This documentation supports an earlier version of BMC Helix Operations Management.To view the documentation for the latest version, select 23.3 from the Product version picker.

Event enrichment through refinement policies

As an administrator, use the refinement policy to enrich the source host name in an event. Perform conditional or dynamic data enrichment on event slots such as the host. You can also enrich slots that are used to look up topology information for an event in BMC Discovery. You can use the enriched host name further to look up topology information in BMC Discovery that associates nodes and their associated services to the event.

Among multiple policy types, the refinement policy is executed first. For more information about the order in which the event policies are executed, see Event-policy-types-and-evaluation-order. You can add only a single policy configuration for the refinement policy type.

Enrich the host based on the event location

Use a dynamic enrichment policy if you want to enrich multiple host names based on the event location.

For example, enrich the host name in the event to Houston.domain.com if the event comes from the Houston location and enrich the host name to Dallas.domain.com if the event comes from the Dallas location.

Related topic

Example-Enrich-the-source-host-name-by-parsing-the-event-message

Event-policy-management-endpoints-in-the-REST-API

Important

  • When the refinement policy is applied to an event, it enriches the event. The _node_id and _service_id (entity details) are looked up in BMC Discovery based on the enriched value of the lookup slots. This lookup associates all the nodes in BMC Discovery and their associated services to the event.
    For example, you use the refinement policy to enrich the source_hostname in the event. Now, the entity details in BMC Discovery will be looked up based on the enriched value of the source_hostname lookup slot. To learn more about lookup slots, see Slot-facets.
  • In an event class, there might be multiple references to the entity or source against which an event is raised. Use the refinement policy to change the source association for the event. However, note that it might partially replace the source references.
    For example, if you have enriched the host name for an event of the ALARM class by using the refinement policy, you might observe inconsistencies in the performance overview graph and event count in the BMC Helix Operations Management console.
  • If you have enriched only the host name and not the host address for an event by using the refinement policy, the event might get associated with multiple nodes during a topology lookup in BMC Discovery.
  • To associate a specific node kind from BMC Discovery to an event, use the refinement policy to update the cdmclass slot in the event with the node kind value that is present in BMC Discovery. For more information, see Event-enrichment-for-adding-context
    You can also use the event ingestion API to update the cdmclass slot in the event. For more information, see Event-management-endpoints-in-the-REST-API.


Information

Reference

Enrichment scenarios

Elements for the refinement policy

Actions for the refinement policy

Functions for the refinement policy

Build the refinement policy workflow

Enrich multiple host names

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*