Default language.

Event functions

Event functions are also known as void functions and do not return a value.

 

DropNewEvent

This function drops incoming events as they occur. After execution, the dropped events are not saved and are not available on the UI.

Important

You cannot add actions after this function in the policy workflow.

 

GenerateNewEvent

This function generates events for a specific event class. The following table lists the parameters and slots for the selected class that are displayed as inputs for the function. After execution, the generated event is displayed on the Events page.

Important

  • If you use an Enrich action after this function in the policy workflow, the enrichment applies to incoming events and not the generated event.
  • Manually specify variables (wherever applicable) for function inputs; for example, $dbname, $tablespace.
    When the policy is applied, the variable names are replaced with the variable values that you have configured in the policy workflow.
  • This function does not apply to an event if that event itself is generated from the GenerateNewEvent function.

Input

Input

Type

Description

Event Class

ENUM

Out-of-the-box or custom class for which you want to generate the event.

Default: Event

The following event classes are not supported:

  • Anomaly
  • Prediction
  • Situation

What happens to policies that use these restricted classes?

Existing policies that use the Anomaly, Prediction, and Situation classes are not impacted. However, if you update an existing policy, the policy fails because these restricted classes are not allowed.

You must remove these restricted classes when updating an existing policy.

Event Severity

ENUM

Severity for the generated event.

Default: Minor

Event Priority

ENUM

Priority for the generated event.

Default: Moderate

Source Hostname

String

Host name of the event provider.

We recommend a character limit of 256 characters.

Message

String

Message that you want to include in the generated event. Use the % character to include slot placeholders. When the policy is applied, the placeholders are replaced with values from the incoming event.

We recommend a character limit of 1024 characters.

Source Identifier

String

Unique event source identifier which can be used for associating the event with the Entity/CI.

We recommend a character limit of 256 characters.

Mandatory and dedup slots

String,

Integer,

List of string,

ENUM

Mandatory and dedup slots for the selected class. Dedup slots may or may not be mandatory. If you do not mention a value in dedup slots, a blank value is considered for enrichment. For more information on mandatory and dedup slots, see Slot-facets.

For example: If you select the Alarm class, Alarm ID is displayed as a dedup slot which is a mandatory slot.

If you haven’t set a default value for a slot in the event class definition, the function considers the slot value that you enter.

The date and List of integer data types are not supported for slots.

Non-mandatory slots

String,

Integer,

List of string,

ENUM

Choose additional slots to add in the generated event for the selected class by using the Add more slots.pngoption. You can also add slots for the event class that you selected in the Event Selection Criteria field while creating an advanced enrichment policy. For example, $NEW.Severity. This option does not list the read-only or internal slots. 

If you haven’t set a default value for a slot in the event class definition, the function considers the slot value that you enter.

If you have set a default value for a slot in the event class definition, but you haven’t added the slot in the function. In this case, the default value for the slot is considered the slot value.

Use the delete icon to delete the added slot.  Once you add and save a slot from the list, the slot is disabled for selection. To enable the slot, delete and add it again.

The date and List of integer data types are not supported for slots.

To understand a use case for this function, see Example-Generate-events-to-check-application-availability.

 

Important

You can add or modify a note in existing events. In the Update old events flow on the policy workflow, use the following functions after the Lookup action:

  • AddOperationNote
  • AddNote
  • SetNote

AddOperationNote

This function adds a note in an incoming or existing event when an event is assigned, acknowledged, unacknowledged, closed, owned, declined, or prioritized. A note is a list of strings that contains information such as the timestamp, owner, and note content. The following table lists the parameters that are displayed as inputs for the function. After execution, the note is displayed on the Event Details page.

Important

We recommend that you use this function after enriching the event status by using an Enrich action. If you enrich the event status to ASSIGN_TO, ensure that you assign an owner for the event by using an Enrich action.

Input

Input

Type

Description

Operation name

ENUM

Indicates the following event operations:

  • Assign
  • Acknowledge
  • Unacknowledge
  • Take ownership
  • Decline ownership
  • Set priority
  • Close

Note

String

Inserts a note that you want to include in the event.

We recommend a character limit of 256 characters.

You can specify the following value for this input:

  • Slot placeholders
    For example, %msg%, %severity%.
    When the policy is applied, the slot names in the existing or incoming events are replaced with appropriate slot values (not slot display values) from the incoming event.
  • Variables
    For example, $dbname, $tablespace.
    When the policy is applied, the variable names are replaced with the variable values that you have configured in the policy workflow.

If you want to specify a comma in the note content, use the backslash (\) character before the comma.

To understand a use case for this function, see Example-Add-operation-note-for-event-assignment.

 

AddNote

This function adds a note in an incoming or existing event. The following table lists the parameters that are displayed as inputs for the function. The owner of the note is set to the event policy name. After execution, the note is displayed on the Event Details page. 

Input

Input

Type

Description

Note

String

Inserts a note that you want to include in the event.

We recommend a character limit of 256 characters.

You can specify the following values for this input:

  • Slot placeholders
    For example, %msg%, %severity%.
    When the policy is applied, the slot names in the existing or incoming events are replaced with appropriate slot values (not slot display values) from the incoming event.
  • Variables
    For example, $dbname, $tablespace.
    When the policy is applied, the variable names are replaced with the variable values that you have configured in the policy workflow.
    You cannot specify global variables directly. Instead, store them as local variables by using the Variable action and access the stored global variables through local variables.
  • Existing or incoming event slot variables
    For example, $NEW.location or $OLD.msg.
    The variables are replaced with event slot values from the existing or incoming event.

If you want to specify a comma in the note content, use the backslash (\) character before the comma.

To understand a use case for this function, see Example-Add-notes-to-incoming-events-to-indicate-event-generation.

 

SetNote

This function modifies the note content for a specific note from a list of notes in an incoming or existing event. After execution, the modified note is displayed on the Event Details page. 

Important

You can modify only the text of the note but not the author and timestamp of the note.

Input

Input

Type

Description

Position

Integer

The sequence number of the note that you want to modify.

Notes are numbered, starting from 1 for the oldest note. To modify the most recent note, specify the position as 0.

If you specify an incorrect position, an exception message is displayed in the _errors slot for the event.

Note

String

The new text of the note that you want to set in the existing note of the event.

We recommend a character limit of 256 characters.

You can specify the following values for this input:

  • Slot placeholders
    For example, %msg%, %severity%.
    When the policy is applied, the slot names in the existing or incoming events are replaced with appropriate slot values (not the slot display values) from the incoming event.
  • Variables
    For example, $dbname, $tablespace.
    When the policy is applied, the variable names are replaced with the variable values that you have configured in the policy workflow.

If you want to specify a comma in the note content, use the backslash (\) character before the comma.

To understand a use case for this function, see Example-Retrieve-and-modify-notes-in-incoming-events.

 

LookupNodeDetails

This function fetches node details, such as node IP address, source, location, and so on, from BMC Discovery according to the Node ID (_node_id)slot and the topology lookup slots for an event class present in the incoming event. The fetched node details can further be used to enrich an incoming event. This function returns String or List of String node attribute values. You can use the LookupNodeDetails or the LookupNodeDetailsByKind function within a policy. You cannot use both functions together in a policy.

Important

  • This function can be used only once and we recommend using it at the start of the policy workflow.
  • If the _node_id value is empty for an event, the event enrichment is skipped and the _errors slot in the event is populated with the reason for the failure.

Input

Input

Type

Description

Node Attributes to fetch

List

Specify a comma-separated list of node attributes that you want to fetch from BMC Discovery. To refer to node attributes in BMC Discovery, run the GET/data/nodes/{node_id} endpoint by using the _node_id value present in an existing event. 

For more information, see Endpoints in the REST API.

The state attribute returned in the API response contains the node attribute details that you could specify for this input.

Example API response
{
 "destroyed": false,
 "kind": "Host",
 "modified": "2022-02-09T07:41:09.342211+00:00",
 "state": {
   "__all_dns_names": [
     "hostA.bmc.com"
    ],
   "__all_ip_addrs": [
     "<IP_address>",
     "fe80::250:56ff:feab:648a"
    ],
   "__all_mac_addrs": [
     "<Mac_address>"
    ],
   "__package_checksum": "m93tWP6dsxzyrPgqDgmWig==",
   "__patch_checksum": "11FxOYiYfpMxmANj4kGJzg==",
   "_tw_meta_data_attrs": [
     "cpe_string",
     "cpe_string_23",
     "cpe_id"
    ],
   "access_failure_count": 0,
   "age_count": 3,
   "cdm_virtual_system_type": 4,
   "cores_per_processor": 1,
   "cpe_id": "",
   "cpe_string": "cpe:/o:novell:suse_linux:11",
   "cpe_string_23": "cpe:2.3:o:novell:suse_linux:11:*:*:*:*:*:*:*",
   "cpu_resource_type": "VIRTUAL",
   "cpu_threading_enabled": false,
   "dns_domain": "bmc.com",
   "host_type": "UNIX Server",
   "hostname": "hostA",
   "kernel": "2.6.32.59-0.19.1.14514.1.PTF-default",
   "key": "hCNMEDtfRcF7pUWzPxX8vw==",
   "last_access_response": "Successful access",
   "last_update_failure": null,
   "last_update_success": "2021-01-18T17:47:20.377012+00:00",
   "local_fqdn": "hostA.bmc.com",
   "logical_ram": 15956,
   "model": "VMware Virtual Platform",
   "name": "aio-hostA",
   "new_endpoint_identity_count": 0,
   "no_response_count": 0,
   "num_cores": 2,
   "num_logical_processors": 2,
   "num_processors": 2,
   "nvd_url_part": "cpe%3A%2Fo%3Anovell%3Asuse_linux%3A11",
   "os": "SUSE Linux Enterprise Server 11 (x86_64) VERSION = 11 PATCHLEVEL = 1",
   "os_arch": "x86_64",
   "os_class": "UNIX",
   "os_type": "SuSE Linux",
   "os_vendor": "Novell",
   "os_version": "11",
   "package_count": 857,
   "patch_count": 0,
   "processor_speed": 2199,
   "processor_type": "Intel(R) Xeon(R) CPU E5-2660 0 @ 2.20GHz",
   "processor_vendor": "Intel Corporation",
   "service_pack": 1,
   "threads_per_core": 1,
   "type": "UNIX Server",
   "vendor": "VMware, Inc.",
   "virtual": true,
   "vm_class": "VMware"
 }
}

The attributes can be specified by using standard JSON path conventions. For example, the following attribute list can be used to retrieve node attributes:

["kernel", "os", "model", "kind", "__all_ip_addrs[0]"]

After the attributes are fetched, you can use these attributes as local variables in the function input by using the $NODE prefix to further enrich events. For example: $NODE. kernel and $NODE.os.

Make sure that you provide the node attribute name as it exists in BMC Discovery. If you provide an attribute name for which there is no value present in BMC Discovery, the variable name is set as the variable value in the enriched event. For example, assuming that the kernel value is not present in BMC Discovery, the detailed message slot is set to $NODE. kernel in the enriched event instead of the actual value and the _errors slot in the event is populated with the reason for the failure.

To understand a use case for this function, see Example-Enrich-events-with-node-details.

 

LookupNodeDetailsByKind

This function fetches node information for node kinds from BMC Discovery for a specific node kind and node selection criteria. If this function fetches multiple nodes in the lookup, only the first node fetched will be used to access the node attributes.

The fetched node details can further be used to enrich an incoming event. You can use the LookupNodeDetailsByKind or the LookupNodeDetails function within a policy. You cannot use both functions together in a policy. If the event satisfies the event selection criteria of multiple policies that use this function, the system executes only the first policy with the highest precedence on the event.

Input

Input

Type

Description

Node Selection Criteria

String

Specify the criteria for fetching nodes from BMC Discovery. You can specify event slots or variables of the String data type.

For example: ( $NEW.source_hostname in name OR $NEW.source_hostname in short_name )

Here, the operand before the operator is the event slot value in BMC Helix Operations Management, which you want to search, and the operand after the operator is the attribute name in BMC Discovery.

The in and has_subword operators are supported in the node selection criteria. The AND and OR logical operators are supported.

Node attributes to fetch

List

Specify a comma-separated list of node attributes that you want to fetch from BMC Discovery. To refer to node attributes in BMC Discovery, run the GET/data/nodes/{node_id} endpoint by using the _node_id value present in an existing event. 

For more information, see Endpoints in the REST API.

The state attribute returned in the API response contains the node attribute details that you could specify for this input.

Example API response
{
 "destroyed": false,
 "kind": "Host",
 "modified": "2022-02-09T07:41:09.342211+00:00",
 "state": {
   "__all_dns_names": [
     "hostA.bmc.com"
    ],
   "__all_ip_addrs": [
     "<IP_address>",
     "fe80::250:56ff:feab:648a"
    ],
   "__all_mac_addrs": [
     "<Mac_address>"
    ],
   "__package_checksum": "m93tWP6dsxzyrPgqDgmWig==",
   "__patch_checksum": "11FxOYiYfpMxmANj4kGJzg==",
   "_tw_meta_data_attrs": [
     "cpe_string",
     "cpe_string_23",
     "cpe_id"
    ],
   "access_failure_count": 0,
   "age_count": 3,
   "cdm_virtual_system_type": 4,
   "cores_per_processor": 1,
   "cpe_id": "",
   "cpe_string": "cpe:/o:novell:suse_linux:11",
   "cpe_string_23": "cpe:2.3:o:novell:suse_linux:11:*:*:*:*:*:*:*",
   "cpu_resource_type": "VIRTUAL",
   "cpu_threading_enabled": false,
   "dns_domain": "bmc.com",
   "host_type": "UNIX Server",
   "hostname": "hostA",
   "kernel": "2.6.32.59-0.19.1.14514.1.PTF-default",
   "key": "hCNMEDtfRcF7pUWzPxX8vw==",
   "last_access_response": "Successful access",
   "last_update_failure": null,
   "last_update_success": "2021-01-18T17:47:20.377012+00:00",
   "local_fqdn": "hostA.bmc.com",
   "logical_ram": 15956,
   "model": "VMware Virtual Platform",
   "name": "aio-hostA",
   "new_endpoint_identity_count": 0,
   "no_response_count": 0,
   "num_cores": 2,
   "num_logical_processors": 2,
   "num_processors": 2,
   "nvd_url_part": "cpe%3A%2Fo%3Anovell%3Asuse_linux%3A11",
   "os": "SUSE Linux Enterprise Server 11 (x86_64) VERSION = 11 PATCHLEVEL = 1",
   "os_arch": "x86_64",
   "os_class": "UNIX",
   "os_type": "SuSE Linux",
   "os_vendor": "Novell",
   "os_version": "11",
   "package_count": 857,
   "patch_count": 0,
   "processor_speed": 2199,
   "processor_type": "Intel(R) Xeon(R) CPU E5-2660 0 @ 2.20GHz",
   "processor_vendor": "Intel Corporation",
   "service_pack": 1,
   "threads_per_core": 1,
   "type": "UNIX Server",
   "vendor": "VMware, Inc.",
   "virtual": true,
   "vm_class": "VMware"
 }
}

The attributes can be specified by using standard JSON path conventions. For example, the following attribute list can be used to retrieve node attributes:

["type", "os", "model", "os_class"]

After the attributes are fetched, you can use these attributes as local variables in the function input by using the $NODE prefix to further enrich events. For example: $NODE.type and $NODE.os.

Make sure that you provide the node attribute name as it exists in BMC Discovery. If you provide an attribute name for which there is no value present in BMC Discovery, the variable name is set as the variable value in the enriched event. For example, assuming that the kernel value is not present in BMC Discovery, the detailed message slot is set to $NODE. kernel in the enriched event instead of the actual value and the _errors slot in the event is populated with the reason for the failure.

Node kind

String

Specify the node kind. For example, the following node kinds in BMC Discovery are supported:

Click to expand
  • AdminCollection
  • BusinessApplicationInstance
  • BusinessService
  • CandidateSoftwareInstance
  • CloudManagementGroup
  • CloudProvider
  • CloudRegion
  • CloudResource
  • CloudService
  • Cluster
  • ClusterMember
  • ClusterResource
  • ClusterService
  • CouplingFacility
  • Database
  • DatabaseDetail
  • Deployment
  • DiskDrive
  • FibreChannelHBA
  • FibreChannelNode
  • FibreChannelPort
  • File
  • FileSystem
  • FunctionalComponent
  • HardwareComponent
  • HardwareContainer
  • HardwareDetail
  • Host
  • HostContainer
  • IPAddress
  • LoadBalancerGroup
  • LoadBalancerInstance
  • LoadBalancerMember
  • LoadBalancerPool
  • LoadBalancerService
  • MFPart
  • Mainframe
  • ManagementController
  • Namespace
  • NetworkDevice
  • NetworkInterface
  • Package
  • Patch
  • Printer
  • ProcessorInfo
  • RuntimeEnvironment
  • SNMPManagedDevice
  • SoftwareCluster
  • SoftwareComponent
  • SoftwareContainer
  • SoftwareInstance
  • SoftwarePod
  • Storage
  • StorageCollection
  • StorageConnection
  • StorageDevice
  • StorageNamespace
  • StoragePool
  • StorageProcessor
  • StorageSystem
  • StorageSystemGroup
  • StorageVolume
  • StorageVolumeMirror
  • Subnet
  • TapeDrive
  • TechnicalService
  • VirtualMachine

To understand a use case for this function, see Example-Enrich-events-with-node-details-according-to-the-node-kind.

 

AssociateEventToNode 

This function fetches the topology information from BMC Discovery in an event according to specific node selection criteria and node kind. Use this function in the refinement policy to perform topology enrichment by using string event slots in addition to the default topology (class-based topology enrichment) slots defined in the event class. 

An event is associated with the first matching node from the list of node kinds in the Node kind field. If no matching node is found, subsequent nodes from the Node kind field are checked for a match.

Important

  • This function can be used only once in the policy. If you use this function in multiple policies, the policy with the highest precedence is executed, and the execution of this function in other policies is skipped.
  • If the event satisfies the event selection criteria of multiple policies that use this function, the system executes only the first policy with the highest precedence on the event.
  • If the system executes policy-based topology enrichment by using this function, the default class-based topology enrichment is skipped.

Input

Input

Type

Description

Skip Node Association

Boolean

Select this check box to skip both the node and service enrichment in an event.

Skip Service Association

Boolean

Select this check box to skip the service enrichment but perform the node enrichment in an event.

Node Selection Criteria

String

Specify the criteria for fetching nodes from BMC Discovery. You can specify event slots or variables of the String data type.

The in and has_subword operators are supported in the node selection criteria. The AND and OR logical operators are supported.

For example:

  • $NEW.source_hostname in name
  • name has_subword $NEW.source_hostname
  • ( $NEW.source_hostname in name OR short_name has_subword $NEW.source_hostname ) AND $NEW._ci_id in external_ids

$NEW.source_hostname and $NEW._ci_id are the event slot values in BMC Helix Operations Management and name, short_name, and external_ids are the attribute names in BMC Discovery.

Enclose the words with quotation marks to find the number of words in the text without considering their order.

For example, os_type has_subword "Red Hat Linux." 

This condition is true if all the words "Red", "Hat", and "Linux" are found as subwords of the full text not limiting results to the exact phrase match.

For example, if os_type is "Red Hat Enterprise Linux" or "Enterprise Linux Red Hat ", the search in the previous example returns true.

Node kind

String

Specify the node kind. You can specify multiple node kinds. If no matching node is found for event association, subsequent nodes from the Node kind field are checked for a match in the sequence added in the Node kind field.
 

For example, the following node kinds in BMC Discovery are supported:

Click to expand
  • AdminCollection
  • BusinessApplicationInstance
  • BusinessService
  • CandidateSoftwareInstance
  • CloudManagementGroup
  • CloudProvider
  • CloudRegion
  • CloudResource
  • CloudService
  • Cluster
  • ClusterMember
  • ClusterResource
  • ClusterService
  • CouplingFacility
  • Database
  • DatabaseDetail
  • Deployment
  • DiskDrive
  • FibreChannelHBA
  • FibreChannelNode
  • FibreChannelPort
  • File
  • FileSystem
  • FunctionalComponent
  • HardwareComponent
  • HardwareContainer
  • HardwareDetail
  • Host
  • HostContainer
  • IPAddress
  • LoadBalancerGroup
  • LoadBalancerInstance
  • LoadBalancerMember
  • LoadBalancerPool
  • LoadBalancerService
  • MFPart
  • Mainframe
  • ManagementController
  • Namespace
  • NetworkDevice
  • NetworkInterface
  • Package
  • Patch
  • Printer
  • ProcessorInfo
  • RuntimeEnvironment
  • SNMPManagedDevice
  • SoftwareCluster
  • SoftwareComponent
  • SoftwareContainer
  • SoftwareInstance
  • SoftwarePod
  • Storage
  • StorageCollection
  • StorageConnection
  • StorageDevice
  • StorageNamespace
  • StoragePool
  • StorageProcessor
  • StorageSystem
  • StorageSystemGroup
  • StorageVolume
  • StorageVolumeMirror
  • Subnet
  • TapeDrive
  • TechnicalService
  • VirtualMachine

To see an example use case for this function, see Example-Enrich-topology-information-by-using-event-policy.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*