Referencing system counters in Alert Formulas

Each Alert Formula consists of your selected name and value. The value contains references to any of the various counters on the system. Each counter is referenced using the notation $type/uid, where the type is thread, trigger, or system. The uid portion of the reference depends upon the type, as follows:

• $thread/uid—You can refer to any thread counter by specifying the keyword $thread/ and appending the Thread > UID for the thread. 
  The uid is the unique identifier for the thread (not the thread name), and is available only from the Audit hyperlink for the Correlation Threads screen.

  The uid is a 12 or more digit integer number, possibly with leading zeros. The value identifies the thread uniquely and never changes.

  Information

  Example

  The value of $thread/000000114915 corresponds to the thread with the unique identifier 000000114915 on the system, as shown by the Audit hyperlink at the bottom of the Correlation > Threads screen.

• $trigger/trigName—You can refer to any trigger counter by specifying the keyword $trigger/ and appending the name of the trigger. 

  InformationThe value $trigger/coldstart represents the number of match counts for the ColdStart trigger.If the ColdStart trigger is not found, the value substituted in the formula is zero.

• $system/ctrName—In addition to the preceding counters, you can refer to one of the system counters:

  • $system/messages, a count of all messages received
  • $system/actions, a count of all actions launched
  • $system/triggers, a count of all triggers matched

  Warning

  Important

  All of the references are case insensitive.

  It is not relevant as to whether the preceding values refer the History or the Current counters, because the alert facility always operates on the difference (delta) values of the counters.