This site will undergo a maintenance outage on Saturday, 13 September beginning at 2:30 AM Central/1 PM IST for a platform upgrade. The downtime will be ~three hours.

This documentation supports the releases of BMC Helix Operations Management up to December 31, 2021.To view the documentation for the latest version, select 23.1 from the Product version picker.

Policy-based situations

A situation comprises events associated with the same or different host that are aggregated based on their occurrence, message, topology, or a combination of these factors. Events are collected from multiple sources across infrastructure, application, and network resources available from various monitoring solution vendors.

As a tenant administrator or a custom user with manage situations permissions, you can create a policy-based event aggregation to:

  • Derive actionable insights.
  • Investigate the aggregated events.
  • Reduce the event noise.
  • Improve the mean time to resolve (MTTR) based on the situation driven workflow.
  • Lower the mean time to detect or discover (MTTD) and the time required for investigating tickets.

Policy-based situations

The policy-based (also known as rule-based) situation uses a correlation event policy to aggregate events and identify situations in the system. 

The following diagram shows how the Situations are created from the raw events:

Related topics

Roles-and-permissions
Correlating events
Performing event operations
Creating a correlation event policy

situations_workflow_2102.png

Example

If a host is shut down, you will receive numerous events related to various applications running on that host.

In this scenario, you can create a correlation policy to aggregate all the events with the same host name: Host_1

Events received:

  • Unable to authenticate application1 at <hh:mm:ss>
  • Process down at <hh:mm:ss>
  • Memory utilization > 20% at <hh:mm:ss>
  • Memory utilization > 60-80 % at <hh:mm:ss>
  • Longer time to load app at <hh:mm:ss>

Derived Situation from the example scenario:

Server is down at <hh:mm:ss>.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*