Example: Retrieve and modify notes in incoming events
Fetch a note from a list of notes, enrich the event message with the note content, and update the note only if the event status changes by using an advanced enrichment policy.
Actions involved: Trigger-If, Variable, Enrich, Function
Event selection criteria: Define a condition to select events from the EVENT class, and message that contains, "testApp".
The following image illustrates how the event selection criteria will look.
Important
You can hover over an action to view the complete label for the action as shown in the following screenshot:
Build the policy workflow:
- Add the Trigger-If action by defining a condition, under the Trigger-If Settings, that checks whether the event status changes.
- To retrieve a note from an incoming event, add the Variable action to store the result of the GetNote function as the variable value. This function returns the timestamp, author, and content of the note.
- Now, from the note that you retrieved in the previous step, say, you want to fetch only the note content, add the Variable action to store the result of the ListGetElement function as the variable value.
- Add an Enrich action to enrich the event message and append the note content you retrieved in the previous step to the message.
- To modify a note by using the policy, add a Function action.
Retrieve and modify notes in incoming events workflow: The following image illustrates how the policy workflow will look.
Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*