- 7 minutes to read

Release Notes

Monitoring Correlated Events

Track transaction sequences and business workflows across multiple log files—detect incomplete transactions, missing confirmations, and stuck processes using powerful ACK/NAK correlation monitoring.

Gain complete visibility over your business transaction flows with the Nodinite Log File Parser Monitoring Agent. On this page, you will:

  • Track transaction sequences—monitor "OrderReceived" → "OrderCompleted" patterns across log files
  • Detect incomplete workflows—alert when start events lack corresponding end events within timeouts
  • Scale across systems—correlate events spanning multiple applications, servers, and log files
  • Take immediate action—leverage remote actions to investigate stuck transactions and manage states

You can configure Nodinite to correlate events across one or more log files, track transaction lifecycles, and alert when business processes don't complete properly. This page explains ACK/NAK correlation concepts and monitoring setup. For management actions, see Managing Correlated Events.

Understanding Correlated Event Monitoring

Correlated Events monitoring tracks business transaction sequences using start and end patterns matched by unique identifiers. Unlike Monitoring Content Files, this approach correlates related events across time and files to detect incomplete workflows.

When to Use Correlated Event Monitoring

Perfect for:

  • Business transactions - Order processing, payment flows, customer onboarding workflows
  • System integration - API request/response tracking, message queue processing, data synchronization
  • Process monitoring - Batch job completion, file processing pipelines, approval workflows
  • SLA compliance - Track processing times, detect delays, ensure service level adherence
  • Error recovery - Identify stuck processes, incomplete operations, missing confirmations

Real-world examples:

  • E-commerce: "OrderReceived" → "OrderShipped" within 24 hours
  • Financial services: "PaymentInitiated" → "PaymentConfirmed" within 5 minutes
  • Healthcare: "PatientAdmitted" → "DischargeProcessed" workflow tracking
  • Manufacturing: "ProductionStarted" → "QualityApproved" → "ShipmentDispatched"

Implementation example: See How to monitor correlated events for complete configuration walkthrough.

Correlation Monitoring Features

ACK/NAK Pattern Detection

  • Start patterns - Define RegEx to detect transaction initiation ("OrderReceived.*OrderId:(\d+)")
  • End patterns - Configure RegEx to match completion or failure ("OrderShipped.*OrderId:$1")
  • Identifier extraction - Capture transaction IDs, customer numbers, order references for correlation
  • Multi-file support - Track sequences across separate application, integration, and confirmation logs

Intelligent Timeout Management

  • Warning thresholds - Alert when transactions exceed expected processing time (15 minutes)
  • Error thresholds - Trigger errors when transactions fail to complete within SLA (30 minutes)
  • Flexible timing - Configure different timeouts per transaction type, priority level, or business impact
  • Grace periods - Account for expected processing delays, peak load periods, maintenance windows

Cross-File Correlation

  • Wildcard file patterns - Monitor transaction logs across rotating files (payment_*.log)
  • Date-stamped files - Handle daily/hourly log rotation automatically (api_2025-11-12.log)
  • SMB share support - Correlate events across network-mounted log directories
  • Multi-server tracking - Follow transactions spanning different application servers

Transaction State Tracking

  • Pending detection - Identify transactions awaiting completion
  • Success correlation - Match successful start/end patterns within timeouts
  • Failure detection - Recognize explicit failure patterns in end matches
  • Timeout alerts - Alert on transactions exceeding configured time limits

Correlated Events Overview
Example: Correlated event configurations tracking business transactions in a Monitor View

Monitor Configuration Options

Nodinite presents each Correlated Events Configuration as a Resource, evaluated continuously for transaction completion:

  • Organize by workflow - Group configurations by Application (Order Processing, Payment Gateway, Customer Service)
  • Categorize by type - All correlation configurations appear under 'Log File Event' Category
  • Scale monitoring - Deploy multiple agents across transaction processing servers
  • Apply different SLAs - Use varied timeout thresholds for different transaction types

Correlated Events Categories
Example: Correlated Events configurations organized by Category

Configuration Elements

  • Display name comes from your Correlated Events Configuration settings
  • Application association links transaction monitoring to business systems
  • Start/End patterns define what constitutes transaction begin and completion events
  • Timeout thresholds control when warnings and errors are triggered for incomplete transactions

Each Correlated Events Configuration (Resource) maintains one of these states:

State Status Description Actions
Unavailable Resource not accessible Agent cannot access files due to configuration, network, or security issues Review Prerequisites
Error Transaction timeout Start event detected but no corresponding end event within error threshold View incomplete transactions
Warning Transaction delay Start event detected, approaching timeout threshold but not yet exceeded Monitor transaction progress
OK Transactions completing All detected start events have matching end events within configured timeouts View transaction status

Transaction States
Example: Correlated events resource showing transaction monitoring state

Customize state evaluation using the Expected State feature at the Resource level.

Available Actions

With the Nodinite Web Client, you can perform Remote Actions on correlated event monitoring resources:

Transaction Analysis Actions

  • Error Report - View incomplete transactions with start/end details and timeout information
  • Clear Errors - Reset transaction states and ignore historical incomplete transactions
  • Show Log Files - Display monitored transaction log files with individual file management
  • Edit Thresholds - Adjust timeout values and correlation parameters without agent restart

Transaction Investigation

  • Download transaction logs - Retrieve log files containing incomplete transactions for detailed analysis
  • View correlation details - Inspect start/end pattern matches, transaction IDs, and timeline information
  • Export transaction data - Create reports for business stakeholders, SLA analysis, process improvement

Available Remote Actions
Remote Actions menu for correlated events monitoring resources

Transaction History & SLA Reporting

Track all business transaction monitoring for SLA compliance and process optimization:

Transaction Analytics

  • Completion rates - Measure percentage of transactions completing within SLA thresholds
  • Processing times - Analyze average, median, and 95th percentile transaction durations
  • Failure patterns - Identify common incomplete transaction scenarios and root causes
  • Trend analysis - Track transaction volume and performance over time periods

Business Intelligence

  • SLA compliance - Generate reports showing adherence to processing time commitments
  • Process optimization - Identify bottlenecks in transaction workflows for improvement opportunities
  • Capacity planning - Use transaction volume trends for infrastructure scaling decisions
  • Root cause analysis - Correlate incomplete transactions with system events, deployments, load patterns
Search Transaction History Individual Transaction Analysis
Search transaction alerts across time periods Detailed transaction history for specific correlation configuration
Search for transaction alerts across all correlated monitoring resources Transaction history and patterns for specific correlation configuration

For complete guidance on managing transactions and performing investigations, see Managing Correlated Events.

Performance & Scalability

Transaction Processing Efficiency

  • Minimal overhead - Efficient pattern matching and correlation tracking without performance impact
  • Memory optimization - Maintains only active transaction states, automatic cleanup of completed transactions
  • Scalable correlation - Handle thousands of concurrent transactions across multiple log files

High-Volume Transaction Support

  • Batch processing - Efficiently process large numbers of transactions in high-throughput environments
  • Memory management - Automatic cleanup of completed transactions to prevent memory growth
  • Performance tuning - Configurable scan intervals and batch sizes for optimal throughput

Performance characteristics:

  • Transaction capacity: 10,000+ concurrent incomplete transactions per agent
  • Correlation speed: Sub-second matching for start/end pattern detection
  • Memory efficiency: <200 MB for agent tracking 5,000 active transactions

Correlation Examples

Order Processing Workflow 

Start Pattern: OrderReceived.*OrderId:(\d+)
End Pattern:   OrderShipped.*OrderId:$1
Timeout:       24 hours

Use case: E-commerce order fulfillment - alert if orders aren't shipped within 24 hours

Payment Transaction Tracking 

Start Pattern: PaymentInitiated.*TransactionId:([A-Z0-9]+)
End Pattern:   PaymentConfirmed.*TransactionId:$1|PaymentFailed.*TransactionId:$1
Timeout:       5 minutes

Use case: Financial services payment processing - detect stuck payment transactions

API Request/Response Monitoring 

Start Pattern: APIRequest.*RequestId:([a-f0-9-]+).*POST /api/orders
End Pattern:   APIResponse.*RequestId:$1.*(200|201)
Timeout:       30 seconds

Use case: Integration monitoring - ensure API requests receive responses within SLA

Batch Job Processing 

Start Pattern: BatchJobStarted.*JobId:([A-Z0-9]+).*daily-reconciliation
End Pattern:   BatchJobCompleted.*JobId:$1|BatchJobFailed.*JobId:$1
Timeout:       4 hours

Use case: Data processing workflows - monitor overnight batch job completion

Supported Correlation Scenarios

Nodinite correlated event monitoring handles diverse transaction tracking requirements:

Transaction Types

  • Business workflows - Orders, payments, approvals, customer processes
  • Technical processes - File transfers, data synchronization, system integrations
  • Batch operations - Report generation, data imports, scheduled maintenance
  • User interactions - Login sessions, form submissions, document processing

File Organization Patterns

  • Single file correlation - Track complete workflows within one log file
  • Multi-file sequences - Follow transactions across separate application logs
  • Time-based rotation - Handle daily/hourly log files with seamless correlation
  • Service-based separation - Correlate events across microservice log files

Identifier Extraction

  • Simple IDs - Order numbers, transaction IDs, customer references
  • Complex patterns - Multi-part identifiers, GUIDs, composite keys
  • Contextual matching - Include additional context (user ID, session ID) for precise correlation
  • Case handling - Configure case-sensitive or case-insensitive identifier matching

Next Steps

Ready to set up transaction correlation?

Configure Correlated Events - Set up start/end patterns and timeout thresholds
Managing Correlated Events - Perform remote actions and manage transaction states

Need specific implementation guidance?

How to Monitor Correlated Events - Complete step-by-step configuration example
How to Monitor File Content - Alternative content-based monitoring approach

Managing Content Files - Content management and investigation actions
Monitoring Content Files - Pattern-based content detection and alerting
Configuration - Correlated Events - Complete setup and pattern configuration
Troubleshooting Correlation Monitoring - Common issues and resolution guides