logscape
diff --git a/‎alerts-emailaction.html
+41-1 b/‎alerts-emailaction.html
+41-1
diff --git a/‎alerts-examples-highcpualert.html
-1 b/‎alerts-examples-highcpualert.html
-1
diff --git a/‎alerts-groovyaction.html
+4-6 b/‎alerts-groovyaction.html
+4-6
diff --git a/‎alerts-streaming-clients-js.html
+17 b/‎alerts-streaming-clients-js.html
+17
diff --git a/‎alerts-trigger_tab.html
+19-1 b/‎alerts-trigger_tab.html
+19-1
diff --git a/‎apps-intro.html
+3-1 b/‎apps-intro.html
+3-1
@@ -309,7 +309,47 @@ <h4>Sorted Events Key Map</h4>
                 </ul>
                 <h4>Writing to a Database </h4>
                 <p>This examples writes the events level and message to a database.</p>
-                <blockquote>sql = Sql.newInstance("jdbc:sqlite:C:/home/logscape/work/trigger-data.db","org.sqlite.JDBC") </blockquote>
+                <blockquote>
+                  sql = Sql.newInstance("jdbc:sqlite:C:/home/logscape/work/trigger-data.db","org.sqlite.JDBC") 
+                  sortedEvents.each(){ event - \n
+                  server = event["server"] 
+                  date = event["Date"] 
+                  level = event["Level"] 
+                  exception = event["Exception"] 
+                  sql.execute("INSERT INTO events (date,host,logLevel,message) VALUES ("+date+","+server+","+level+","+exception+")" )
+                </blockquote>
+                <h3>Groovy Script </h3>
+                <p>When an alert is fired a groovy script is executed when scripts actions are enabled. The groovy script has access to all the event details related to the triggering alert. A HashMap <em>sortedEvents </em>is made available to the groovy script and can used to siphon data out of Logscape into other systems, e.g tickets systems, message buses databases and so on.</p>
+                <h4>Sorted Events Key Map</h4>
+                <p>The events key map contains the following the keys: </p>
+                <ul> <strong>Alert Details </strong>
+                  <li>name - Alert name </li>
+                  <li>triggerSearch - The trigger search assigned to the alert</li>
+                  <li>triggerCount - the number of events need to trigger the alert </li><strong> Trigger Events </strong>
+                  <li>event  - all the trigger events as a map</li>
+                  <li>textEvents - the raw trigger events as it appears in the original data</li>
+                  <li>sortedEvents - the events sorted</li>
+                  <li>sortedMap - a key value sorted list of the events</li><strong> Other  </strong>
+                  <li>sysout -  use this to print to the Logscape system console</li>
+                  <li>log  - use this to output data into Logscape log file </li>
+                  <li>currentTime - The time the alert is fired </li>
+                </ul>
+                <div class="row">
+                  <div class="col-md-11"><br/><br/><br/>
+                    <div id="disqus_thread">
+                      <script>
+                        /* * * CONFIGURATION VARIABLES: EDIT BEFORE PASTING INTO YOUR WEBPAGE * * */
+                        var disqus_shortname = 'logscape'; // required: replace example with your forum shortname
+                        /* * * DON'T EDIT BELOW THIS LINE * * */
+                        (function() {
+                        	var dsq = document.createElement('script'); dsq.type = 'text/javascript'; dsq.async = true;
+                        	dsq.src = '//' + disqus_shortname + '.disqus.com/embed.js';
+                        	(document.getElementsByTagName('head')[0] || document.getElementsByTagName('body')[0]).appendChild(dsq);
+                        })();
+                      </script>
+                    </div>
+                  </div>
+                </div>
               </div>
             </div>
           </div>
 
@@ -261,7 +261,6 @@ <h4>Articles </h4>
               <h3>Alerts High Cpu Example </h3>
               <p>An alert can use a standard schedule, which executes the trigger search retrospectively or it can be realtime, reporting on events as they occur.  The choice between a historical or realtime alert schedule depends on the alert situation. </p>
               <p>Let's walk through a High Cpu Alert. The trigger search for this alert is as follows:</p>
-              <div class="image"><img src="image/alert-examples-highcpualert-triggersearch.png"/></div>
               <p> </p>
               <div class="image"><img src="images/alerts-examples-highcpualert-general.png"/><img src="images/alerts-examples-highcpualert-trigger.png"/><img src="images/alerts-examples-highcpualert-actions.png"/></div>
             </div>
 
@@ -259,16 +259,14 @@ <h4>Articles </h4>
             <div class="row">
               <div class="col-md-8">
                 <h3>Groovy Script Action </h3>
-                <p>When an alert is fired a groovy script is executed when scripts actions are enabled. The groovy script has access to all the event details related to the triggering alert. A HashMap <em>sortedEvents </em>is made available to the groovy script and can used to siphon data out of Logscape into other systems, e.g tickets systems, message buses databases and so on.</p>
-                <h4>Sorted Events Key Map</h4>
-                <p>The events key map contains the following the keys: </p>
+                <p>When an alert is fired a groovy script is executed when scripts actions are enabled. The groovy script has access to the following variables - </p>
                 <ul> <strong>Alert Details </strong>
                   <li>name - Alert name </li>
                   <li>triggerSearch - The trigger search assigned to the alert</li>
                   <li>triggerCount - the number of events need to trigger the alert </li><strong> Trigger Events </strong>
-                  <li>event  - all the trigger events as a map</li>
-                  <li>textEvents - the raw trigger events as it appears in the original data</li>
-                  <li>sortedEvents - the events sorted</li>
+                  <li>event  - all the trigger events as an array</li>
+                  <li>textEvents - the raw trigger events as it appears in the original data, stored asn array</li>
+                  <li>sortedEvents - the events sorted, as an arrya</li>
                   <li>sortedMap - a key value sorted list of the events</li><strong> Other  </strong>
                   <li>sysout -  use this to print to the Logscape system console</li>
                   <li>log  - use this to output data into Logscape log file </li>
 
@@ -273,8 +273,25 @@ <h3>Testing the Websocket Server</h3>
               	li put on git hub  logscape/streaming-clients/js
               
               p http://stackoverflow.com/questions/13672490/real-time-data-with-d3
+              
               -->
             </div>
+            <div class="row">
+              <div class="col-md-11"><br/><br/><br/>
+                <div id="disqus_thread">
+                  <script>
+                    /* * * CONFIGURATION VARIABLES: EDIT BEFORE PASTING INTO YOUR WEBPAGE * * */
+                    var disqus_shortname = 'logscape'; // required: replace example with your forum shortname
+                    /* * * DON'T EDIT BELOW THIS LINE * * */
+                    (function() {
+                    	var dsq = document.createElement('script'); dsq.type = 'text/javascript'; dsq.async = true;
+                    	dsq.src = '//' + disqus_shortname + '.disqus.com/embed.js';
+                    	(document.getElementsByTagName('head')[0] || document.getElementsByTagName('body')[0]).appendChild(dsq);
+                    })();
+                  </script>
+                </div>
+              </div>
+            </div>
           </div>
         </div>
       </div>
 
@@ -268,7 +268,25 @@ <h3>Trigger Tab </h3>
                 <p>The alert will trigger when the cpu field value is greater than 80%.</p><strong>Correlatation</strong>
                 <p>Correlated events are used to study a time window for a sequence of values, or average. While correlated events can be used on almost any form of data, they’re at their best when dealing with data such as audit or webserver logs due to the nature of key value pair error codes, but they will excel in any environment that makes use of error messages or codes.</p>
                 <p>Correlation events have the following fields</p>
-                <blockquote>Time Window - The window in seconds to look for your event value<br/>Type - Sequence or Average</blockquote>
+                <blockquote>Time Window - The window in seconds to look for your event value<br/>Type - Sequence or Average<br/>Event Value - The sequence(comma seperated or average value to look for)<br/>Correlation Field - The field to check<br/>Correlation Key - Additional field, Allows you to group values, i.e _host, would mean all values would need to be from one host</blockquote>
+                <div class="image"><img src="images/alerts-correlated.png"/></div>
+                <p>Specifying your type as sequence means that the event must occur N times in a row, without another event inbetween, using the correlation field it is possible to group the events, by for example host, meaning N events in a row must originate from the same host, and events from other hosts will not infringe upon this, When choosing sequence, the values to look for must be added to the event value field and seperated by comma's. Choosing avg will simply average the value over the duration of your capture period.</p>
+              </div>
+            </div>
+            <div class="row">
+              <div class="col-md-11"><br/><br/><br/>
+                <div id="disqus_thread">
+                  <script>
+                    /* * * CONFIGURATION VARIABLES: EDIT BEFORE PASTING INTO YOUR WEBPAGE * * */
+                    var disqus_shortname = 'logscape'; // required: replace example with your forum shortname
+                    /* * * DON'T EDIT BELOW THIS LINE * * */
+                    (function() {
+                    	var dsq = document.createElement('script'); dsq.type = 'text/javascript'; dsq.async = true;
+                    	dsq.src = '//' + disqus_shortname + '.disqus.com/embed.js';
+                    	(document.getElementsByTagName('head')[0] || document.getElementsByTagName('body')[0]).appendChild(dsq);
+                    })();
+                  </script>
+                </div>
               </div>
             </div>
           </div>
 
@@ -267,7 +267,9 @@ <h3>Logscape Apps</h3>
                   </ul>
                 </p>
                 <p><strong> The Bundle - </strong>Is an xml document that contains a description of what services a Logscape App will execute. In each service description there is a schedule parameter which controls when the Apps service is executed</p>
-                <p><strong>Config File</strong> - The config file contains all the Searches, Workspaces, types and sources that the App needs to run. </p>
+                <p><strong>Config File</strong> - The config file contains all the Searches, Workspaces, types and sources that the App needs to run. 
+                   - Config file names must be unique within the environment
+                </p>
                 <p><strong>scripts -</strong> These are the programs or scripts that are executed by the service sections in the bundle file. 
 
                 </p>