×
 
 
  •  
$helper.renderConfluenceMacro('{bmc-global-announcement:$space.key}')
BMC TrueSight Infrastructure Management 11.3 ... Administering Infrastructure Management Configuring Infrastructure Management to monitor and manage your infrastructure systems Managing policies Working with event management policies

How to create an event selector and specify event selection criteria

An event selector is the component of an event management policy that selects one or more events to which an event management policy applies using specified event selection criteria. When an incoming event matches any of the specified event selection criteria, the cell applies the associated event management policy to the event.

Before you begin 

To create an event selector and specify event selection criteria

  1. From the Administration View, select the Event Management Polices tab.

  2. Select a valid node (non-cell group) from the navigation pane.
    Valid nodes for event selector creation are all visible nodes except the top-level cell group node. When the Add Event Selector button in the toolbar becomes active, this is an indication that a valid node is selected.
  3. On the Administration View toolbar, click Add Event Selector .
    The Selector Details tab, shown in the following figure, is displayed.  

    Selector Details tab
  4. In the Selector Name field, type the event selector name.
  5. In the Group field, type an event selector group name.

    The event selector that you create in the next step is associated with the event selector group that you enter. If you enter a name of an event selector group that does not exist, that group is created.
  6. To the right of the Base Event Class field, click the ellipses  button to display an event class chooser dialog box (shown in the following figure) from which to select the event class.

    Class Chooser dialog box
  7. Select an event class from the tree and click OK to accept the class. 

    For more information about event classes, see Event and data classes.
  8. In the Description field, type an optional description for the event selector.
  9. Click Add to add event selection criteria to this event selector. 

    The Add Event Criteria editor is displayed.
  10. From the Add Event Criteria editor, type a description for the event selection criteria in the Description slot. 
  11. In the Event Classfield, use one of the following methods to select an event class on which to base the event selection criteria:
    • Accept the default event class in the Event Class field.

    • Change the class by clicking the browse button. The Class Chooser dialog box is displayed, select a class and click OK.

      Note

      You cannot change the event class specified in an ECF to any class that is not at the same level or below the event class already specified in the ECF. If the ECF contains slots in the current class that are not in the new class, you cannot change to the new class, even when it occurs in the hierarchy rooted in the base event class.

  12. In the Selection Definition section, shown in the following figure, create an expression that is used to determine whether an event of the selected class is processed by the policy by choosing a Slot, Operation, and Value.

    Selection Definition section of the Add Event Criteria editor

    • The example expression in the following figure tests events for Windows security messages containing logon and logoff messages. You might use this expression as part of an event selector for implementation in an event blackout policy that hides these security events from display but maintains their history.

      Example event selection criteria expression
    • For a list and definitions of EVENT slots available for selection, see Event and data classes. For a list and definitions of the operators available for each slot, see Master Rule Language (MRL) reference.
  13. Click OK to save the expression and close the Add Event Criteria editor.
    The event selection criteria is displayed in the Event Selection Criteria section of the Selector Details tab, as shown in the following figure.

    Completed event selection criteria in Selector Details tab

  14. To add more event selection criteria, click Add and repeat 10 through 13.

    Note

    If you add multiple event selection criteria for any event selector, the event needs to satisfy the Logical OR operator between the multiple criteria.

  15. Click OK to save the event selector and its event selector group.
Was this page helpful? Yes No Submitting... Thank you
Last modified by Shreya Gurukiran on Jan 20, 2021
administration events policies task

Comments

  1. Scott Field

    what does ECF stand for?

    Jan 07, 2021 11:24
    1. Shreya Gurukiran

      Hi Scott Field,

      ECF stands for Event condition formula.

      Regards,

      Shreya


      Jan 20, 2021 05:10

Log in or register to comment.

Editing the PATROL messaging text translation dynamic enrichment source file
Alias formulae
© Copyright 2013 - 2019 BMC Software, Inc.
Legal notices

Powered by Atlassian Confluence and Scroll Viewport

© Copyright 2005-2024 BMC Software, Inc. Use of this site signifies your acceptance of BMC’s Terms of Use . BMC, the BMC logo, and other BMC marks are assets of BMC Software, Inc. These trademarks are registered and may be registered in the U.S. and in other countries.