Class instance definition syntax

The basic syntax for class instance definition is as follows:

The syntax elements are defined as follows:

Class definition examples

In the following example, the data class SEVERITY_BY_APP_DOWN assigns specific severities to the appropriate APP_DOWN events:

Class definition example

All slots with key set to yes make up the primary key to the data class. The primary keys of all data instances must be unique. Moreover, the key is used internally to index the data table, which increases the performance of the rule engine when it searches the table.

In the following example, the SECURITY_EVENT class inherits all of the slots of the EVENT class. 

Class hierarchy definition example

In the following example, the LOGIN_EVENT class inherits all the slots of SECURITY_EVENT and adds two new slots, mc_host and user. These two new slots are declared with facet dup_detect=yes. This means that two event instances are considered identical if they have the same values for these slots. 

Superclass definition example

In the following example, the LOGIN_FAILURE class is a subclass of LOGIN_EVENT. It inherits all the slots except the severity slot, which is inherited from the base EVENT class; the default value is set to MINOR for this class.

Subclass definition example

In the following example, the AppByHost data class is a table that stores a list of applications present on each host. The host slot is defined as the unique key for this table. The system will prevent the creation of two AppByHost class instances, or a subclass of AppByHost, with the same host slot value.

Data class definition example

In the following example, the location class is an interface class with a single slot, site.

Interface class definition example

You can also define data instances in the Administration console.