- 6 minutes to read

Release Notes

Monitoring Correlated Events

Track transaction sequences and business workflows across multiple log files—detect incomplete transactions, missing confirmations, and stuck processes using powerful ACK/NAK correlation monitoring.

Gain complete visibility over your business transaction flows with the Nodinite Log File Parser Monitoring Agent. On this page, you will:

  • Track transaction sequences—monitor "OrderReceived" → "OrderCompleted" patterns across log files
  • Detect incomplete workflows—alert when start events lack corresponding end events within timeouts
  • Scale across systems—correlate events spanning multiple applications, servers, and log files
  • Take immediate action—leverage remote actions to investigate stuck transactions and manage states

You can configure Nodinite to correlate events across one or more log files, track transaction lifecycles, and alert when business processes don't complete properly. This page explains ACK/NAK correlation concepts and monitoring setup. For management actions, see Managing Correlated Events.

Understanding Correlated Event Monitoring

Correlated Events monitoring tracks business transaction sequences using start and end patterns matched by unique identifiers. Unlike Monitoring Content Files, this approach correlates related events across time and files to detect incomplete workflows.

When to Use Correlated Event Monitoring

Perfect for:

  • Business transactions - Order processing, payment flows, customer onboarding workflows
  • System integration - API request/response tracking, message queue processing, data synchronization
  • Process monitoring - Batch job completion, file processing pipelines, approval workflows
  • SLA compliance - Track processing times, detect delays, ensure service level adherence
  • Error recovery - Identify stuck processes, incomplete operations, missing confirmations

Real-world examples:

  • E-commerce: "OrderReceived" → "OrderShipped" within 24 hours
  • Financial services: "PaymentInitiated" → "PaymentConfirmed" within 5 minutes
  • Healthcare: "PatientAdmitted" → "DischargeProcessed" workflow tracking
  • Manufacturing: "ProductionStarted" → "QualityApproved" → "ShipmentDispatched"

Implementation example: See How to monitor correlated events for complete configuration walkthrough.

Correlation Monitoring Features

ACK/NAK Pattern Detection

  • Start patterns - Define RegEx to detect transaction initiation ("OrderReceived.*OrderId:(\d+)")
  • End patterns - Configure RegEx to match completion or failure ("OrderShipped.*OrderId:$1")
  • Identifier extraction - Capture transaction IDs, customer numbers, order references for correlation
  • Multi-file support - Track sequences across separate application, integration, and confirmation logs

Intelligent Timeout Management

  • Warning thresholds - Alert when transactions exceed expected processing time (15 minutes)
  • Error thresholds - Trigger errors when transactions fail to complete within SLA (30 minutes)
  • Flexible timing - Configure different timeouts per transaction type, priority level, or business impact
  • Grace periods - Account for expected processing delays, peak load periods, maintenance windows

Cross-File Correlation

  • Wildcard file patterns - Monitor transaction logs across rotating files (payment_*.log)
  • Date-stamped files - Handle daily/hourly log rotation automatically (api_2025-11-12.log)
  • SMB share support - Correlate events across network-mounted log directories
  • Multi-server tracking - Follow transactions spanning different application servers

Transaction State Tracking

  • Pending detection - Identify transactions awaiting completion
  • Success correlation - Match successful start/end patterns within timeouts
  • Failure detection - Recognize explicit failure patterns in end matches
  • Timeout alerts - Alert on transactions exceeding configured time limits

Correlated Events Overview
Example: Correlated event configurations tracking business transactions in a Monitor View

Monitor Configuration Options

Nodinite presents each Correlated Events Configuration as a Resource, evaluated continuously for transaction completion:

  • Organize by workflow - Group configurations by Application (Order Processing, Payment Gateway, Customer Service)
  • Categorize by type - All correlation configurations appear under 'Log File Event' Category
  • Scale monitoring - Deploy multiple agents across transaction processing servers
  • Apply different SLAs - Use varied timeout thresholds for different transaction types

Correlated Events Categories
Example: Correlated Events configurations organized by Category

Configuration Elements

  • Display name comes from your Correlated Events Configuration settings
  • Application association links transaction monitoring to business systems
  • Start/End patterns define what constitutes transaction begin and completion events
  • Timeout thresholds control when warnings and errors are triggered for incomplete transactions

Each Correlated Events Configuration (Resource) maintains one of these states:

State Status Description Actions
Unavailable Resource not accessible Agent cannot access files due to configuration, network, or security issues Review Prerequisites
Error Transaction timeout Start event detected but no corresponding end event within error threshold View incomplete transactions
Warning Transaction delay Start event detected, approaching timeout threshold but not yet exceeded Monitor transaction progress
OK Transactions completing All detected start events have matching end events within configured timeouts View transaction status

Transaction States
Example: Correlated events resource showing transaction monitoring state

Customize state evaluation using the Expected State feature at the Resource level.

Managing Monitored Transactions

Once correlation monitoring is configured, use Remote Actions to investigate incomplete transactions and manage monitoring state. For complete details on available actions, see Managing Correlated Events.

Performance & Scalability

Transaction Processing Efficiency

  • Minimal overhead - Efficient pattern matching and correlation tracking without performance impact
  • Memory optimization - Maintains only active transaction states, automatic cleanup of completed transactions
  • Scalable correlation - Handle thousands of concurrent transactions across multiple log files

High-Volume Transaction Support

  • Batch processing - Efficiently process large numbers of transactions in high-throughput environments
  • Memory management - Automatic cleanup of completed transactions to prevent memory growth
  • Performance tuning - Configurable scan intervals and batch sizes for optimal throughput

Performance characteristics:

  • Transaction capacity: 10,000+ concurrent incomplete transactions per agent
  • Correlation speed: Sub-second matching for start/end pattern detection
  • Memory efficiency: <200 MB for agent tracking 5,000 active transactions

Correlation Examples

Order Processing Workflow 

Start Pattern: OrderReceived.*OrderId:(\d+)
End Pattern:   OrderShipped.*OrderId:$1
Timeout:       24 hours

Use case: E-commerce order fulfillment - alert if orders aren't shipped within 24 hours

Payment Transaction Tracking 

Start Pattern: PaymentInitiated.*TransactionId:([A-Z0-9]+)
End Pattern:   PaymentConfirmed.*TransactionId:$1|PaymentFailed.*TransactionId:$1
Timeout:       5 minutes

Use case: Financial services payment processing - detect stuck payment transactions

API Request/Response Monitoring 

Start Pattern: APIRequest.*RequestId:([a-f0-9-]+).*POST /api/orders
End Pattern:   APIResponse.*RequestId:$1.*(200|201)
Timeout:       30 seconds

Use case: Integration monitoring - ensure API requests receive responses within SLA

Batch Job Processing 

Start Pattern: BatchJobStarted.*JobId:([A-Z0-9]+).*daily-reconciliation
End Pattern:   BatchJobCompleted.*JobId:$1|BatchJobFailed.*JobId:$1
Timeout:       4 hours

Use case: Data processing workflows - monitor overnight batch job completion

Supported Correlation Scenarios

Nodinite correlated event monitoring handles diverse transaction tracking requirements:

Transaction Types

  • Business workflows - Orders, payments, approvals, customer processes
  • Technical processes - File transfers, data synchronization, system integrations
  • Batch operations - Report generation, data imports, scheduled maintenance
  • User interactions - Login sessions, form submissions, document processing

File Organization Patterns

  • Single file correlation - Track complete workflows within one log file
  • Multi-file sequences - Follow transactions across separate application logs
  • Time-based rotation - Handle daily/hourly log files with seamless correlation
  • Service-based separation - Correlate events across microservice log files

Identifier Extraction

  • Simple IDs - Order numbers, transaction IDs, customer references
  • Complex patterns - Multi-part identifiers, GUIDs, composite keys
  • Contextual matching - Include additional context (user ID, session ID) for precise correlation
  • Case handling - Configure case-sensitive or case-insensitive identifier matching

Next Steps

Ready to set up transaction correlation?

Configure Correlated Events - Set up start/end patterns and timeout thresholds
Managing Correlated Events - Perform remote actions and manage transaction states

Need specific implementation guidance?

How to Monitor Correlated Events - Complete step-by-step configuration example
How to Monitor File Content - Alternative content-based monitoring approach

Managing Content Files - Content management and investigation actions
Monitoring Content Files - Pattern-based content detection and alerting
Configuration - Correlated Events - Complete setup and pattern configuration
Troubleshooting Correlation Monitoring - Common issues and resolution guides