters
Parameter
field
(Required)
pattern-id
(Required)
order
(Required)
Understanding Extension Document Elements
Table 6
.
Description
Specify the field to which you wish the pattern to apply,
for example, EventName, or SourceIp. See
list of valid field names.
Specify the pattern you wish to use when parsing the
field out of the payload. This value must match (including
case) the ID parameter of the pattern previously defined
in a pattern ID parameter (
Specify the order that you wish this pattern to attempt
among matchers assigned to the same field. If there are
two matchers assigned to the EventName field, the one
with the lowest order is attempted first.
Table 4
Table 1 ).
Release 2008.2
3
for a