This documentation supports an earlier version of BMC Helix Operations Management.To view the documentation for the latest version, select 23.1 from the Product version picker.

Defining an external source file for dynamically enriching events

You need to define and format an external source file for performing dynamic event enrichment.

Note

You need an external enrichment source file to create a dynamic enrichment policy only. Such a file is not required for other types of enrichment such as basic enrichment, advanced enrichment, and time-based enrichment.

Related topic

Managing-data-tables-in-dynamic-enrichment-policies-with-REST-APIs

To create a dynamic event enrichment source file

  1. Create a .CSV file.
  2. Enter information that corresponds to each of the match and enrichment values that you plan to define in the policy. 

  3. Specify a comma-separated list of values for match and enrichment slots. You can configure up to 10000 rows or lines in the .CSV file with a size up to 4 MB.

    The specified number of values specified in each row must be the same.

    Important

    1. Do not specify an opening square bracket ([), closing square bracket (]), and a comma (,) in the match or enrichment values of the CSV file because they might cause file import issues. But, if you choose to specify these characters in the content, make sure that you use an escape (\) character before the opening square bracket ([), closing square bracket (]), and the comma by using a double slash in the match or enrichment values.

    2. Both, the dynamic enrichment policy definition and the source file must contain the exact number of match slots and enrichment slots and in the same order.

      • The count for match slots and enrichment slots must be equal to the number of slots given in the source file at a row level.
      • The match slot values must be defined before the enrichment slot values.
      • The order of the match slot values must correspond to the order of the match slots that you plan to define in the policy.

      If there is a mismatch, the policy will not run.

      For example, suppose your source file contains the following data. In the policy, the total number of match slots and enrichment slots must be equal to three because the source file contains three types of values only.

      In the following table, each column corresponds to a type of slot value. Column A corresponds to the match slot Status; column B corresponds to the match slot Severity; and column C corresponds to the enrichment slot Message. Based on the following definition, while creating the dynamic enrichment policy, you need to select the Status slot first, followed by the Severity slot, and finally the enrichment slot Message.

      A (Status)

      B (Severity)

      C (Message)

      If condition

      Then condition

      OPEN

      CRITICAL

      Host A: Requires restart

      OPEN

      MAJOR

      Status requires action

      ASSIGNED

      MAJOR

      Status requires action


To create a dynamic event enrichment source file from a sample file

  1. Configure an event policy by specifying the basic policy details and the event selection criteria. 
  2. Select the policy type, Advanced Enrichment.
  3. In the policy canvas, click Dynamic Enrichment.
  4. Under the Import Settings, click Download Template.
  5. A sample CSV file is downloaded.
  6. Replace the file information with appropriate match and enrichment values as described in step 2 for creating a dynamic event enrichment source file


Example: Specify match slots and enrichment slots in the policy equal to the slots in the source file

Suppose your source file contains the following data. In the policy, the total number of match slots and enrichment slots must be equal to three because the source file contains three types of values only.

In the following table, each column corresponds to a type of slot value:

  • Column A corresponds to the Status match slot. 
  • Column B corresponds to the Severity match slot.
  • Column C corresponds to the Message enrichment slot.

Based on the following definition, while creating the dynamic enrichment policy:

  • Under the Match Settings, you need to select the Status slot first, followed by the Severity slot. 
  • Under the Enrich Settings, you need to select the Message slot. 

Also, notice the commented lines mentioned in column D. You can comment lines by preceding them with the hash symbol (#). Commented lines are not considered for matching and enriching. 

Example: Source file for specifying wildcard characters and slot placeholders

Suppose your source file contains the following data.

In the following table, each column corresponds to a type of slot value:

  • Column A corresponds to the Severity match slot.
  • Column B corresponds to the Location match slot.
  • Column C corresponds to the Owner (or the assigned user) match slot.
  • Column D corresponds to the Message enrichment slot.

In the values to be used for matching, you can specify asterisk as the wildcard character. In the values to be used for enriching, you can specify slot placeholders. When the policy is applied, the slot names are replaced with appropriate slot values from the incoming event.

In the preceding table, you can see how a leading asterisk, a trailing asterisk, and an asterisk all by itself is specified in the values to be used for matching. You can also see the placeholder slots (%slotname%) specified for the values to be used for enriching.

At the time of matching, if the matching preference is set to Best Match, then the following order of preference is applied:

  1. exact match (for example, CRITICAL)
  2. starts with (for example, CRIT*)
  3. ends with (for example, *RITICAL)
  4. contains (for example, *RITIC*)
  5. any (for example, *)

Column E in the following table indicates how the values would be processed based on the Best Match and First Match preference:

Example: Source file for specifying regular expressions

Suppose your source files contain the sample data present in the following tables. In the following tables, each column corresponds to a type of slot value:

  • Column A corresponds to the Location match slot.
  • Column B corresponds to the Status match slot.
  • Column C corresponds to the Owner (or the assigned user) enrichment slot.

Example source file 1

Example source file 2

Example source file 3

In the values to be used for matching, you can specify regular expressions.

In the preceding table, you can see a few examples of regular expressions (.*, [a-z], ab*c, [^a], a+, a?) that you can specify in the values to be used for matching.

At the time of matching, if the matching preference is set to Best Match, then the following order of preference is applied:

  1. exact match 
  2. starts with
  3. ends with
  4. contains
  5. regular expressions
  6. any


Precedence among regular expressions

While evaluating the best match, the first regular expression specified in a list of expressions is given preference over the other expressions.

For example, if you specify a regular expression in row 2, row 3, and row 4 for a column in the source file, then the best match preference is given to row 2.

Refer to the following table to understand how the values in the example source files would be processed based on the Best Match and First Match preference:

  • Column A corresponds to values in the incoming event
  • Column B corresponds to the example source file number
  • Column C corresponds to the best match (row number in the example source file) 
  • Column D corresponds to the first match (row number in the example source file)