Out-of-the-box event policies and templates
BMC Helix Operations Management executes the following incident and deduplication out-of-the-box policies internally for event processing:
- Predefined Enrichment Policy for Incident
- Predefined Notification Policy for Incident
- AlarmEventProcessing
- AlarmEventCloseProcessing
- AnomalyEventDuplicateProcessing
- AnomalyEventCloseProcessing
- SelfMonitoringEventDuplicateProcessing
- SelfMonitoringEventCloseProcessing
- IncidentinfoToOrgIncIdUpdateProcessing
- incidentinfoEventDuplicateProcessing
- LogAlertDuplicateProcessing
- DynatraceEventsDuplicateProcessing
- SituationEventDuplicateProcessing
- PatrolEventsDuplicateProcessing
- PatrolEventsCloseProcessing
The incident policies are executed when BMC Helix Operations Management is integrated with BMC Helix Integration Service. The deduplication policies deduplicate events to filter out unwanted and unnecessary events. For certain event policy types, you can use out-of-the-box policy templates that you can edit and customize.
Predefined Enrichment Policy for Incident
This policy is used for looking up CI information in BMC CMDB. It enriches the following slots based on the event class type. These slots fetch the CI ID, which is required for incident creation in BMC Helix IT Service Management .
- Component Alias
- CDM Class
- Instance Name
Model Name
Important
This policy is invisible and you cannot edit it.
Predefined Notification Policy for Incident
This policy is applied in the following scenarios:
- If the policy is not configured in BMC Helix Operations Management , the policy is automatically created and enabled. This policy is configured with severity as CRITICAL.
- If the policy is configured in the system, but is not enabled, the policy is automatically enabled.
- If the policy is configured in the system and is enabled, the system uses this policy for PSR integration.
If multiple notification policies for the incident are configured and enabled, the system processes incidents only according to the Predefined Notification Policy for Incident.
Important
You can edit the Predefined Notification Policy for Incident and change the event selection criteria.
For more information about editing the notification policy, see Creating and enabling event policies.
Event deduplication policies
Based on the dedup slots for event classes, events are deduplicated by using the out-of-the-box internal deduplication policies listed in the following table. A deduplication policy performs a lookup on existing unclosed events, drops the new event, and updates the existing event with the information from the new event. Event notes are not enriched using these policies.
Important
- These policies are invisible and you cannot edit them.
- When deduplication policies run, the slot values of the existing event are updated with slot values of the duplicate event.
Dedup policy name | Event class | Dedup slot | Description | Existing event slots modified by the policy |
---|---|---|---|---|
AlarmEventProcessing | ALARM | al_alarm_id | Deduplicates an event of the | |
AlarmEventCloseProcessing | ALARM | al_alarm_id | Updates the status of the existing open event to Closed after a metric value returns to a normal state following a threshold breach and a Closed alarm event is received for the metric. The event is looked up by using the | |
AnomalyEventDuplicateProcessing | ANOMALY | an_anomaly_id | Deduplicates an event of the | |
AnomalyEventCloseProcessing | ANOMALY | an_anomaly_id | Updates the status of the existing open event to Closed after a metric value returns to a normal state following a threshold breach and a Closed anomaly event is received for the metric. The event is looked up by using the |
|
SelfMonitoringEventDuplicateProcessing | HELIX_SM_EV | HELIX_SM_EV:HELIX_COMPONENT:source_identifier | Deduplicates the disconnect self-monitoring event of the |
|
SelfMonitoringEventCloseProcessing | HELIX_SM_EV | HELIX_SM_EV:HELIX_COMPONENT:source_identifier | Deduplicates the connect or disconnect self-monitoring event of the HELIX_SM_EV class when an event for the same PATROL Agent is received . This policy closes the existing open event (event is looked up by using the source_identifier slot) and keeps the latest connect or disconnect event open. |
|
incidentinfoToOrgIncIdUpdateProcessing | INCIDENT_INFO | incident_relation_source | Enriches the incident ID in the existing event after receiving an | |
incidentinfoEventDuplicateProcessing | INCIDENT_INFO | _identifier | When an incident in
BMC Helix IT Service Management
is updated, a corresponding new | |
LogAlertDuplicateProcessing | LOGALERT_EV | LOGALERT_EV:alert_id | Deduplicates an event of the | |
DynatraceEventsDuplicateProcessing | DynatraceEvent | DynatraceEvent:_identifier | Deduplicates an event of the | |
SituationEventDuplicateProcessing | Situation | _identifier | Deduplicates an event of the | |
PatrolEventsDuplicateProcessing | PATROL_EV |
| Deduplicates an event of the | |
PatrolEventsCloseProcessing | PATROL_EV |
| Updates the status of an existing PATROL event from | status |
Out-of-the-box policy templates
Out-of-the-box policy templates with predefined event selection criteria are available that help you to process events and set up routine event-management actions.
You can edit and customize an out-of-the-box policy template as per your requirement. However, if you choose a different class name, the predefined advanced enrichment configurations are reset.
By default, the policy templates are disabled. Enable the policies after you edit them as per your requirement.
The following table describes the out-of-the-box policy templates and their predefined criteria:
Out-of-the-box templates | Description |
---|---|
Template for Basic and Advanced Enrichment |
|
Template for Closing Events and Dropping Duplicate Events |
|
Template for Timeout Policy And Notification |
|
Template for Event Suppression |
|
Comments
Log in or register to comment.