This documentation supports an earlier version of BMC Helix Operations Management.

To view the documentation for the latest version, select 23.2 from the Product version picker.

Managing event policies with REST APIs

The following section provides a list of supported endpoints and an overview about running these endpoints. Before you run an endpoint, you must authenticate yourself. For more information, see  Access and authentication for the REST API Open link


Managing event policies

You can create, update, delete, retrieve, search, enable, and disable event policies by using REST APIs.

POST /event_policies
Request URL
 https://<tenant-url>/events-service/api/v1.0/event_policies
Example request URL
 https://HostA.bmc.com/events-service/api/v1.0/event_policies
Request Header
Content-Type: application/json
Authorization: Bearer <JWT_token>

For instructions on obtaining the JWT token, see Access and authentication for the REST API. Open link .

Parameter details


Parameter NameValue TypeLocated InMandatoryDescription
nameStringBodyYesThe policy name. This value cannot be empty or null.

description

StringBodyNo

The policy description

executionOrderIntegerBody
Yes

The policy precedence

Valid values:

0-9999

enabledBooleanBody
NoThe option to enable the policy
selectorCriteriaStringBody
YesThe event selection criteria. The slot operator used in the criteria must be as per the data type of the slot. The value for 

slots, which have the date data type must be a timestamp value.

typesString arrayBody
Yes

The policy type. This value cannot be empty or null.

Valid values:

  • REFINE
  • BASIC_ENRICHMENT
  • ADVANCED_ENRICHMENT
  • TIME_BASED
  • CORRELATION
  • SUPPRESSION
  • NOTIFICATION
configurationsArrayBody
YesThe policy configurations. This value cannot be empty or null. You cannot add multiple configurations for time-based enrichment or suppression policies.
configOrderIntegerBody
YesThe order of configurations. This value must uniquely identify the list of policy configurations.
definitionObjectBody
YesThe policy definition
typeStringBody
Yes

The policy type. This value cannot be empty or null. The value specified for this parameter in the list of policy configurations must be present in the policy types list.

Valid values:

  • REFINE
  • BASIC_ENRICHMENT
  • ADVANCED_ENRICHMENT
  • TIME_BASED
  • CORRELATION
  • SUPPRESSION
  • NOTIFICATION
subTypeStringBodyNo

The policy sub type

For example, dynamic enrichment is a subtype of an advanced enrichment policy.

timeframeStatusStringBody
NoThe time frame status

Request body

{
  "name": "string",
  "description": "string",
  "executionOrder": integer,
  "enabled": true,
  "selectorCriteria": "string",
  "types": [
    "string"
  ],
  "configurations": [
    {
      "configOrder": integer,
      "definition": {},
      "timeframeStatus": "string",
      "type": "string",
      "subType": "string"
    }
  ]
}

Example request body

{
  "name": "RefinePolicyEnrichHost",
  "description": "TestingRefinePolicy",
  "enabled": true,
  "executionOrder": 247,
  "types": [
    "REFINE"
  ],
  "configurations": [
    {
      "eventClass": null,
      "type": "REFINE",
      "configOrder": 1,
      "definition": {
        "type": "root",
        "label": "refine",
        "children": [
          {
            "children": [],
            "type": "enrich",
            "key": "$NEW.status",
            "value": "BLACKOUT",
            "label": "enrich_label"
          },
          {
            "children": [],
            "type": "enrich",
            "key": "$NEW.severity",
            "value": "CRITICAL",
            "label": "enrich_label"
          },
          {
            "children": [],
            "type": "enrich",
            "key": "$NEW.source_hostname",
            "value": "clm-pun-t8x5j7.bmc.com",
            "label": "enrich_label"
          }
        ]
      }
    }
  ],
  "selectorCriteria": "( class equals 'ALARM' ) AND ( msg contains 'lmnop' )"
}
{
  "name": "basic enrichment Policy",
  "types": [
    "BASIC_ENRICHMENT"
  ],
  "description": "basic enrichment Policy",
  "executionOrder": 9999,
  "selectorCriteria": "class equals 'EVENT' AND msg contains 'server1'",
  "enabled": false,
  "configurations": [
    {
      "type": "BASIC_ENRICHMENT",
      "configOrder": 1,
      "definition": {
        "processing_action": {
          "category": "SLA_MANAGEMENT",
          "priority": "PRIORITY_5",
          "severity": "CRITICAL",
          "location": "Pune ",
          "msg": "policy for location %location%"
        }
      }
    }
  ]
}
{
  "name": "Advanced Enrichment  Policy",
  "types": [
    "ADVANCED_ENRICHMENT"
  ],
  "description": "Advanced Enrichment  Policy",
  "executionOrder": 837,
  "selectorCriteria": "( class equals 'ALARM' ) AND ( al_parameter_name contains 'CPU' ) AND ( msg contains 'SBzHEs_nested_if' )",
  "configurations": [
    {
      "type": "ADVANCED_ENRICHMENT",
      "configOrder": 1,
      "definition": {
        "children": [
          {
            "type": "enrich",
            "key": "$NEW.cdmclass",
            "label": "cdmclass enrich",
            "children": [
              {
                "children": [],
                "type": "data",
                "value": "$NEW.al_parameter_name"
              }
            ]
          },
          {
            "type": "if",
            "label": "if outer",
            "conditions": [
              {
                "slotName": "$NEW.al_parameter_threshold",
                "slotOperator": "contains",
                "conditionOrder": 0,
                "conditionOperator": "",
                "conditionBracket": "(",
                "endBracket": ")",
                "slotValue": "fLdxHe"
              },
              {
                "slotName": "$NEW.status",
                "slotOperator": "equals",
                "conditionOrder": 1,
                "conditionOperator": "AND",
                "conditionBracket": "(",
                "endBracket": ")",
                "slotValue": "OPEN"
              }
            ],
            "children": [
              {
                "children": [],
                "type": "enrich",
                "value": "ACK",
                "key": "$NEW.status",
                "label": "enrich status"
              },
              {
                "type": "if",
                "label": "if inner",
                "conditions": [
                  {
                    "slotName": "$NEW.severity",
                    "slotOperator": "greater_than",
                    "conditionOrder": 0,
                    "conditionOperator": "",
                    "conditionBracket": "(",
                    "endBracket": ")",
                    "slotValue": "MINOR"
                  },
                  {
                    "slotName": "$NEW.location",
                    "slotOperator": "contains",
                    "conditionOrder": 1,
                    "conditionOperator": "AND",
                    "conditionBracket": "(",
                    "endBracket": ")",
                    "slotValue": "tI749vH3"
                  }
                ],
                "children": [
                  {
                    "children": [
                      {
                        "children": [
                          {
                            "children": [],
                            "type": "data",
                            "value": "$NEW.msg"
                          },
                          {
                            "children": [],
                            "type": "data",
                            "value": "if_if_then_criteria_matched"
                          }
                        ],
                        "name": "Concat",
                        "type": "function"
                      }
                    ],
                    "type": "enrich",
                    "value": null,
                    "key": "$NEW.msg",
                    "label": "enrich message "
                  },
                  {
                    "children": [],
                    "type": "enrich",
                    "value": "PRIORITY_1",
                    "key": "$NEW.priority",
                    "label": "enrich priority"
                  }
                ]
              },
              {
                "type": "else",
                "label": "inner else",
                "children": [
                  {
                    "children": [
                      {
                        "children": [
                          {
                            "children": [],
                            "type": "data",
                            "value": "$NEW.msg"
                          },
                          {
                            "children": [],
                            "type": "data",
                            "value": "if_if_else_criteria_matched"
                          }
                        ],
                        "name": "Concat",
                        "type": "function"
                      }
                    ],
                    "type": "enrich",
                    "value": null,
                    "key": "$NEW.msg",
                    "label": "enrich message inner"
                  },
                  {
                    "children": [],
                    "type": "enrich",
                    "value": "PRIORITY_4",
                    "key": "$NEW.priority",
                    "label": "enrich priority inner"
                  }
                ]
              }
            ]
          },
          {
            "type": "else",
            "label": "else outer",
            "children": [
              {
                "type": "if",
                "label": "else if inner",
                "conditions": [
                  {
                    "slotName": "$NEW.priority",
                    "slotOperator": "greater_than",
                    "conditionOrder": 0,
                    "conditionOperator": "",
                    "conditionBracket": "(",
                    "endBracket": ")",
                    "slotValue": "PRIORITY_3"
                  },
                  {
                    "slotName": "$NEW.source_address",
                    "slotOperator": "contains",
                    "conditionOrder": 1,
                    "conditionOperator": "AND",
                    "conditionBracket": "(",
                    "endBracket": ")",
                    "slotValue": "bmc.com"
                  }
                ],
                "children": [
                  {
                    "label": " enrich severity in outer else if",
                    "children": [],
                    "type": "enrich",
                    "value": "CRITICAL",
                    "key": "$NEW.severity"
                  }
                ]
              },
              {
                "type": "else",
                "label": "else else inner",
                "children": [
                  {
                    "children": [],
                    "type": "enrich",
                    "value": "MINOR",
                    "key": "$NEW.severity",
                    "label": "enrich severity else"
                  }
                ]
              }
            ]
          }
        ],
        "type": "root",
        "label": "policy"
      }
    }
  ]
}
{
  "name": "Dynamic Enrichment Policy Test",
  "description": "CXUDvqPwrx",
  "enabled": true,
  "executionOrder": 594,
  "types": [
    "ADVANCED_ENRICHMENT"
  ],
  "configurations": [
    {
      "type": "ADVANCED_ENRICHMENT",
      "subType": "DYNAMIC_ENRICHMENT",
      "configOrder": 1,
      "definition": {
        "type": "root",
        "label": "root_label",
        "children": [
          {
            "type": "dynamicDataEnrichment",
            "fieldSeparator": ",",
            "matchTableID": "21de6df5-6c88-11ec-8a0d-9566b475af32",
            "matchTableCount": "4",
            "matchFields": [
              "status",
              "severity"
            ],
            "matchPreference": "First",
            "enrichFields": [
              "msg",
              "location"
            ],
            "labels": {
              "enrichFields": "Enrich",
              "matchFields": "Match1",
              "importData": "Import1"
            }
          }
        ]
      }
    }
  ],
  "selectorCriteria": "( class equals 'EVENT' ) AND ( severity equals 'CRITICAL' ) AND ( msg contains 'eAnkcF_function_enrich' )"
}

matchTableID is the ID of the data table returned by the create data table endpoint.

To learn how to create a data table in a dynamic enrichment policy, see the POST/data_tables endpoint on the Managing data tables in dynamic enrichment policies with REST APIs page.

{
  "name": "Correlation Policy",
  "types": [
    "CORRELATION"
  ],
  "description": "Correlation Policy",
  "executionOrder": 3,
  "selectorCriteria": "class equals 'EVENT' AND msg contains 'server1'",
  "enabled": true,
  "configurations": [
    {
      "type": "CORRELATION",
      "configOrder": 1,
      "definition": {
        "children": [
          {
            "newEvent": {
              "severity": "MAJOR",
              "msg": "Policy Updated %msg%",
              "location": "",
              "priority": "PRIORITY_5",
              "newEventClass": "ALARM",
              "status": "OPEN"
            },
            "children": [],
            "within": 15,
            "minCount": 3,
            "label": "",
            "type": "aggregate",
            "conditions": [
              {
                "slotName": "$NEW.msg",
                "slotOperator": "equals",
                "conditionOrder": 0,
                "conditionOperator": "",
                "conditionBracket": "(",
                "endBracket": ")",
                "slotValue": "$OLD.msg"
              }
            ]
          }
        ],
        "label": "policy",
        "type": "root"
      }
    }
  ]
}
{
  "name": "Incident Notification Policy",
  "types": [
    "NOTIFICATION"
  ],
  "description": "Incident Notification Policy",
  "executionOrder": 1,
  "selectorCriteria": "class equals 'EVENT' AND msg contains 'server1'",
  "enabled": false,
  "configurations": [
    {
      "type": "NOTIFICATION",
      "configOrder": 1,
      "definition": {
        "processing_action": {
          "notificationService": "incident"
        },
        "update_events_filter_criteria": {
          "eventClass": "EVENT",
          "filterCriteria": []
        }
      }
    }
  ]
}
{
  "name": "Email Notification Policy",
  "description": "Email Notification Policy",
  "enabled": true,
  "executionOrder": 753,
  "types": [
    "NOTIFICATION"
  ],
  "selectorCriteria": "class equals 'PATROL_EV' AND ( msg contains 'notify1' )",
  "configurations": [
    {
      "type": "NOTIFICATION",
      "configOrder": 1,
      "definition": {
        "processing_action": {
          "notificationService": "email",
          "emailBody": "Automating Notification Policy where message is %msg%",
          "emailSubject": "Notification Policy with severity %severity%",
          "emailTo": "atech@test.com",
          "autoAck": "true"
        },
        "update_events_filter_criteria": {
          "eventClass": "PATROL_EV",
          "filterCriteria": [
            {
              "key": "when",
              "criteria": [
                {
                  "slot_name": "severity",
                  "slot_operator": "equals",
                  "slot_value": "MAJOR"
                },
                {
                  "slot_name": "status",
                  "slot_operator": "within",
                  "slot_value": "[\"OPEN\"]"
                }
              ]
            }
          ]
        }
      }
    }
  ]
}
{
  "name": "Suppression Policy",
  "types": [
    "SUPPRESSION"
  ],
  "description": "Suppression Policy",
  "executionOrder": 1,
  "selectorCriteria": "class equals 'EVENT' AND msg contains 'server1'",
  "enabled": false,
  "configurations": [
    {
      "type": "SUPPRESSION",
      "configOrder": 1,
      "definition": {
        "processing_action": {},
        "processing_post_action": {
          "new_event_post_action": "drop",
          "old_event_post_action": ""
        }
      }
    }
  ]
}
{
  "name": "Time Based Policy",
  "types": [
    "TIME_BASED"
  ],
  "description": "Time Based Policy",
  "executionOrder": 2,
  "selectorCriteria": "class equals 'EVENT' AND msg contains 'server1'",
  "enabled": false,
  "configurations": [
    {
      "type": "TIME_BASED",
      "configOrder": 1,
      "definition": {
        "label": "policy",
        "children": [
          {
            "label": "Duration",
            "children": [
              {
                "label": "check status and severity",
                "children": [
                  {
                    "label": "Enrich Severity",
                    "children": [],
                    "type": "enrich",
                    "key": "$NEW.severity",
                    "value": "CRITICAL"
                  },
                  {
                    "label": "Enrich owner",
                    "children": [],
                    "type": "enrich",
                    "key": "$NEW.user_assigned",
                    "value": "Admin"
                  }
                ],
                "type": "if",
                "conditions": [
                  {
                    "conditionOrder": 0,
                    "conditionOperator": "",
                    "slotName": "$NEW.severity",
                    "slotOperator": "equals",
                    "slotValue": "MAJOR",
                    "conditionBracket": "",
                    "endBracket": ""
                  },
                  {
                    "conditionOrder": 1,
                    "conditionOperator": "AND",
                    "slotName": "$NEW.status",
                    "slotOperator": "equals",
                    "slotValue": "ASSIGNED",
                    "conditionBracket": "",
                    "endBracket": ""
                  }
                ]
              },
              {
                "label": "",
                "children": [],
                "type": "else"
              }
            ],
            "type": "timeout",
            "unit": "Hours",
            "duration": 21600,
            "key": "",
            "value": ""
          }
        ],
        "type": "root"
      }
    }
  ]
}

Successful response

{
  "message": "Created event policy",
  "object": [
    "696447ff-008d-4ef7-a417-2c506abad552"
  ]
}

Unsuccessful responses

Scenario 1: You do not specify a policy name.

[
  {
    "key": "400",
    "level": "ERROR",
    "message": "Name is a mandatory and cannot be null or empty.",
    "additionalInfo": []
  }
]

Scenario 2: You specify a slot name in the event selection criteria that is not present in the event class.

[
  {
    "key": "400",
    "level": "ERROR",
    "message": "Invalid EventSelectorCriteria: 1 Condition value is al_parameter_name.",
    "additionalInfo": []
  }
]

Scenario 3: You specify an invalid value for a slot having the ENUM data type.

[
  {
    "key": "400",
    "level": "ERROR",
    "message": "Invalid EventSelectorCriteria: 1 Invalid slotValue Minor.",
    "additionalInfo": []
  }
]

Scenario 4: You specify an invalid key in the enrich node definition for the configurations attribute.

[
  {
    "key": "400",
    "level": "ERROR",
    "message": "Invalid key $NEW.source_port in enrich definition.$NEW.source_port can not be enriched.",
    "additionalInfo": []
  }
]
[
  {
    "key": "400",
    "level": "ERROR",
    "message": "Invalid key $NEW.al_device_ipaddress in enrich definition.",
    "additionalInfo": []
  }
]

Scenario 5: You specify an invalid definition type for the configurations attribute.

[
  {
    "key": "400",
    "level": "ERROR",
    "message": "Invalid type in Refine definition.Expected type is 'root'.",
    "additionalInfo": []
  }
]

Scenario 6: You do not specify a definition label for the configurations attribute.

[
  {
    "key": "400",
    "level": "ERROR",
    "message": "label is mandatory in REFINE definition and cannot be null or empty.",
    "additionalInfo": []
  }
]

Scenario 7: You include the else definition without the if definition for the configurations attribute.

[
  {
    "key": "400",
    "level": "ERROR",
    "message": "Invalid type else without any if definition.",
    "additionalInfo": []
  }
]

Scenario 8: You specify an invalid type for the enrich node in the if definition for the configurations attribute.

[
  {
    "key": "400",
    "level": "ERROR",
    "message": "Invalid type enrich1 in if definition.",
    "additionalInfo": []
  }
]

Scenario 9: You specify a policy name that already exists.

[
  {
    "key": "POLICY_ALREADY_EXIST",
    "level": "ERROR",
    "message": "[Failed to create event policy, entry with same name already exists]",
    "additionalInfo": [
      []
    ]
  }
]

Back to top

POST /event_policies/search
Request URL
https://<tenant-url>/events-service/api/v1.0/event_policies/search
Example request URL
 https://HostA.bmc.com/events-service/api/v1.0/event_policies/search
Request Header
Content-Type: application/json
Authorization: Bearer <JWT_token>

For instructions on obtaining the JWT token, see Access and authentication for the REST API. Open link .

Parameter details


Parameter NameValue TypeLocated InMandatoryDescription
queryStringBodyNo

The conditions for searching the policy. You can specify the query conditions by using the following operators:

  • =
  • like
  • >

You can use a single column or a combination of the following columns to search a policy:

  • executionOrder
  • types
  • creationTime
  • modificationTime
  • name
  • enabled
  • owner
  • description

You can use the ANY operator in the query condition to compare a value to a set of values returned by a subquery.

For example,  'ADVANCED_ENRICHMENT'=ANY(TYPES), here TYPES can have the following values:

  • REFINE
  • BASIC_ENRICHMENT
  • ADVANCED_ENRICHMENT
  • TIME_BASED
  • CORRELATION
  • SUPPRESSION
  • NOTIFICATION
recordsPerPageIntegerBodyNoThe number of search results on every page
pageIndexIntegerBodyNo

The page index. The value for the index starts with 1. This parameter supports pagination.

For example, 

There are a total of 50 records and the records listed on the first page are 25. To view records on the next page, specify the pageIndex as 2.

sortCriteriaStringBodyNo

The criteria to sort the event policies. You can use a single column or a combination of the following columns to sort policies:

  • executionOrder
  • types
  • creationTime
  • modificationTime
  • name
  • enabled
  • owner
  • description

Request body

{
  "query": "string",
  "recordsPerPage": integer,
  "pageIndex": integer,
  "sortCriteria": "string"
}

Example request body

{
  "query": "enabled=false and name like '%Lookup123%' and ('ADVANCED_ENRICHMENT'=ANY(TYPES) or 'BASIC_ENRICHMENT'=ANY(TYPES))",
  "recordsPerPage": 25,
  "pageIndex": 1,
  "sortCriteria": "modificationTime desc"
}

Successful response

{
  "totalRecords": 2,
  "policies": [
    {
      "tenantId": "1904152611",
      "id": "261dc2cb-30d3-11ec-b5a6-8b5aa8089475",
      "name": "test all",
      "types": [
        "SUPPRESSION",
        "TIME_BASED"
      ],
      "description": "",
      "executionOrder": 9999,
      "selector": "261ab58a-30d3-11ec-b5a6-076f20873c08",
      "selectorCriteria": "class equals 'EVENT'",
      "owner": "admin",
      "enabled": false,
      "readOnly": false,
      "creationTime": 1634644397766,
      "modificationTime": 1634644397766,
      "configurations": [
        {
          "tenantId": "1904152611",
          "policyId": "261dc2cb-30d3-11ec-b5a6-8b5aa8089475",
          "id": "261dc2cc-30d3-11ec-b5a6-5d980b426c68",
          "type": "SUPPRESSION",
          "configOrder": 1,
          "creationTime": 0,
          "modificationTime": 0,
          "definition": {
            "processing_post_action": {
              "old_event_post_action": "",
              "new_event_post_action": "drop"
            },
            "processing_action": {}
          },
          "timeframeStatus": ""
        },
        {
          "tenantId": "1904152611",
          "policyId": "261dc2cb-30d3-11ec-b5a6-8b5aa8089475",
          "id": "261dc2cd-30d3-11ec-b5a6-f1cf9e8bb3b4",
          "type": "TIME_BASED",
          "configOrder": 2,
          "creationTime": 0,
          "modificationTime": 0,
          "definition": {
            "children": [
              {
                "duration": 1800,
                "unit": "Minutes",
                "children": [
                  {
                    "children": [],
                    "label": "enrich",
                    "type": "enrich",
                    "value": "applied",
                    "key": "$NEW.msg"
                  }
                ],
                "label": "time",
                "type": "timeout",
                "value": "",
                "key": ""
              }
            ],
            "label": "time based\n",
            "type": "root"
          },
          "timeframeStatus": ""
        }
      ]
    },
    {
      "tenantId": "1904152611",
      "id": "e3a81c55-2c00-11ec-aed2-37a037c9b426",
      "name": "TestAshish",
      "types": [
        "NOTIFICATION"
      ],
      "description": "",
      "executionOrder": 9999,
      "selector": "e2bf6a04-2c00-11ec-aed2-750996bd5bf1",
      "selectorCriteria": "class equals 'ALARM' AND object_class within 'AZ'",
      "owner": "admin",
      "enabled": false,
      "readOnly": false,
      "creationTime": 1634114289767,
      "modificationTime": 1634551403181,
      "configurations": [
        {
          "tenantId": "1904152611",
          "policyId": "e3a81c55-2c00-11ec-aed2-37a037c9b426",
          "id": "e3ab0286-2c00-11ec-aed2-c35f90611a75",
          "type": "NOTIFICATION",
          "configOrder": 1,
          "creationTime": 0,
          "modificationTime": 0,
          "definition": {
            "update_events_filter_criteria": {
              "filterCriteria": [],
              "eventClass": "ALARM"
            },
            "processing_action": {
              "notificationService": "incident"
            }
          },
          "timeframeStatus": ""
        }
      ]
    }
  ]
}

Unsuccessful responses

Scenario 1: You specify an invalid column name in the sort criteria

[
  {
    "key": "400",
    "level": "ERROR",
    "message": "Invalid column name in sort criteria",
    "additionalInfo": []
  }
]

Scenario 2: You misspell a column name

[
  {
    "key": "400",
    "level": "ERROR",
    "message": "Invalid column name nam",
    "additionalInfo": []
  }
]

Back to top

GET /event_policies/<id>
Request URL
https://<tenant-url>/events-service/api/v1.0/event_policies/<id>
Example request URL
 https://HostA.bmc.com/events-service/api/v1.0/event_policies/261dc2cb-30d3-11ec-b5a6-8b5aa8089475
Request Header
Content-Type: application/json
Authorization: Bearer <JWT_token>

For instructions on obtaining the JWT token, see Access and authentication for the REST API. Open link .

Parameter details


NameValue TypeLocated InMandatoryDescription

id

StringPathYes

The event policy ID for which you want to retrieve the policy details.

Successful responses

{
  "policy": {
    "tenantId": "1904152611",
    "id": "261dc2cb-30d3-11ec-b5a6-8b5aa8089475",
    "name": "test all",
    "types": [
      "SUPPRESSION",
      "TIME_BASED"
    ],
    "description": "",
    "executionOrder": 9999,
    "selector": "261ab58a-30d3-11ec-b5a6-076f20873c08",
    "selectorCriteria": "class equals 'EVENT'",
    "owner": "admin",
    "enabled": false,
    "readOnly": false,
    "creationTime": 1634644397766,
    "modificationTime": 1634644397766,
    "configurations": [
      {
        "tenantId": "1904152611",
        "policyId": "261dc2cb-30d3-11ec-b5a6-8b5aa8089475",
        "id": "261dc2cc-30d3-11ec-b5a6-5d980b426c68",
        "type": "SUPPRESSION",
        "configOrder": 1,
        "creationTime": 0,
        "modificationTime": 0,
        "definition": {
          "processing_post_action": {
            "old_event_post_action": "",
            "new_event_post_action": "drop"
          },
          "processing_action": {}
        },
        "timeframeStatus": ""
      },
      {
        "tenantId": "1904152611",
        "policyId": "261dc2cb-30d3-11ec-b5a6-8b5aa8089475",
        "id": "261dc2cd-30d3-11ec-b5a6-f1cf9e8bb3b4",
        "type": "TIME_BASED",
        "configOrder": 2,
        "creationTime": 0,
        "modificationTime": 0,
        "definition": {
          "children": [
            {
              "duration": 1800,
              "unit": "Minutes",
              "children": [
                {
                  "children": [],
                  "label": "enrich",
                  "type": "enrich",
                  "value": "applied",
                  "key": "$NEW.msg"
                }
              ],
              "label": "time",
              "type": "timeout",
              "value": "",
              "key": ""
            }
          ],
          "label": "time based\n",
          "type": "root"
        },
        "timeframeStatus": ""
      }
    ]
  }
}
{
  "policy": {
    "tenantId": "1938340890",
    "id": "ff921989-9497-11ec-ab01-23d7965a32bd",
    "name": "TestingRefinePolicy_122",
    "types": [
      "REFINE"
    ],
    "description": "TestingRefinePolicy",
    "executionOrder": 247,
    "selector": "ff8e21e8-9497-11ec-ab01-ff2eda71b91a",
    "selectorCriteria": [
      {
        "condition_order": 0,
        "condition_bracket": "(",
        "condition_operator": "",
        "slot_name": "class",
        "slot_operator": "equals",
        "slot_value": "ALARM",
        "end_bracket": ")"
      },
      {
        "condition_order": 1,
        "condition_bracket": "(",
        "condition_operator": "AND",
        "slot_name": "msg",
        "slot_operator": "contains",
        "slot_value": "lmnop1",
        "end_bracket": ")"
      }
    ],
    "timeframes": [],
    "owner": "admin",
    "enabled": false,
    "readOnly": false,
    "creationTime": 1645614109040,
    "modificationTime": 1646389197165,
    "configurations": [
      {
        "tenantId": "1938340890",
        "policyId": "ff921989-9497-11ec-ab01-23d7965a32bd",
        "id": "a4173a3d-9ba4-11ec-b548-f1309743dcd6",
        "type": "REFINE",
        "subType": "",
        "configOrder": 1,
        "creationTime": 0,
        "modificationTime": 0,
        "definition": {
          "children": [
            {
              "children": [],
              "label": "enrich_label",
              "type": "enrich",
              "value": "BLACKOUT",
              "key": "$NEW.status"
            },
            {
              "children": [],
              "label": "enrich_label",
              "type": "enrich",
              "value": "CRITICAL",
              "key": "$NEW.severity"
            },
            {
              "children": [],
              "label": "enrich_label",
              "type": "enrich",
              "value": "clom",
              "key": "$NEW.source_address"
            }
          ],
          "label": "refine",
          "type": "root"
        },
        "timeframeStatus": ""
      }
    ]
  }
}

Unsuccessful response

Scenario 1: You specify an invalid policy ID format.

A valid policy ID does not exceed 36 characters.  For example, 41f046ff-25ca-11ec-aa29-31654db26e83

{
  "errorCode": 400,
  "message": "Invalid id format"
}

Scenario 2: You specify a policy ID that does not exist.

[
  {
    "key": "Not Found",
    "level": "ERROR",
    "message": "No policy found matching input request!",
    "additionalInfo": null
  }
]

Back to top

PUT /event_policies/<id>
Request URL
 https://<tenant-url>/events-service/api/v1.0/event_policies/<id>
Example request URL
 https://HostA.bmc.com/events-service/api/v1.0/event_policies/261dc2cb-30d3-11ec-b5a6-8b5aa8089475
Request Header
Content-Type: application/json
Authorization: Bearer <JWT_token>

For instructions on obtaining the JWT token, see Access and authentication for the REST API. Open link .

Parameter details


Parameter NameValue TypeLocated InMandatoryDescription
idStringPathYesThe event policy ID

description

StringBodyNo

The policy description

executionOrderIntegerBodyYes

The policy precedence

Valid values:

0-9999

enabledBooleanBodyNoThe option to enable the policy
selectorCriteriaStringBodyYesThe event selection criteria. The slot operator used in the criteria must be as per the data type of the slot. The value for 

slots, which have the date data type must be a timestamp value.

typesString arrayBodyYes

The policy type. This value cannot be empty or null.

Valid values:

  • REFINE
  • BASIC_ENRICHMENT
  • ADVANCED_ENRICHMENT
  • TIME_BASED
  • CORRELATION
  • SUPPRESSION
  • NOTIFICATION
configurationsArrayBodyYesThe policy configurations. This value cannot be empty or null. You cannot add multiple configurations for time-based enrichment or suppression policies.
configOrderIntegerBodyYesThe order of configurations. This value must uniquely identify the list of policy configurations.
policyIdStringBodyNoThe event policy ID
idStringBodyNoThe configuration ID for the policy
definitionObjectBodyYesThe policy definition
typeStringBodyYes

The policy type. This value cannot be empty or null. 

Valid values:

  • REFINE
  • BASIC_ENRICHMENT
  • ADVANCED_ENRICHMENT
  • TIME_BASED
  • CORRELATION
  • SUPPRESSION
  • NOTIFICATION
subTypeStringBodyNo

The policy sub type

For example, dynamic enrichment is a subtype of an advanced enrichment policy.

timeframeStatusStringBodyNoThe time frame status

Request body

{
  "description": "string",
  "enabled": "boolean",
  "executionOrder": "integer",
  "selectorCriteria": "string",
  "types": [
    "string"
  ],
  "configurations": [
    {
      "configOrder": "integer",
      "definition": {},
      "id": "string",
      "policyId": "string",
      "subType": "string",
      "timeframeStatus": "string",
      "type": "string"
    }
  ]
}

Example request body

{
  "types": [
    "BASIC_ENRICHMENT",
    "ADVANCED_ENRICHMENT"
  ],
  "description": "test updated",
  "executionOrder": 9999,
  "selector": "25bafc7f-30c3-11ec-b5a6-cfed7b409025",
  "selectorCriteria": "class equals 'EVENT",
  "enabled": false,
  "configurations": [
    {
      "policyId": "25c13e10-30c3-11ec-b5a6-a94801032f38",
      "id": "25c13e11-30c3-11ec-b5a6-7d177bd08a5b",
      "type": "BASIC_ENRICHMENT",
      "subType": "",
      "configOrder": 1,
      "definition": {
        "processing_action": {
          "severity": "CRITICAL"
        }
      },
      "timeframeStatus": ""
    },
    {
      "policyId": "25c13e10-30c3-11ec-b5a6-a94801032f38",
      "id": "25c13e12-30c3-11ec-b5a6-bd4647d01a42",
      "type": "ADVANCED_ENRICHMENT",
      "configOrder": 2,
      "definition": {
        "children": [
          {
            "children": [],
            "label": "var",
            "type": "assignVar",
            "value": "45",
            "key": "$var"
          }
        ],
        "label": "test",
        "type": "root"
      },
      "timeframeStatus": ""
    }
  ]
}
{
  "description": "TestingRefinePolicy",
  "enabled": true,
  "executionOrder": 247,
  "types": [
    "REFINE"
  ],
  "configurations": [
    {
      "eventClass": null,
      "type": "REFINE",
      "configOrder": 1,
      "definition": {
        "type": "root",
        "label": "refine",
        "children": [
          {
            "children": [],
            "type": "enrich",
            "key": "$NEW.status",
            "value": "BLACKOUT",
            "label": "enrich_label"
          },
          {
            "children": [],
            "type": "enrich",
            "key": "$NEW.severity",
            "value": "CRITICAL",
            "label": "enrich_label"
          },
          {
            "children": [],
            "type": "enrich",
            "key": "$NEW.source_hostname",
            "value": "<hostname>",
            "label": "enrich_label1"
          }
        ]
      }
    }
  ],
  "selectorCriteria": "( class equals 'ALARM' ) AND ( msg contains 'lmnop' )"
}

Successful response

{
  "message": "Updated event policy",
  "object": [
    "696447ff-008d-4ef7-a417-2c506abad552"
  ]
}

Unsuccessful responses

Scenario 1: You specify an invalid event selection criteria.

[
  {
    "key": "400",
    "level": "ERROR",
    "message": "Invalid EventSelectorCriteria: 1 Invalid Condition Name (msg.",
    "additionalInfo": []
  }
]

Scenario 2: You specify an invalid key in the enrich node definition for the configurations attribute.

[
  {
    "key": "400",
    "level": "ERROR",
    "message": "Invalid key $NEW.source_port in enrich definition.$NEW.source_port can not be enriched.",
    "additionalInfo": []
  }
]
[
  {
    "key": "400",
    "level": "ERROR",
    "message": "Invalid key $NEW.al_device_ipaddress in enrich definition.",
    "additionalInfo": []
  }
]

Scenario 3: You specify an invalid definition type for the configurations attribute.

[
  {
    "key": "400",
    "level": "ERROR",
    "message": "Invalid type in Refine definition.Expected type is 'root'.",
    "additionalInfo": []
  }
]

Scenario 4: You do not specify a definition label for the configurations attribute.

[
  {
    "key": "400",
    "level": "ERROR",
    "message": "label is mandatory in REFINE definition and cannot be null or empty.",
    "additionalInfo": []
  }
]

Scenario 5: You include the else definition without the if definition for the configurations attribute.

[
  {
    "key": "400",
    "level": "ERROR",
    "message": "Invalid type else without any if definition.",
    "additionalInfo": []
  }
]

Scenario 6: You specify an invalid type for the enrich node in the if definition for the configurations attribute.

[
  {
    "key": "400",
    "level": "ERROR",
    "message": "Invalid type enrich1 in if definition.",
    "additionalInfo": []
  }
]

Scenario 7: You attempt to update the policy name, which is non-editable.

[
  {
    "key": "validation.schema.additionalProperties",
    "level": "ERROR",
    "message": "Object instance has properties which are not allowed by the schema: [\"name\"]",
    "additionalInfo": []
  }
]

Scenario 8: You specify a policy ID that does not exist.

[
  {
    "key": "Not Found",
    "level": "ERROR",
    "message": "No policy found matching input request!",
    "additionalInfo": null
  }
]

Back to top

POST /event_policies/delete
Request URL
https://<tenant-url>/events-service/api/v1.0/event_policies/delete
Example request URL
 https://HostA.bmc.com/events-service/api/v1.0/event_policies/delete
Request Header
Content-Type: application/json
Authorization: Bearer <JWT_token>

For instructions on obtaining the JWT token, see Access and authentication for the REST API. Open link .

Parameter details


Parameter NameValue TypeLocated InMandatoryDescription
idsStringBodyYesComma-separated list of policy IDs that you want to delete.

Request body

{
  "ids": [
    "string"
  ]
}

Example request body

{
  "ids": [
    "d6d8863c-3df8-11eb-9812-a972fa20cf57",
    "d32fc78e-3558-11eb-9812-c3cbbc933af7"
  ]
}


Successful response

{
  "message": "Deleted event policies",
  "object": [
    "696447ff-008d-4ef7-a417-2c506abad552"
  ]
}

Unsuccessful responses

Scenario 1: You specify multiple policy IDs out of which a few exist and a few do not.

{
  "status": "207",
  "succeeded": [
    "5ec64ed1-14a4-11ed-b8d2-f56ae23d81b5"
  ],
  "failed": [
    {
      "id": "76859e26-a101-11ec-86ff-b3fdef7f5366",
      "message": "Failed to delete event policies, entry doesn't exist in database]"
    },
    {
      "id": "76859e26-a101-11ec-86fd-b3fdef7f5366",
      "message": "Failed to delete event policies, entry doesn't exist in database]"
    }
  ]
}

Scenario 2: You specify an invalid policy ID.

[
  {
    "key": "400",
    "level": "ERROR",
    "message": "Bad Request : Invalid resource id specified: 11",
    "additionalInfo": []
  }
]

Scenario 3: The object instance has properties that are not allowed by the schema.

[
  {
    "key": "validation.schema.additionalProperties",
    "level": "ERROR",
    "message": "Object instance has properties which are not allowed by the schema: [\"id\"]",
    "additionalInfo": []
  }
]
[
  {
    "key": "validation.schema.additionalProperties",
    "level": "ERROR",
    "message": "Object instance has properties which are not allowed by the schema: [\"idType\",\"resources\"]",
    "additionalInfo": []
  }
]


Scenario 4: You attempt to delete multiple policies that do not exist.

[
  {
    "key": "POLICY_NOT_EXIST",
    "level": "ERROR",
    "message": "[Failed to delete policy, entry doesn't exist in database]",
    "additionalInfo": [
      [
        "76859e26-a101-11ec-86ff-b3fdef7f5366",
        "76859e26-a101-11ec-86fd-b3fdef7f5366"
      ]
    ]
  }
]

Scenario 5: You specify a policy ID that does not exist.

[
  {
    "key": "POLICY_NOT_EXIST",
    "level": "ERROR",
    "message": "[Failed to delete policy, entry doesn't exist in database]",
    "additionalInfo": [
      [
        "ff921989-9497-11ec-ab01-23d7965a32bc"
      ]
    ]
  }
]

Back to top

POST /event_policies/enable
Request URL
https://<tenant-url>/events-service/api/v1.0/event_policies/enable
Example request URL
 https://HostA.bmc.com/events-service/api/v1.0/event_policies/enable
Request Header
Content-Type: application/json
Authorization: Bearer <JWT_token>

For instructions on obtaining the JWT token, see Access and authentication for the REST API. Open link .

Parameter details


Parameter NameValue TypeLocated InMandatoryDescription
idsStringBodyYesComma-separated list of policy IDs that you want to enable.

Request body

{
  "ids": [
    "string"
  ]
}

Example request body

{
  "ids": [
    "d6d8863c-3df8-11eb-9812-a972fa20cf57",
    "d32fc78e-3558-11eb-9812-c3cbbc933af7"
  ]
}


Successful response

{
  "message": "Enabled event policies",
  "object": [
    "696447ff-008d-4ef7-a417-2c506abad552"
  ]
}

Unsuccessful responses

Scenario 1: You do not specify a policy ID

[
  {
    "key": "400",
    "level": "ERROR",
    "message": "Bad Request : Property is null or empty : resources",
    "additionalInfo": []
  }
]

Scenario 2: You attempt to enable a policy that does not exist

[
  {
    "key": "404",
    "level": "ERROR",
    "message": "[Failed to enable policy, entry doesn't exist in database]",
    "additionalInfo": [
      [
        "d32fc78e-3558-11eb-9812-c3cbbc933af7"
      ]
    ]
  }
]

Back to top

POST /event_policies/disable
Request URL
https://<tenant-url>/events-service/api/v1.0/event_policies/disable
Example request URL
 https://HostA.bmc.com/events-service/api/v1.0/event_policies/disable
Request Header
Content-Type: application/json
Authorization: Bearer <JWT_token>

For instructions on obtaining the JWT token, see Access and authentication for the REST API. Open link .

Parameter details


Parameter NameValue TypeLocated InMandatoryDescription
idsStringBodyYesComma-separated list of policy IDs that you want to disable.

Request body

{
  "ids": [
    "string"
  ]
}

Example request body

{
  "ids": [
    "d6d8863c-3df8-11eb-9812-a972fa20cf57",
    "d32fc78e-3558-11eb-9812-c3cbbc933af7"
  ]
}


Successful response

{
  "message": "Disabled event policies",
  "object": [
    "696447ff-008d-4ef7-a417-2c506abad552"
  ]
}

Unsuccessful responses

Scenario 1: You do not specify a policy ID

[
  {
    "key": "400",
    "level": "ERROR",
    "message": "Bad Request :  Property is null or empty : resources",
    "additionalInfo": []
  }
]

Scenario 2: You attempt to disable a policy that does not exist

[
  {
    "key": "404",
    "level": "ERROR",
    "message": "[Failed to disable policy, entry doesn't exist in database]",
    "additionalInfo": [
      [
        "ab56eb68-9499-11ec-ab01-a798a9069314"
      ]
    ]
  }
]

Back to top


Was this page helpful? Yes No Submitting... Thank you

Comments