Page tree
Skip to end of metadata
Go to start of metadata

Event management policy types provide a base policy definition that enables you to quickly create certain types of policies. Policy types allow you to quickly set up routine event management processes.

The following table describes the standard event management policy types.

Standard event management policy types

Policy name

Definition

Blackout

Sets the status of an event to BLACKOUT. A blackout policy might be used during a maintenance window or holiday period.

Closure

Closes a specified event in response to receipt of a separate event.

Component Based Enrichment

Enriches the definition of an event associated with a component by assigning selected component slot definitions to the event slots.

Correlation

Relates one or more cause events to an effect event, and can close the effect event.

The cell maintains the association between these cause-and-effect events.

Enrichment

Adds values for specific event slots if those slots are empty as received from the event source.

An enrichment event management policy can also reformat slots or normalize slot values.

Escalation

Raises or lowers the priority level of an event after a specified period of time.

A specified number of event recurrences can also trigger escalation of an event. For example, if the abnormally high temperature of a storage device goes unchecked for 10 minutes or if a cell receives more than five high-temperature warning events in 25 minutes, an escalation event management policy might increase the priority level of the event to critical.

Notification

Sends a request to an external service to notify a user or group of users of the event.

A notification event management policy might notify a system administrator by means of a pager about the imminent unavailability of mission-critical piece of storage hardware.

Propagation

Forwards events to other cells or to integrations to other products.

Recurrence

Combines duplicate events into one event that maintains a counter of the number of duplicates.

Remote action

Automatically calls a specified action rule provided the incoming event satisfies the remote execution policy's event criteria.

See also Configuring remote actions for more information.

Suppression

Specifies which events that the receiving cell should delete.

Unlike a blackout event management policy, the suppression event management policy maintains no record of the deleted event.

Threshold

Specifies a minimum number of duplicate events that must occur within a specific period of time before the cell accepts the event.

For events allowed to pass through to the cell, the event severity can be escalated or de-escalated a relative number of levels or set to a specific level. If the event occurrence rate falls below a specified level, the cell can take action against the event, such as changing the event to closed or acknowledged status.

Timeout

Changes an event status to closed after a specified period of time elapses.

Component Based Blackout

Specifies which events the receiving cell should classify as unimportant and therefore not process . The events are logged for reporting purposes.

A Component Based Blackout event management policy might specify that the cell ignore events generated from a component or device based on component selection criteria for this policy.

It is also possible to define custom policy types that allow you to do specialized event processing not supported by the out-of-the-box policy types.

For more information about creating user-defined policy types, see Creating and using user-defined policies.