×
 
 
  •  
$helper.renderConfluenceMacro('{bmc-global-announcement:$space.key}')

   

This documentation supports an earlier version of BMC Helix Operations Management.

To view the documentation for the latest version, select 23.1 from the Product version picker.

BMC Helix Operations Management 22.2 ... Monitoring events and reducing event noise Defining event policies for enrichment, correlation, notification, and suppression Example event policies for enrichment, correlation, notification, and suppression

Example: Enrich events according to the device status

Scenario

Sarah is an administrator at Apex Global. She has been using out-of-the-box enumerations for defining Enum data type event slots for managing events. Her company uses a custom list of values for the device status and these values are not supported by the out-of-the-box enumerations in BMC Helix Operations Management . She wants to use the following list of values for the device status and enrich the severity, owner, and detailed message in the event based on these values:

  • Up
  • Down
  • Administratively down

Before you begin, make sure to create the custom enumeration and specify it as an attribute of the event class. For more information, see the following topics:

To enrich the event severity, owner, and detailed message, perform the following steps:

  1. Define the event selection criteria.
  2. Build the policy workflow.

Actions used in the example

  • If
  • Enrich

For more information about actions, see Actions for advanced and time-based enrichment.

To define the event selection criteria

  1. Select Configuration > Event Policies and click Create.
  2. In the Event Selection Criteria, define a condition to select events from the class NAGIOS2_EV.

The following image illustrates how the event selection criteria will look:

To learn how to construct the event selection criteria, see Creating and enabling event policies.

To build the policy workflow

On the Advanced Enrichment page, perform the following steps to build the policy workflow:
The page .Example: Add operation note for event assignment vDec_2021 was not found  -- Please check/update the page name used in the MultiExcerpt-Include macro

  1. Add the If action to check the status of the device. Assume that the custom enumeration device status has the following list of values:


  2. If the device is down, in the Then part, add the Enrich action to enrich the event severity to critical.


  3. Add the Enrich action to assign an owner for the event.


  4. In the Else part, add the If action to check the status of the device.

  5. If the device is up, add the Enrich action to enrich the detailed message in the event.

Results

The policy workflow enriches the severity, owner, and detailed message in the event as shown in the following images:

Was this page helpful? Yes No Submitting... Thank you
Last modified by Shreya Gurukiran on Apr 05, 2022

Comments

Log in or register to comment.

Example: Enrich events according to the event hostname and event message
Event classification and formatting
© Copyright 2020-2022 BMC Software, Inc.
Legal notices

Powered by Atlassian Confluence and Scroll Viewport

© Copyright 2005-2023 BMC Software, Inc. Use of this site signifies your acceptance of BMC’s Terms of Use . BMC, the BMC logo, and other BMC marks are assets of BMC Software, Inc. These trademarks are registered and may be registered in the U.S. and in other countries.