This documentation supports an earlier version of BMC Helix Operations Management.To view the documentation for the latest version, select 23.3 from the Product version picker.

Example: Enrich events according to the event hostname and event message

Scenario

Sarah is an administrator at Apex Global. She has been using local variables that allowed her to build conditions for processing events within an event policy. Her company wants to use global variables to share information between enrichment policies and enrich events with details present in these variables . To achieve this goal, she wants to enrich the owner and the detailed message in the event with the contact information of the technical representative (set by using global variable APIs) according to the event host name and message by using an advanced enrichment policy.

Before you begin, make sure that you:

  1. Create the global variable by using APIs. 
  2. (Optional) Verify the global variable that you created in the previous step by using APIs.

For more information, see Global-variable-management-endpoints-in-the-REST-API.

To enrich the event owner and detailed message, perform the following steps:

  1. Define the event selection criteria.
  2. Build the policy workflow.

Actions used in the example

  • If
  • Enrich

For more information about actions, see Actions for advanced and time-based enrichment.

To define the event selection criteria

  1. Select Configuration > Event Policies and click Create.
  2. In the Event Selection Criteria, define a condition to select events from the class NAGIOS_EV.

The following image illustrates how the event selection criteria will look:

Event_selection_criteria_global_variable.png

To learn how to construct the event selection criteria, see Creating and enabling event policies.

To build the policy workflow

On the Advanced Enrichment page, perform the following steps to build the policy workflow:
Failed to execute the [excerpt-include] macro.

  1. Add the If action to confirm whether the host name contains "nagios-router" and the message contains "Downtime" in the event.
    If_condition_global_variable.png

  2. In the Then part, add the Enrich action to enrich the event owner with the value of the technical contact representative present in the $GV.nagios_contact global variable.
    Enrich_function_assign_owner_global_variable.png
    Assume that the $GV.nagios_contact global variable has the following attributes:

    Global variable attributes
    {
            "name": "nagios_contact",
            "description": "Nagios Tech Contact Information",
            "attributes": [
          {
            "name": "contact_name",
            "dataType": "STRING",
            "defaultValue": "",
            "value": "jdoe"
          },
          {
            "name": "alias",
            "dataType": "STRING",
            "defaultValue": "",
            "value": "John Doe"
          },
          {
            "name": "email",
            "dataType": "STRING",
            "defaultValue": "",
            "value": "jdoe@<company_name>.com"
          },
           {
            "name": "pager",
            "dataType": "STRING",
            "defaultValue": "",
            "value": "555-5555@pagergateway.<company_name>.domain"
          }
        ]
    }
  3. Add the If action to confirm whether the owner is the contact name present in the global variable $GV.nagios_contact.
    If_condition_update_contact_info_global_variable.png

  4. In the Then part, add the Enrich action to enrich the detailed Message with the contact information of the support representative.
    Enrich_function_update_owner_global_variable.png

Results

The policy workflow enriches the event owner and the detailed message as shown in the following image:

Enriched_event_global_variable.png

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*