This documentation supports an earlier version of BMC Helix Operations Management.To view the documentation for the latest version, select 23.3 from the Product version picker.

Event selection criteria

When you click in the box, you are prompted to make a selection. Each time you make a selection, you are progressively prompted to make another selection. 

The selection criteria consist of an opening parenthesis, followed by the slot name, the operator, the slot value (which can be a string based on the type of slot selected), and the closing parenthesis. Use the No Bracket (default) option to specify criteria conditions in a simplified manner. You can optionally select the logical operator AND or OR to add additional conditions. Specifying the opening and closing parentheses is optional. 

For more information about slot data types and event operators, see Slot-data-types.

Click Add selection criteria.pngto specify multiple classes in the selection criteria. You can specify a maximum of 5 event classes. The multiple class conditions in the selection criteria are separated by using the OR operator.

Example scenario

Sarah is an administrator at Apex Global. She has to create a separate event policy for each class if she wants to use the same policy configuration across different event classes. Creating these policies is a tedious task because the event class count is huge. Now, she can click Add selection criteria.pngin the event selection criteria to specify multiple classes, use the policy configurations across these classes in a single policy, and reduce the time that she used to spend creating separate policies for each class.

Important

  • You cannot directly specify an empty string in the selection criteria. However, you can specify an empty string by using regular expressions (regex) as follows:

    slotName Matches (^$|^.*@.*\\..*$)

    The following table shows the regular expression equivalent for a string::

  • If you specify multiple classes in the event selection criteria, you cannot use the following criteria as the only criteria to filter events:
    Criteria: Class Equals Event

Example criteria: If you specify the following criteria, all the ALARM events that contain "database" in the message and all the PATROL events that arrive from hosts that begin with "clm" and contain "database" in the message are selected and the policy is applied to them.

The green tick mark indicates that the event selection criteria syntax is correct.

Multiple class support in event selection criteria.png

For the slot value, you can specify global variables as shown in the following image:

Global_var_in_selection_criteria1.png

During execution of the policy, the global variable name is replaced with the variable value. For more information about global variables, see Information-sharing-between-enrichment-policies-with-global-variables.

You can also copy the criteria by clicking Copy Copy.png. The copied criteria can be reused in subsequent policies by pressing Ctrl+V in the Event Selection Criteria field.

About specifying the class

A condition based on the class slot must be specified before any other condition. In the subsequent conditions, the list of slots change based on the class specified. The subsequently displayed slots are subclasses of the parent class selected in the first condition.

For example, in the following image notice the list of slots specific to the selected Alarm class.

event selection criteria class.png