This documentation supports the releases of BMC Helix Operations Management up to December 31, 2021.To view the documentation for the latest version, select 23.1 from the Product version picker.

Policy-based situations

A situation comprises events associated with the same or different host that are aggregated based on their occurrence, message, topology, or a combination of these factors. Events are collected from multiple sources across infrastructure, application, and network resources available from various monitoring solution vendors.

As a tenant administrator or a custom user with manage situations permissions, you can create a policy-based event aggregation to:

  • Derive actionable insights.
  • Investigate the aggregated events.
  • Reduce the event noise.
  • Improve the mean time to resolve (MTTR) based on the situation driven workflow.
  • Lower the mean time to detect or discover (MTTD) and the time required for investigating tickets.

Policy-based situations

The policy-based (also known as rule-based) situation uses a correlation event policy to aggregate events and identify situations in the system. 

The following diagram shows how the Situations are created from the raw events:

Related topics

Roles-and-permissions
Correlating events
Performing event operations
Creating a correlation event policy

situations_workflow_2102.png

Example

If a host is shut down, you will receive numerous events related to various applications running on that host.

In this scenario, you can create a correlation policy to aggregate all the events with the same host name: Host_1

Events received:

  • Unable to authenticate application1 at <hh:mm:ss>
  • Process down at <hh:mm:ss>
  • Memory utilization > 20% at <hh:mm:ss>
  • Memory utilization > 60-80 % at <hh:mm:ss>
  • Longer time to load app at <hh:mm:ss>

Derived Situation from the example scenario:

Server is down at <hh:mm:ss>.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*