Maintaining the rule engine performance

To avoid slowing the performance of the rule engine, try to specify a selector that refers to a specific event class. It takes the cell less processing time to search a specific class than it does a generic class. Also, try to avoid performance-intensive where clauses and complex queries in the Using clause.

For example, using a match_regex() call can cause performance problems. Instead, use an equals, contains, matches, has_prefix, or has_suffix clause.

The following line:

EVENT($EV) where [$EV.CLASS == 'APPLICATION_EVENT'] 

might appear equivalent to

APPLICATION_EVENT ($EV)

However, they are not equivalent. The rule engine maintains an inheritance table that enables it to be extremely efficient at manipulating classes. In the first syntax example, the rule engine literally must check to see whether the class name is the string 'APPLICATION_EVENT'. This literal comparison does not take advantage of the inheritance mechanism, and places a much heavier demand on the performance of the rule engine than the syntax in the second example. Using class comparisons in a where clause does not use the inheritance table optimization and results in performance degradation of the rule engine.

Equivalent syntax and backward compatibility

The following line can also be written as shown in the figure 1:

$APEV.mc_host equals 'thathost'

mc_host:equals thathost

However, the following is permitted only for backward compatibility with the first initial releases of the MRL.

$EV.mc_host:equals 'thathost'

Syntax shortcut

In a where clause slot: is a shortcut for $EV.slot.

$EV.slot: is syntactically incorrect.