This documentation supports an earlier version of BMC Helix Operations Management. Use the Product version picker to select and view the latest version of documentation.

Event policy types and evaluation order

This topic provides information about the event policy types, the order in which event policies are evaluated, and the out-of-the-box event policy templates.


Event policy types

The following event policy types are available in BMC Helix Operations Management:

  • Basic Enrichment: Processes events with refined slot values to make the events more meaningful.
  • Suppression: Automatically drops new events matching the event selection criteria.
  • Advanced Enrichment: Processes events with refined slot values based on advanced settings and the defined policy workflow.
  • Dynamic Enrichment: An extension of advanced enrichment, this policy helps you enrich events with external data. 
  • Time Based: Processes events with refined slot values after a scheduled duration of time and based on the advanced settings and the defined policy workflow. 
  • Correlation: Correlates and combines multiple matching events into a single aggregated event. 
  • Notification: Notifies users via email or incidents generated for Proactive Service Integration (PSR) about an event occurrence so that actions can be taken.


Policy evaluation order for processing events

In general, events flow through phases based on certain built-in rules. Each phase represents a logical state of processing.

The event policy types and blackout policies are associated with a particular phase through which the event must flow. These policies process each incoming event one phase at a time, and evaluate each event based on the built-in rules. 

Based on the built-in rules, policies are automatically run in the following evaluation order, irrespective of the order in which they were configured.

  1. Basic enrichment policy 
  2. Blackout policy
  3. Suppression policy
  4. Advanced enrichment policy and dynamic enrichment policy (between the two policies, that which was configured first is evaluated first) 
  5. Time-based enrichment policy
  6. Correlation policy
  7. Notification policy

Multiple configurations in a single event policy execute as independent policies according to the preceding policy phases. For each configuration in the policy, the event selection criteria is checked to process incoming events. If a previously executed policy phase changes the state of an event, then the updated event state is considered for the execution of the next policy phase.

For example, a single policy with different configurations

Common event selection criteria for the event policy: Message equals 'CPU utilization is increasing'

Policy name

Policy configuration

Result

Policy 01

Configuration 1

  • Type: Advanced enrichment
  • Enrich the Message slot to 'CPU utilization issue has been resolved'

On execution of this configuration, the Message slot value is updated to 'CPU utilization issue has been resolved'.


Configuration 2

  • Type: Notification
  • Send Notification to: username@domain.com
  • Subject: Notification policy details
  • Message: The notification policy is applied.

This configuration is not executed as the updated Message slot value ‘CPU utilization issue has been resolved’ does not meet the common event selection criteria.

The policy evaluation order supersedes the precedence number specified in the various types of policies. This means, even if you configure a separate event policy for each of the types with varying precedence numbers, the policy evaluation order is used to run the policies.

However, if you have configured the following precedence numbers in event policies, then these conditions apply:

  • Multiple event policies of different types with varying precedence numbers, then policies of the same type are run based on the precedence number specified. 
  • Multiple event policies of different types with the same precedence numbers, then the policies are run according to the policy evaluation order to process events.
  • Multiple event policies of the same type with the same precedence numbers, then the policy that was last modified is run to process events.

Example scenarios

Scenario 1: Multiple policies with the same configuration

The lower the precedence, the higher the policy execution order. For example, a policy with the precedence 100 is executed before a policy with the precedence value 200.

Example 1

Example 2

Scenario 2: Multiple policies with different configurations

The lower the precedence, the higher the policy execution order for the same policy type. With different policy types, the policies are executed in the following order:

  1. Basic enrichment policy 
  2. Blackout policy
  3. Suppression policy
  4. Advanced enrichment policy and dynamic enrichment policy (between the two policies, that which was configured first is evaluated first) 
  5. Time-based enrichment policy
  6. Correlation policy
  7. Notification policy

Example

Scenario 3: Single policy with different configurations


Example

Scenario 4: Multiple policies with different configurations and different precedence


Example


Where to go from here

To create, edit, enable, disable, or delete an event policy, see Creating-and-enabling-event-policies.

To understand advanced, time-based, and dynamic enrichment policies, see Advanced-time-based-and-dynamic-enrichment-policies.

To understand correlation policies, see Correlating events.

To understand the out-of-the-box event classes and associated slots, see Event-classification-and-formatting

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*