Example: Assign event owner according to the time frame status

To conditionally enrich the event owner based on the time frame status and notify operators of the event enrichment, as an administrator, I want to use the IsActiveTimeFrame function to check the time frame status in an advanced enrichment policy.

Scenario

Sarah is an administrator at Apex Global. She wants to configure a policy that assigns events to different event owners according to the holiday calendar in their time zone. To achieve this goal, she performs the following steps:

  1. Define the event selection criteria.
  2. Create the time frame in an event policy.
  3. Build the policy workflow.

Related topic

Actions-for-advanced-and-time-based-enrichment


To define the event selection criteria

  1. Select Configuration > Event Policiesclick Create and enter a policy name.
  2. In Event Selection Criteria, define a condition to select open events that contain the message CPU utilization exceeds 85%.

The following image illustrates how the event selection criteria will look:

Event selection criteria IsActiveTimeFrame.png

To learn how to construct the event selection criteria, see Creating-and-enabling-event-policies.

To create the time frame in an event policy

Create time frames according to the holiday calendar of the user's time zone. To learn about creating time frames, see Setting-event-policy-schedules-by-using-time-frames.

For example, you could create a time frame for a user in the IST time zone and another time frame for a user in the Brisbane time zone as shown in the following images:

Time frame IST.png

Time frame brisbane.png

To build the policy workflow

The following workflow diagram gives you a high-level overview of the policy workflow creation process:

Assign event owner based on time frame status workflow.png

  1. In Policy Configuration, select Advanced Enrichment.
    TipYou can hover over an action to view the complete label for the action as shown:Action_hover.png
  2. Click Lookup to look up existing events for which you want to assign an owner.
    Lookup existing events IsActiveTimeFrame.png

  3. Add the Update old events action to run the policy actions on existing events.
    Update old events IsActiveTimeFrame.png
  4. Add a Variable action to check whether the time frame for the IST time zone is active and store the result in the TimeFrameStatusIST variable.
    IST variable IsActiveTimeFrame.png
  5. Add another Variable action to check whether the time frame for the Brisbane time zone is active and store the result in the TimeFrameStatusBrisbane variable.
    Brisbane variable IsActiveTimeFrame.png
  6. Add an If action to compare the time frame status of the IST time zone.
    If action IST IsActiveTimeFrame.png
  7. Based on the time frame status in the preceding step, in the Then part, add an Enrich action to assign the existing event to Jack.
    Enrich owner IST IsActiveTimeFrame.png
  8. In the Else part, add an If action to compare the time frame status of the Brisbane time zone.
    If action Brisbane IsActiveTimeFrame.png
  9. Based on the time frame status in the preceding step, in the Then part, add an Enrich action to assign the existing event to Jim.
    Enrich owner Brisbane IsActiveTimeFrame.png

Results

The resulting policy workflow enriches the event owner based on the time frame status.

Without event enrichment

Without event enrichment IsActiveTimeFrame.png

With event enrichment

With event enrichment IsActiveTimeFrame.png

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*