This documentation supports the releases of BMC Helix Operations Management up to December 31, 2021.To view the documentation for the latest version, select 23.1 from the Product version picker.

Defining an external source file for dynamically enriching events

You need to define and format an external source file for performing dynamic event enrichment.

Note

You need an external enrichment source file to create a dynamic enrichment policy only. Such a file is not required for other types of enrichment such as basic enrichment, advanced enrichment, and time-based enrichment.

To create a dynamic event enrichment source file

  1. Create a .CSV file.
  2. Enter information that corresponds to each of the match and enrichment values that you plan to define in the policy. 

  3. Specify a comma-separated list of values for match and enrichment slots; do not exceed 1000 rows or lines. 

    The specified number of values specified in each row must be the same.

    Important

    Both, the dynamic enrichment policy definition and the source file must contain the exact number of match slots and enrichment slots and in the same order.

    • The count for match slots and enrichment slots must be equal to the number of slots given in the source file at a row level.
    • The match slot values must be defined before the enrichment slot values.
    • The order of the match slot values must correspond to the order of the match slots that you plan to define in the policy.

    If there is a mismatch, the policy will not run.

    For example, suppose your source file contains the following data. In the policy, the total number of match slots and enrichment slots must be equal to three because the source file contains three types of values only.

    In the following table, each column corresponds to a type of slot value. Column A corresponds to the match slot Status; column B corresponds to the match slot Severity; and column C corresponds to the enrichment slot Message. Based on the following definition, while creating the dynamic enrichment policy, you need to select the Status slot first, followed by the Severity slot, and finally the enrichment slot Message.

    A (Status)

    B (Severity)

    C (Message)

    If condition

    Then condition

    OPEN

    CRITICAL

    Host A: Requires restart

    OPEN

    MAJOR

    Status requires action

    ASSIGNED

    MAJOR

    Status requires action


To create a dynamic event enrichment source file from a sample file

  1. Configure an event policy by specifying the basic policy details and the event selection criteria. 
  2. Select the policy type, Advanced Enrichment.
  3. In the policy canvas, click Dynamic Enrichment.
  4. Under the Import Settings, click Download Template.
  5. A sample CSV file is downloaded.
  6. Replace the file information with appropriate match and enrichment values as described in step 2 for creating a dynamic event enrichment source file


Examples for specifying data in the source file

Example 1: Suppose your source file contains the following data. In the policy, the total number of match slots and enrichment slots must be equal to three because the source file contains three types of values only.

In the following table, each column corresponds to a type of slot value:

  • Column A corresponds to the match slot, Status. 
  • Column B corresponds to the match slot, Severity.
  • Column C corresponds to the enrichment slot, Message. 

Based on the following definition, while creating the dynamic enrichment policy:

  • Under the Match Settings, you need to select the Status slot first, followed by the Severity slot. 
  • Under the Enrich Settings, you need to select the Message slot. 

Also, notice the commented lines mentioned in column D. You can comment lines by preceding them with the hash symbol (#). Commented lines are not considered for matching and enriching. 

Example 2: Suppose your source file contains the following data.

In the following table, each column corresponds to a type of slot value:

  • Column A corresponds to the match slot, Severity.
  • Column B corresponds to the match slot, Location.
  • Column C corresponds to the match slot, Owner (or the assigned user).
  • Column D corresponds to the enrichment slot, Message.

In the values to be used for matching, you can specify asterisk as the wildcard character. In the values to be used for enriching, you can specify slot placeholders. When the policy is applied, the slot names are replaced with appropriate slot values from the incoming event.

In the preceding table, you can see how a leading asterisk, a trailing asterisk, and an asterisk all by itself is specified in the values to be used for matching. You can also see the placeholder slots specified for the values to be used for enriching.

At the time of matching, if the matching preference is set to Best Match, then the following order of preference is applied:

  1. exact match (for example, CRITICAL)
  2. starts with (for example, CRIT*)
  3. ends with (for example, *RITICAL)
  4. contains (for example, *RITIC*)
  5. any (for example, *)

Column E in the following table indicates how the values would be processed based on the Best Match and First Match preference:

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*