This documentation supports an earlier version of BMC Helix Operations Management.

To view the documentation for the latest version, select 23.3 from the Product version picker.

Creating and enabling event policies

As an administrator, create and enable event policies to define the actions that the system takes after an event arrives. For events, you can create the following types of policies:


To create an event policy

  1. Select Configuration > Event Policies and click Create.
  2. Specify a unique name, optional description, and precedence number for the policy.

  3. Create the event selection criteria based on which the policy is applied to the events. 
    For more information about the event selection criteria, see Event selection criteria.

    Important

    • Values in the event selection criteria are case-sensitive. For example, Message Equals test and Message Equals TEST are considered as different values.
    • For event and blackout policies, we do not recommend using the less than (<), greater than (>), and the ampersand (&) characters in the selection criteria.
    • If you use special characters to specify slot values in the event selection criteria, make sure that you precede the special character with an escape character (\).

      For example, specify the value in the message slot as “Test\^Notification\^Policy" instead of “Test^Notification^Policy"

    • You can change the existing class in the event selection criteria to a new class without removing the existing policy configurations only if slots in the existing policy configurations are available in the new class.
  4. Select the time frame for which the policy should be active. You can create a new time frame or associate an existing time frame with an event policy. 
    The Always active option is the default option, which means that the policy is always active unless you select a time frame. See Setting event policy schedules by using time frames.

  5. Select one or more of the following policy types and configure them:


    Policy typeTotal configurations allowed
    1

    Refinement

    1
    2

    Basic Enrichment

    Any number
    3

    Suppression

    1
    4

    Time Based

    3
    5

    Advanced Enrichment

    Any number
    6

    Correlation

    Any number
    7

    Notification

    Any number
    The configured policy types are displayed in the policy evaluation order irrespective of the order in which they were configured. To know more about the policy evaluation order, see Event policy types and evaluation order.
    You can set up multiple configurations for certain policy types. Each configuration is displayed as a policy card as shown in the following image. Reorder the policy cards by dragging and dropping them to change the configuration execution order within a specific policy type. 


    Slots configured in the event policy settings

    • Some of the event policies allow you to define slots while configuring the policy settings. The list of these slots is restricted to the event class selected in the event selection criteria. If no class is selected in the event selection criteria, the base EVENT class slots are displayed for selection.  
    • If you specify multiple classes in the event selection criteria, refer to the following points:

      • The event slots present in all the classes in the event selection criteria are displayed for selection in the following sections:
        • Enrich and If action of an enrichment policy
          Enrich action: Event slots are displayed in Slot to enrich and on the Event Slot tab in the action value.
        • Slot placeholder fields of an enrichment, correlation, and notification policy
      • The event slots that are common to the multiple classes are suffixed with the name of the event class in the enrichment, correlation, and notification policy.
      • An event slot is not suffixed with the name of the event class if the slot is not present in all the classes that you specify in the event selection criteria.

    Event policy typeTaskReference
    Refinement

    This policy type helps you to enrich the host name of an event. And it is similar to an advanced enrichment policy. You can also enrich multiple host names by using a dynamic enrichment policy.

    Event enrichment through refinement policies

    Building a policy workflow for advanced and time-based enrichment

    Dynamically enriching events with external data

    Basic Enrichment

    Select the required settings and specify the values.

    This policy helps you process events with refined slot values to make the events more meaningful. 

    Event enrichment for adding context
    SuppressionAutomatically drop new events that are selected based on the event selection criteria. You do not require any configurations for this policy.

    Note: Applying this policy deletes all the matching events with missing dedup slot values. To avoid this scenario, ensure that all the events are updated with appropriate dedup values and then apply the suppression policy. You can update ingested events by running the events API endpoint. For more information, see Event management endpoints in the REST API.

    Event deduplication and suppression for filtering unwanted events

    Advanced Enrichment and dynamic enrichment

    Do one of the following tasks:

    • Build an advanced enrichment policy workflow.
    • Import external data and update the match and enrich fields.

    An advanced enrichment policy helps you process events with refined slot values based on the defined policy workflow and make the events more meaningful. Dynamic event enrichment is an extension of advanced enrichment that allows you to enrich events with external data.

    Event enrichment for adding context

    Building a policy workflow for advanced and time-based enrichment

    Dynamically enriching events with external data

    Time BasedBuild a time-based enrichment policy workflow.

    This policy helps you process events with refined slot values after a scheduled duration of time and based on the defined policy workflow to make the events more meaningful. 

    Event enrichment for adding context

    Building a policy workflow for advanced and time-based enrichment

    Correlation

    Select the required settings and specify the values.

    This policy helps you correlate and combine multiple matching events into a single aggregated event. 

    Event correlation for aggregating related events
    NotificationIf the notification service is:
    • Email, the policy notifies users via email that an event has occurred, so that appropriate actions can be taken.
    • Incident, the policy is used for Proactive Service Resolution (PSR) integration.

    Select the required Email settings and specify the values. For some values you might want to specify slots

    Event-based notifications for alerting users

    Proactive Service Resolution (PSR) integration

  6. Use the icons to edit or delete the configured policy types.

  7. (Optional) Select Enable Policy.
    You can enable or disable the policy any time from the Event Policies page.
  8. Save the policy.


To edit an event policy

On the Configuration > Event Policies page:

  1. Do one of the following actions:
    • Select the policy and click Edit.
    • From the Actions menu of a policy, select Edit.
  2. Edit the policy and save the changes.


Can I edit a predefined policy?

Yes.

However, while editing the Predefined Policy for Incident notification policy, ensure that you do not change the name of the policy.

The Predefined Policy for Incident notification policy is required if BMC Helix Operations Management is integrated with Proactive Service Resolution (PSR). For more information, see Integrating with BMC Helix ITSM by using the Integration Service.


To copy an event policy

On the Configuration > Event Policies page:

  1. Click the action menu of the policy that you want to copy and select Copy
    The Create Event Policy page is displayed with the configurations of the copied policy. 
  2. Modify the configurations according to your requirements to create a new policy quickly. 

Important

You can copy all event policies including dynamic enrichment policies.


To view the list of event policies

On the Configuration > Event Policies page, view the list of event policies.

By default, the policies are sorted by Name. To sort on a different column, click the column heading.


To enable or disable an event policy

On the Configuration > Event Policies page, do one of the following actions:

  • Select the policy and click Enable or Disable.
  • From the Actions menu of a policy, select Enable or Disable.
  • Edit the policy and select or clear the Enable Policy check box.


To delete an event policy

On the Configuration > Event Policies page, do one of the following actions:

  • Select one or more policies, click Delete, and click Yes.
  • From the Actions menu of a policy, select Delete, and click Yes.


To audit user actions on an event policy

As a tenant administrator, use the BMC Helix Audit Dashboard in BMC Helix Dashboards to view the audit trail of activities that users perform on event policies. You can audit the following activities on an event policy:

  • Create an event policy
  • Update an event policy
  • Delete an event policy
  • Enable an event policy
  • Disable an event policy

Scenario

Apex Global uses BMC Helix Operations Management as their infrastructure monitoring tool. Event policies in BMC Helix Operations Management help manage customer events. The customer support team at Apex Global performs root cause analysis of critical customer escalations based on the events generated through event policies. For every customer escalation, they need to invest time and effort to investigate the changes made to event policies. They want to reduce this effort, so they approach Sarah, a system admin at Apex Global. 
Sarah views the audit trail of all activities performed by users on event policies by using the BMC Helix Audit Dashboard in BMC Helix Dashboards and communicates this information to the support team. Viewing the audit trail helps Sarah to track the history of changes made to the policies and achieve improved user accountability, compliance with organization policies, and system security.

For more information, see Auditing configuration changes in BMC Helix Dashboards. Open link

The following image displays the audit trail of event policies in the BMC Helix Audit Dashboard. Note that the selected resource type is Event Policy. Click the link in the Operation column to view the values before and after you perform an activity on an event policy.


Was this page helpful? Yes No Submitting... Thank you

Comments