Defining event policies for enrichment, correlation, notification, and suppression

As an administrator, use event policies to process events and set up routine actions for event management quickly and easily. With these policies, you can define actions that must be run when events with specific conditions are generated. Event policies process only incoming events.

Use event polices to perform the following actions to identify actionable events:

Refine event information by performing event enrichment.
Establish event relationships by correlating events.
Filtering unwanted events by suppressing events.
Generate event based notifications based on certain conditions.

We do not recommend that you use event policies to process existing events. For example, processing events that are 7 days old.

Related topics

Collecting data

Monitoring and managing events

Each event policy consists of the following details:

The basic policy information such as the name, description, and precedence.
An event selection criteria, which is the first filter based on which incoming events are selected for further processing.
A time frame for the policy to be active.
A built-in evaluation order for the different types of event policies configured.
The configuration settings that define actions to determine how the events must be processed.

Except the evaluation order, you can configure these details while configuring an event policy.

Event enrichment and correlation	Event notification and suppression
Advanced, time-based, and dynamic enrichment policies Creating and enabling event policies	Creating and enabling event policies Event deduplication and suppression for filtering unwanted events Event policy types and evaluation order Event-based notifications for alerting users Example event policies for enrichment, correlation, notification, and suppression

Defining event policies for enrichment, correlation, notification, and suppression

BMC Helix Operations Management 25.4

On this page