Hi , I am working on an Esper rule logic in Netewitness Logs and Packets which is as follows.
The event stream waits for an event ,say event B , as soon as it finds it , the stream looks historically in the last 10 mins to find an event say ,event A . If event A does not exist , the rule is triggered.
My limited research led me to believe that i will be using a named window or a snap shot (fire and forget) query.
Any idea how will this logic look it ?
Thanks.
