Example: Close events when the event priority changes

Scenario

Suppose you want to automatically close Server A events only when their priority changes from High or Highest to Low or Lowest.

In the following video (5:03), skip to 3:07 to understand this example.

icon_play@2x.png https://youtu.be/TYhpm0h8IEc

To close events when the event priority changes, perform the following steps:

  1. Define the event selection criteria.
  2. Build the policy workflow.

Actions involved

  • Trigger-If
  • Enrich

To define the event selection criteria

  1. Select Configuration > Event Policies and click Create.
  2. In the Event Selection Criteria, define a condition to select incoming events with the message containing "Server A".

The following image illustrates how the event selection criteria will look.

use case 2 event selection criteria.png

To build the policy workflow

On the Advanced Enrichment page, perform the following steps to build the policy workflow:

  1. Under the Trigger-If Settings, define a condition to monitor the priority value when it changes from High or Highest to Low or Lowest.
    use case 2 Trigger-If settings.png

    Tip

    You can also use the Trigger-If action with the slots of String and Integer data types in addition to the Enum data type. For example, you can use the action to trigger event processing if the Location slot changes from an empty to a nonempty value by using regular expressions with the Matches operator as shown in the following image:

    Slot change from empty to non-empty.png

  2. Add an Enrich action to change the status of such events to Closed.
    use case 2 Enrich settings.png

Results

The resulting policy workflow closes events when the event priority changes as shown in the following image:

use case 2 workflow_Sep_2021.png

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*