Example: Close events when the event priority changes
In the following video (5:03), skip to 3:07 to understand this example.
To close events when the event priority changes, perform the following steps:
Actions involved
- Trigger-If
- Enrich
To define the event selection criteria
- Select Configuration > Event Policies and click Create.
- In the Event Selection Criteria, define a condition to select incoming events with the message containing "Server A".
The following image illustrates how the event selection criteria will look.
To build the policy workflow
On the Advanced Enrichment page, perform the following steps to build the policy workflow:
Under the Trigger-If Settings, define a condition to monitor the priority value when it changes from High or Highest to Low or Lowest.
Tip
You can also use the Trigger-If action with the slots of String and Integer data types in addition to the Enum data type. For example, you can use the action to trigger event processing if the Location slot changes from an empty to a nonempty value by using regular expressions with the Matches operator as shown in the following image:
- Add an Enrich action to change the status of such events to Closed.
Results
The resulting policy workflow closes events when the event priority changes as shown in the following image:
