Event Correlation and Policy Handling
Version
This requires opEvents-4.3.3 or later.
opEvents supports automatically correlating events with any node, interface or service configured under an Enterprise Service. This is an optional feature which must be enabled.
Once the feature is enabled, an additional check is done on all incoming events to see if the node, interface or service the event is for is also attached to an Enterprise Service. If a corresponding Enterprise Service is found, the event is marked accordingly.
Enable Correlation
Add the following config to opCommon.json
"opevents_enterprise_service_correlation": "true"
Restart the 'opeventsd' daemon: systemctl restart opeventsd
Event Actions
Once the feature has been enabled, the following event properties can be referenced from an Event Action policy:
"enterprise_service_correlation": "true", "enterprise_service_related": []
This example policy rule sets the priority = 4 if the event has been correlated to any Enterprise Service:
{
"BREAK" : "false",
"IF" : "event.enterprise_service_correlation eq 'true'",
"THEN" : "priority(4)"
},
See Event Actions for more information on creating policies.