Rules

There are two types of Rules used by Fault Analytics: Event Rules and Duplicate Event Rules. Event Rules are used to perform actions once rule conditions are met. Duplicate Event Rules are used to suppress subsequent duplicate events for a period of time. Using these two types of rules, you can be notified if a particular fault event occurs three times within a 30-minute period, suppress all faults for a particular program, set certain event field values, or specify that an e-mail be sent.

Event Rules define a set of conditions and a set subsequent actions should those conditions be true. Conditions consist of field names, operators, literals, and thresholds (how many times an event occurs that meets all other conditions within a given period). Actions consist of assigning values to an existing fields, sending e-mail notifications to a distribution list, processing or deleting the event, or assigning a value to a user-created temporary field.

Duplicate Event Rules define a set of criteria (event types, fields, and time period) with an action to suppress subsequent events whose values are the same for the given criteria (duplicates). Duplicate Event Rules allow the first occurrence of a specific event to be processed, but suppress all subsequent events that meet the user-specified duplicate rule conditions for a period of time.

For example, you can create a rule to notify you only if a particular fault event occurs three times within a 30-minute period, suppress all faults for a particular program, set certain event field values, or specify that an e-mail be sent.

Event rule elements

  • Conditions consist of field names, operators (for example: equals, startswith, contains), boolean logic, and literals.
  • Actions are what should happen when Conditions are true (for example, process the event, delete the event, or send an e-mail notification, etc.).

Duplicate event rule elements

  • You can choose to evaluate All Events or only Selected Events.
  • You can select which Field Names to evaluate that may be in-common between events.
  • You can specify the period of time for which duplicate events are to be suppressed after the first occurrence.

Rule examples

Company ABC has many support groups. Each group is responsible for supporting different critical applications within the company. Whenever a critical application goes down, the group responsible wants to know immediately. Through Fault Analytics rules processing, sending a notification to the responsible group can be easily accomplished.

  1. Define e-mail distribution lists for each group. Provide a distribution list name and add the e-mail addresses of those responsible in the group.
  2. Define an e-mail template. One of the existing templates can be used or edited to better suit specific needs, or a new template can be created.
  3. Define rules to e-mail distribution lists. Create a new event rule by typing the rule information, which includes the name, the event condition criteria, and action to take for the different situations. For example:

"If ProgramName equals PROG1 then send e-mail to distribution list GROUP1 using template GROUP1_TEMPLATE", or "If SystemID equals SYS2, then send e-mail to distribution list GROUP2 using template GROUP2_TEMPLATE"

Once completed, events automatically take the appropriate action based on the defined rule action if the condition criteria are met. From the example above, an e-mail can be sent to GROUP1 if the event program name is PROG1, or an e-mail can be sent to GROUP2, if the event occurs on system SYS2.

This section provides information about the following topics:


Related topics

Create a New Rule

Edit a Rule

Copy a Rule

Delete a Rule

Test a Rule

Activate or Deactivate a Rule

Change Rule Order

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*