Alert formula counter names
These values identify the Alert Formula counter names that can be combined with math operators to create formulas that are subsequently alarmed via the Alerts screen. Its counter value substitutes each counter name as part of the evaluation of the formula.
Math operators include (+) ,( -), (*), (/), as well as selected functions such as the log10(), log(), exp(), and sqrt(), and other function supported by the standard C-math library. When necessary, parentheses should be used to specify the order of mathematical precedence.
Formulas can combine various counters, creating a single result that is subsequently alarmed. One important application of alert formulas is to permit you to assign weights to specific counters, such as in the following expression:
($severity/critical * 1) + ($severity/alert * 2) + $severity/emergency * 3)
The preceding formula returns a specific metric based upon the severity of messages of critical and higher, received during a user-specified time interval.
$system/messages | This counter name gets substituted with the total number of messages received since the BMC Defender Server system started. This value corresponds to the message count appearing on the Reports > Dashboard screen. |
$system/actions | This counter name gets substituted with the total number of actions executed since the BMC Defender Server system started. This value corresponds to the total of all counters appearing on the Correlation > Actions screen. |
$system/triggers | This counter name gets substituted with the total number of triggers that have been set since the BMC Defender Server system started. This value corresponds to the total of counters appearing on the Correlation > Triggers screen. |
$address/(ipaddr) | This counter name gets substituted with the total number of messages from the specified IP address since the BMC Defender Server system started. For instance, the name $address/10.1.2.1 is substituted with the total number of messages received from the 10.1.2.1 address. The value corresponds to the count for the IP address appearing on the Messages > Devices screen. |
$facility/(facname) | This counter name gets substituted with the total number of messages with the specified facility name since the BMC Defender Server system started. For instance, the name $facility/audit gets substituted with the total number of messages received with the audit facility specified. The value corresponds to the count for the facility appearing on the Messages > Facilities screen. The value of (facname) must be an official facility name or a user-defined facility. |
$severity/(sevname) | This counter name gets substituted with the total number of messages with the specified severity name since the BMC Defender Server system started. For instance, the name $severity/info gets substituted with the total number of messages received with a severity of info. The value corresponds to the count for the severity appearing on the Messages > Severities screen. The value of (sevname) must be an official severity name. |
$trigger/(trigname) | This counter name gets substituted with the total number of messages that have set the specified trigger name since the BMC Defender Server system started. For instance, the name $trigger/anymsg is substituted with the total number of messages received that have triggered the AnyMsg trigger. The value corresponds to the count for the specified trigger appearing on the Correlation > Triggers screen. The value of (trigname) must be an official trigger name. |
$thread/(threaduid) | This counter name gets substituted with the total number of messages that have been logged for the specified thread since the BMC Defender Server system started. The value of (threaduid) must be the numeric ID for the thread, viewable via the Audit link at the bottom of the Correlation > Threads screen, or available via the View Thread References hyperlink on the Alert Formula Edit screen. For instance, the name $thread/000000010010 is substituted with the total number of messages logged for the thread with UID 000000010010. The value corresponds to the count for the specified thread appearing on the Correlation >Threads screen. |
Related topic