Event Orchestration workflows

This topic describes the TrueSight Orchestration workflows for the Event Orchestration run book. 

The predefined workflows in the run book ensure that the underlying logic for any new event types added to the run book remains the same. 

Event Orchestration process workflows

The Process Event workflow is triggered when an event data is received by TrueSight Orchestration. 

The workflow contains sub-processes, which perform an end-to-end process to triage and remediate the incoming event. Output data for each sub-process is considered as input for the subsequent process. 

The following table describes the stage, the workflow triggered at each stage, the modules required and information about how the Process Event workflow performs the end-to-end Event Orchestration process:

StageWorkflow nameModule that contains the workflowDescriptionRequired for new event types
TriageExtract Event and Configuration DataBMC-SA-Event OrchestrationExtracts configuration information based on the event type.Yes
Pre-Triage ActionsBMC-SA-Event Orchestration

Can contain any pre-triage actions based on your requirement.

Currently, no specific pre-triage action is identified.

Optional
Perform TriageBMC-SA-Event_Orchestration_Service_Down

After extracting event data, the Perform Triage workflow is invoked, which verifies the validity of the event on the target server. 

For each supported event type, the Perform Triage workflow is included in the module for the event type.

For example, for a service down event, the Perform Triage workflow is a part of the BMC-SA-Event_Orchestration_Service_Down module. 

Yes
Post-Triage ActionsAutoPilot-OA-Event_Orchestration

If triage is successful and remediation is required, as part of the Post-Triage Actions, the Create Incident workflow in the AutoPilot-OA-Event_Orchestration module creates or updates an existing incident in the ITSM system.

The ITSM System is defined in the BMC-SA-Event_Orchestration_Configuration module.

The Create Incident workflow invokes AutoPilot-OA-ITSM_Automation's Create or Update Incident workflow. AutoPilot-OA-ITSM_Automation hides the details of target ITSM implementation. By statically defining ITSM Type module configuration item during initial configuration of the solution, during runtime, logic in AutoPilot-OA-ITSM_Automation will switch to using appropriate implementation.

Yes
RemediationPre-Remediation ActionsAutoPilot-OA-ITSM_Automation

If a change ticket needs to be created, the AutoPilot-OA-Event_Orchestration:Create Change workflow is invoked.

This internally invokes the AutoPilot-OA-ITSM_Automation's Do Create Change workflow to create a change and task for the incident.

AutoPilot-OA-ITSM_Automation hides the details of target ITSM implementation.

Optional
Perform RemediationBMC-SA-Event_Orchestration_Service_Down

If remediation is required and there were no errors in the previous stages of the execution, remediation is started in two ways:

    1. If no change ticket is created, remediation is started immediately
    2. If change ticket is created, remediation process awaits approval of the change ticket based on the approval process configuration as defined in the ITSM system.

For each supported event type, the Perform Remediation workflow is included in the module for the event type.

For example, for a service down event, the Perform Remediation workflow is a part of the BMC-SA-Event_Orchestration_Service_Down module. 

Yes
ValidationPost-Remediation ActionsBMC-SA-Event_Orchestration_Service_Down

Invokes the Perform Validation workflow, which validates whether the event is successfully remediated. For example, for the Service Down event type, the workflow validates whether the service is started on the target server.

After the validation process is completed, ITSM tickets (change, task and incident) are updated with appropriate status (success/failure).

For each supported event type, the Perform Validation workflow is included in the module for the event type.

For example, for a service down event, the Perform Validation workflow is a part of the BMC-SA-Event_Orchestration_Service_Down module. 

Yes

Process Event workflow

The Process Event workflow receives event data and action ID performs triage and remediation, which invokes the following process:

  • Extract configuration related to the event 
  • Pre-Triage Actions 
  • Perform Triage 
  • Post-Triage Actions 
  • Pre-Remediation Actions 
  • Perform Remediation 
  • Post-Remediation Actions

The following table describes the input and output elements for the Process Event workflow. 

Input elementDescription
event data

Contains the event data in JSON format.

action id Action ID as defined by a use case, like BMC_TrueSight-ServiceDown-1.

The following figure shows a sample event.

{
   "adapter_host" : "" ,
   "administrator" : "" ,
   "date" : "20190312150809.000000+330" ,
   "date_reception" : "1552383489" ,
   "duration" : "0" ,
   "event_handle" : "1399" ,
   "event_identification_type" : "Default" ,
   "itsm_category" : "" ,
   "itsm_company" : "" ,
   "itsm_incident_id" : "" ,
   "itsm_incident_status" : "" ,
   "itsm_item" : "" ,
   "itsm_location" : "" ,
   "itsm_manufacturer" : "" ,
   "itsm_model_version" : "" ,
   "itsm_operational_category1" : "" ,
   "itsm_operational_category2" : "" ,
   "itsm_operational_category3" : "" ,
   "itsm_product_name" : "" ,
   "itsm_type" : "" ,
   "mc_abstracted" : "[]" ,
   "mc_abstraction" : "[]" ,
   "mc_account" : "" ,
   "mc_acl" : "[]" ,
   "mc_action_count" : "0" ,
   "mc_arrival_time" : "1552383507" ,
   "mc_associations" : "[]" ,
   "mc_bad_slot_names" : "[]" ,
   "mc_bad_slot_values" : "[]" ,
   "mc_cause" : "0" ,
   "mc_client_address" : "10.133.71.162" ,
   "mc_collectors" : "[1.1,2.1.1,3.1.1,4.1,5.1,13.1.1]" ,
   "mc_date_modification" : "1552383507" ,
   "mc_effects" : "[]" ,
   "mc_event_category" : "" ,
   "mc_event_model_version" : "1.1.00" ,
   "mc_event_relations" : "[]" ,
   "mc_event_subcategory" : "SYSTEM" ,
   "mc_history" : "[]" ,
   "mc_host" : "hostname.bmc.com" ,
   "mc_host_address" : "10.133.65.237" ,
   "mc_host_class" : "" ,
   "mc_host_id" : "8" ,
   "mc_incident_report_time" : "0" ,
   "mc_incident_time" : "1552383429" ,
   "mc_local_reception_time" : "1552383507" ,
   "mc_location" : "bmc.com" ,
   "mc_long_msg" : "" ,
   "mc_modhist" : "[pncell_hostname]" ,
   "mc_notes" : "[]" ,
   "mc_notification_history" : "[]" ,
   "mc_object" : "NUK_Memory@hostname.bmc.com" ,
   "mc_object_class" : "NUK_Memory" ,
   "mc_object_owner" : "" ,
   "mc_object_uri" : "" ,
   "mc_operations" : "[]" ,
   "mc_origin" : "" ,
   "mc_origin_class" : "" ,
   "mc_origin_key" : "" ,
   "mc_origin_sev" : "" ,
   "mc_original_priority" : "PRIORITY_5" ,
   "mc_original_severity" : "CRITICAL" ,
   "mc_owner" : "" ,
   "mc_parameter" : "Memory Used By User Processes and Kernel (Excludes Buffers-Cache)" ,
   "mc_parameter_threshold" : "15.0" ,
   "mc_parameter_unit" : "%" ,
   "mc_parameter_value" : "22.38" ,
   "mc_priority" : "PRIORITY_5" ,
   "mc_propagations" : "[pn_server_hostname:42,ts_event_gateway:57]" ,
   "mc_relation_source" : "" ,
   "mc_relationships" : "0/0" ,
   "mc_service" : "" ,
   "mc_smc_alias" : "hostname_8" ,
   "mc_smc_causes" : "[]" ,
   "mc_smc_effects" : "[]" ,
   "mc_smc_id" : "hostname_8" ,
   "mc_smc_impact" : "IMPACTING" ,
   "mc_smc_priority" : "0" ,
   "mc_smc_type" : "BMC_ComputerSystem" ,
   "mc_timeout" : "0" ,
   "mc_tool" : "hostname" ,
   "mc_tool_address" : "IPAddress" ,
   "mc_tool_class" : "PNET" ,
   "mc_tool_id" : "" ,
   "mc_tool_key" : "5" ,
   "mc_tool_rule" : "" ,
   "mc_tool_sev" : "" ,
   "mc_tool_suggestion" : "" ,
   "mc_tool_time" : "1552383489" ,
   "mc_tool_uri" : "" ,
   "mc_ueid" : "hostname-alr-5" ,
   "mc_using_organization" : "" ,
   "mc_using_organization_id" : "" ,
   "msg" : "Memory Memory Used By User Processes and Kernel (Excludes Buffers-Cache) > 15%  for 1 min." ,
   "pn_alarm_exec_notify" : "FALSE" ,
   "pn_alarm_id" : "5" ,
   "pn_baseline_type" : "ALL" ,
   "pn_detail_diag" : "0" ,
   "pn_detail_diag_count" : "0" ,
   "pn_device_name" : "hostname.bmc.com" ,
   "pn_end_time" : "-1" ,
   "pn_extremeness" : "0" ,
   "pn_group_ids" : "[]" ,
   "pn_groups" : "[]" ,
   "pn_highest_severity" : "CRITICAL" ,
   "pn_invoke_alarm_rule" : "TRUE" ,
   "pn_is_predicted" : "FALSE" ,
   "pn_is_suppressing" : "FALSE" ,
   "pn_last_time" : "1552383489" ,
   "pn_object_class_id" : "501042" ,
   "pn_object_id" : "236" ,
   "pn_old_severity" : "OK" ,
   "pn_parameter_id" : "501042505" ,
   "pn_predict_to_occur_time" : "0" ,
   "pn_predicted_severity" : "" ,
   "pn_suppress_mode" : "NORMAL" ,
   "pn_suppress_notified" : "TRUE" ,
   "pn_suppress_primary_alarm_id" : "" ,
   "pn_suppress_rule_id" : "0" ,
   "pn_suppress_type" : "NONE" ,
   "pn_thresh_above" : "TRUE" ,
   "pn_thresh_duration" : "60" ,
   "pn_thresh_id" : "10007" ,
   "pn_thresh_type" : "161" ,
   "pn_vm_host" : "" ,
   "pn_vm_host_id" : "0" ,
   "repeat_count" : "0" ,
   "severity" : "CRITICAL" ,
   "status" : "OPEN" ,
   "server_id": "1"
}

Extract Event and Configuration Data workflow

Extracts event and configuration data based on the action ID. 

The following table describes the input and output elements for the Extract Event and Configuration Data workflow. 

Input element

Description

event dataContains the event data for an incoming event in a CEM format.
Output elementDescription
event source typeSpecifies the source of the event from where the event is generated.
itsm typeSpecifies the ITSM type where incident, change, and tasks are to be created.
event typeSpecifies the event type. For example, service down.
all configurationsContains all configuration data required to determine if triage is required and the type of triage to be performed.
event dataContains the input event data

Perform Triage workflow

The Extract Event and Configuration Data sends the event related data, which is used by the Perform Triage workflow to verify the event on the target server. 

The following table describes the input and output elements for the Perform Triage workflow. 

Input elementDescriptionRequired
event source type

Specifies the source of the event.

For example, BMC_TrueSight.

Yes
itsm type

Specifies the type of the ITSM system.

For example, BMC_AR_System.

Yes
event type

Specifies the name of the event type.

For example, ServiceDown.

Yes
all configurationsSpecifies module configuration dataYes
event dataSpecifies the input event dataYes
authentication tokenTrueSight Orchestration authentication tokenNo
target connection dataContains connection information to connect to the target serverYes
pre triage response data

Output data from pre-triage actions.

If empty, then supply, <pretriage-response-data />

Yes
flags

Collection of status and decision flags.

Example:

<flags>
 <status>success</status>
</flags>
Yes
Output elementDescription
triage responseContains the response for the triage action-
flagsContains the flat-

Post-Triage Actions workflow

Analyzes results of triage action. Optionally creates or updates incident.

The following table describes the input and output elements for the Post-Triage workflow. 

Input elementDescriptionRequired
source type

Specifies the source of the event.

For example, BMC_TrueSight.

Yes
itsm type

Specifies the type of the ITSM system.

For example, BMC_AR_System.

Yes
event type

Specifies the name of the event type.

For example, ServiceDown.

Yes
all configurationsSpecifies module configuration dataYes
event dataSpecifies the input event dataYes
authentication tokenTrueSight Orchestration authentication tokenNo
target connection dataContains connection information to connect to the target serverYes
pre triage response data

Output data from pre-triage actions.

If empty, then supply, <pretriage-response-data />

Yes
flags

Collection of status and decision flags.

Example:

<flags>
 <status>success</status>
</flags>
Yes
Output elementDescription
post triage response

Returns the incident ID that is created as part of the Post-Triage Actions workflow.

<post-triage-response-data>
  <incident-id>INC000000000309</incident-id>
</post-triage-response-data>
--
flags

Collection of previous flags and incident related information.

<flags>
  <status>success</status>
  <remediation-required>true</remediation-required>
  <continue-processing>true</continue-processing>
  <incident-created>true</incident-created>
  <incident-updated>false</incident-updated>
</flags>
--
event dataIf incident is created, then, event data is updated with incident id

--

Pre-Remediation Actions workflow

Sets the stage for any remediation action, like create change ticket. If change ticket is created, remediation is skipped to await approval of change ticket. 

The following table describes the input and output elements for the Pre-Remediation Actions workflow. 

Input elementDescriptionRequired
event source type

Specifies the source of the event.

For example, BMC_TrueSight.

Yes
itsm type

Specifies the type of the ITSM system.

For example, BMC_AR_System.

Yes
event type

Specifies the name of the event type.

For example, ServiceDown.

Yes
all configurationsSpecifies module configuration dataYes
event dataSpecifies the input event dataYes
authentication tokenTrueSight Orchestration authentication tokenNo
target connection dataContains connection information to connect to the target serverYes
post triage response data

Output data from post-triage action

<post-triage-response-data>
  <incident-id>INC000000000217</incident-id>
</post-triage-response-data>
Yes
flags

Collection of status and decision flags.

Example:

<flags>
  <status>success</status>
</flags>
Yes
itsm data

Contains the incident ID created as part of the Post-Triage Actions workflow.

<itsm-data>
  <itsm-incident-id>INC000000000469</itsm-incident-id>
</itsm-data> 
Yes
Output elementDescription
pre remediation response dataReturns the response for the workflow
flags

Collection of status and decision flags.


Perform Remediation workflow

The Perform Remediation workflow invokes use case specific Perform Remediation workflow. Sets the stage for any remediation action, like create change ticket. If change ticket is created, remediation is skipped to await approval of change ticket.

The following table describes the input and output elements for the Perform Remediation workflow. 

Input elementDescriptionRequired
event source type

Specifies the source of the event.

For example, BMC_TrueSight.

Yes
itsm type

Specifies the type of the ITSM system.

For example, BMC_AR_System.

Yes
event type

Specifies the name of the event type.

For example, ServiceDown.

Yes
all configurationsSpecifies module configuration dataYes
event dataSpecifies the input event dataYes
authentication tokenTrueSight Orchestration authentication tokenNo
target connection dataContains connection information to connect to the target serverYes
pre-remediation response data
When empty:
<itsm-data/>

When contains incident ID:
<itsm-data>
   <incident-id>INC000111</incident-id>
</itsm-data>
Yes
flags

Specifies the flags XML set by each process after execution for the subsequent process.

<flags>
	<status>true</status>
	<remediation-required>true<remediation-required>
	<continue-processing>true<continue-processing>
<flags>
Yes
Output elementDescription
remediation response dataContains the response for the workflow.-
flagsContains a collection of status and decision flags.-

Post-Remediation Actions

Post-Remediation Actions analyzes results of remediation action, invokes use case specific Perform Validation workflow. Closes change tickets and/or updates incident ticket.

The following table describes the input and output elements for the Post-Remediation Actions workflow. 

Input element
Required
event source type

Specifies the source of the event.

For example, BMC_TrueSight.

Yes
itsm type

Specifies the type of the ITSM system.

For example, BMC_AR_System.

Yes
event type

Specifies the name of the event type.

For example, ServiceDown.

Yes
all configurationsSpecifies module configuration dataYes
event dataSpecifies the input event dataYes
authentication tokenTrueSight Orchestration authentication tokenNo
target connection dataContains connection information to connect to the target serverYes
flagsSpecifies the flags XML set by each process after execution for the subsequent process.Yes
changeSpecifies the change XML created in Post-Remediation ActionYes
Output elementDescription
remediation response dataContains the response for the workflow.-
flagsContains a collection of status and decision flags.-
Was this page helpful? Yes No Submitting... Thank you

Comments