Example: Add notes to incoming events to indicate event generation

To add notes to incoming events, perform the following steps:

1. Define the event selection criteria.
2. Build the policy workflow.

Actions used in the example

• If-Then-Else
• Function

For more information about actions, see Actions-for-advanced-and-time-based-enrichment.

To define the event selection criteria

1. Select Configuration > Event Policies and click Create.
2. In the Event Selection Criteria, define a condition to select events from the class APP_MISSING_PROCESSES (custom event class) that contain the message "testApp".

The following image illustrates how the event selection criteria will look;

To learn how to construct the event selection criteria, see Creating-and-enabling-event-policies.

To build the policy workflow

On the Advanced Enrichment page, perform the following steps to build the policy workflow:

TipYou can hover over an action to view the complete label for the action as shown:

1. Add the If action by defining a condition, under the If Settings, that checks for a message indicating that the application is up.
   
   
   
2. Under Then, add a Function action to generate an event of the APP_UP (custom event class) event class if the application is up.
   
   
   
3. To add a note for the app up event that is generated in the earlier step, under Then, add a Function action.
   
   
   
4. Under Else, add the If action by defining a condition, under the If settings, that checks for a message indicating that the application is down.
   
5. Under Then, add a Function action to generate an event of the APP_DOWN (custom event class) event class if the application is down.
   
   
   
6. To add a note for the app down event that is generated in the earlier step, under Then, add a Function action.
   

Results

The resulting policy workflow adds notes to incoming events to indicate event generation as shown in the following image: