...
The configuration of this feature is done in EventRules.nmis which is found in /usr/local/omk/conf. Here is an example of event summarization based on location. Something to consider is that synthetic events should be matched pairs that have an outage and recovery relationship.
Code Block | ||||
---|---|---|---|---|
| ||||
%hash = ( 'rules' => { '1' => { name => 'Location Outage', events => ["Node Down","Service Down","SNMP Down"], window => 30, inhibit => 30, count => 5, groupby => ['node.location'], # this time count location \cross group independently enrich => {priority=>8, stateful => "Location Outage", state => "down"}, copy_first => [ qr// ], #delayedaction => 70, # optional action delay delay, set for the underlying events autoacknowledge => 1, }, '2' => { name => 'Location Up', events => ["Node Up","Service Up","SNMP Up"], window => 30, inhibit => 30, count => 5, groupby => ['node.location'], # this time count location \cross group independently enrich => {priority=>2, stateful => "Location Outage", state => "up"}, #delayedaction => 70, # optional action delay delay, set for the underlying events copy_first => [ qr// ], autoacknowledge => 1, }, |
...