Event Orchestration end-to-end process
Process overview
Typically, TrueSight Infrastructure Management is configured to receive events for a specific event type. A PATROL Agent monitors target servers for events as per the policies configured in the PATROL Agent.
An event is received by TrueSight Infrastructure Management where the event is enriched with additional details. The event is sent to a TrueSight Orchestration gateway (monitor adapter), which converts the event into a common event model format.
TrueSight Orchestration applies triage to the event, and if the triage is successful, based on whether remediation is required, an incident is created or updated. A change and a task is created for the incident in BMC Remedy ITSM. Based on the approval process configured in BMC Remedy ITSM, TrueSight Orchestration performs remediation actions on the target server. After remediation is successful, TrueSight Orchestration validates whether the service is started successfully on the target server. Task, change, and incident are updated and closed in BMC Remedy ITSM.
At each stage, the event notes are updated with the appropriate status in TrueSight Infrastructure Management. After the ITSM tickets are closed, event notes display the event orchestration process status as complete.
Process flow
The following table explains each stage in the Event Orchestration runbook process for any event.
# | Stage | Product/ | Description |
|---|---|---|---|
1. | TrueSight Infrastructure Management main cell receives the event, where the event is enriched and sent to a TrueSight Orchestration gateway. | TrueSight Infrastructure Management | Event type enumeration, refinement rules, and filter rules are configured in the main cell. The main cell enriches the event and sends it to the TrueSight Orchestration gateway – TrueSight Operations Manager monitor adapter. |
2. | TrueSight Orchestration monitor adapter receives the event and converts it to a common event model format. | TrueSight Orchestration | Using a common event model ensures that consistent data is received by TrueSight Orchestration. When the incoming event type matches the event type defined in the TrueSight Orchestration rule, the Process Event Workflow is triggered. |
3. | As part of the Process Event Workflow, TrueSight Orchestration performs triage by using workflow processes to determine whether the event is valid and a problem exists on the target server. | TrueSight Orchestration | The Perform Triage workflow is invoked, which verifies whether the event is valid. |
4. | If the triage is successful, an incident is created in BMC Remedy ITSM. If during triage, it is found that the problem for which the event is generated does not exist, the event orchestration process does not continue. | BMC Remedy ITSM | If incident is not already created (via Business Service Resolution (BSR) integration), then, an incident ticket is created. If an incident is already created (via Business Service Resolution (BSR) integration), then, the incident notes are updated. |
5. | After an incident is created, a change and an associated task is also created. | BMC Remedy ITSM | |
6. | After a change is created, the change and incident association is created. | BMC Remedy ITSM | |
7. | When a change approver approves the change, the remediation action is started. | TrueSight Orchestration | The Perform Remediation workflow is invoked. |
8. | After the remediation is successful, TrueSight Orchestration validates whether the problem is resolved on the target server. | TrueSight Orchestration | The Perform Validation workflow is invoked. |
9. | TrueSight Orchestration updates the change and task in BMC Remedy ITSM and the incident is closed. | BMC Remedy ITSM |
Where to go from here
After understanding the end-to-end process flow of the Event Orchestration run book, you can now install the run book to implement in your environment. For more information, see Installing-the-Event-Orchestration-run-book.