This documentation supports an earlier version of BMC Helix Operations Management.

To view the documentation for the latest version, select 23.3 from the Product version picker.

Example: Enrich the source host name by parsing the event message

Scenario

A database monitoring solution is running on a host (ServerA). The incoming event from ServerA reports a database problem on another host (ServerB). However, as an administrator, you want to enrich the value of the host in the event with ServerB on which the actual database problem is reported. You want to achieve this goal by parsing the event message using a refinement policy.

The following video (4:56) helps you understand how you can create a refinement policy.

https://youtu.be/U_1ku7fSd6w

To enrich the source host name, perform the following steps:

  1. Define the event selection criteria.
  2. Build the policy workflow.

Actions used in the example

  • Enrich
  • Variable

For more information about actions, see Actions for advanced and time-based enrichment.

To define the event selection criteria

  1. Select Configuration > Event Policies and click Create.
  2. In Event Selection Criteria, define a condition to select events that come from the host ServerA and that contain the message ORA listener not running on ServerB.

The following image illustrates how the event selection criteria will look:

To learn how to construct the event selection criteria, see Creating and enabling event policies.

To build the policy workflow

On the Refinement page, perform the following steps:
The page .Example: Add operation note for event assignment vDec_2021 was not found  -- Please check/update the page name used in the MultiExcerpt-Include macro

  1. Add the Variable action to parse the event message. Use the Split function to split the message and store the function output in the $locVar list variable. 


  2. Add the Variable action to compute the length of the event message. Use the ListLength function to compute the length of the message list $locVar and store the function output in the $locIndex variable. 


  3. Add the Variable action to retrieve the host name from the event message. Use the ListGetElement function to retrieve the host name at the $locIndex position from the $locVar list.


  4. Add an Enrich action to enrich the host.


Results

The resulting policy workflow enriches the source host name by parsing the event message as shown in the following image:

Before event enrichment

After event enrichment

Was this page helpful? Yes No Submitting... Thank you

Comments