This documentation supports the releases of BMC Helix Operations Management up to December 31, 2021.To view the documentation for the latest version, select 23.1 from the Product version picker.

Example: Drop duplicate events and update the existing event with new severity

Suppose you want to look up existing duplicate events of a third-party application that are open. Additionally, suppose you want to:

  • Drop the incoming duplicate events.
  • Update the existing event severity with the new event severity.

Actions involved: Lookup, Function, Enrich

Event selection criteria: Define a condition to select events from the third-party application (with the custom event class).

The following image illustrates how the event selection criteria will look.

custom class event sel.png

Build the policy workflow:

  1. Add the Lookup action. Under the Lookup Settings, select With duplicate events.
    Lookup settings Sep_21.png

  2. Under Update new event, add the Function action to drop incoming duplicate events.
    Function settings login failure Sep 21.png

  3. Under Update old events, add an Enrich action to update the event severity.
    Lookup enrich settings.png 

Final workflow: The following image illustrates how the policy workflow will look.

Lookup workflow_Sep_2021.png

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*