This documentation supports an earlier version of BMC Helix Operations Management.To view the documentation for the latest version, select 23.3 from the Product version picker.

Example: Drop duplicate events and update the existing event with new severity

Scenario

Suppose you want to look up existing duplicate events of a third-party application that are open. Additionally, suppose you want to:

  • Drop the incoming duplicate events.
  • Update the existing event severity with the new event severity.

To drop duplicate events and enrich the event severity, perform the following steps:

  1. Define the event selection criteria.
  2. Build the policy workflow.

Actions involved

  • Lookup
  • Function
  • Enrich

To define the event selection criteria

  1. Select Configuration > Event Policies and click Create.
  2. In the Event Selection Criteria, define a condition to select events from the third-party application (with the custom event class).

The following image illustrates how the event selection criteria will look.

custom class event sel.png

To build the policy workflow

On the Advanced Enrichment page, perform the following steps to build the policy workflow:

  1. Add the Lookup action. Under the Lookup Settings, select With duplicate events.
    Lookup settings Sep_21.png

  2. Under Update new event, add the Function action to drop incoming duplicate events.
    Function settings login failure Sep 21.png

  3. Under Update old events, add an Enrich action to update the event severity.
    Lookup enrich settings.png 


Important

For deduplication use cases like this example, it is recommended to close or drop new events and update old events. However, do not close old events and update new events.


Results

The resulting policy workflow drops duplicate events and enriches the event severity as shown in the following image:

Lookup workflow_Sep_2021.png

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*