This documentation supports an earlier version of BMC Helix Operations Management.

To view the documentation for the latest version, select 23.3 from the Product version picker.

Example: Drop duplicate events and update the existing event with new severity

Scenario

Suppose you want to look up existing duplicate events of a third-party application that are open. Additionally, suppose you want to:

  • Drop the incoming duplicate events.
  • Update the existing event severity with the new event severity.

To drop duplicate events and enrich the event severity, perform the following steps:

  1. Define the event selection criteria.
  2. Build the policy workflow.

Actions involved

  • Lookup
  • Function
  • Enrich

To define the event selection criteria

  1. Select Configuration > Event Policies and click Create.
  2. In the Event Selection Criteria, define a condition to select events from the third-party application (with the custom event class).

The following image illustrates how the event selection criteria will look.

To build the policy workflow

On the Advanced Enrichment page, perform the following steps to build the policy workflow:

  1. Add the Lookup action. Under the Lookup Settings, select With duplicate events.


  2. Under Update new event, add the Function action to drop incoming duplicate events.


  3. Under Update old events, add an Enrich action to update the event severity.
     


Important

For deduplication use cases like this example, it is recommended to close or drop new events and update old events. However, do not close old events and update new events.


Results

The resulting policy workflow drops duplicate events and enriches the event severity as shown in the following image:

Was this page helpful? Yes No Submitting... Thank you

Comments