...
This event correlation and synthesis feature is configured in the same way as the duplicate suppression, namely by putting event creation rules into conf/EventRules.nmis.
An event creation synthesis rule consists of:
- an event
name, which specifies the name of the newly created event, - a list of
events(more precisely, their names), which are the events to consider for correlation, - a (minimum)
countof events that have to be detected to trigger the rule, - an optional list of
groupbyclauses, which define whether the count is interpreted globally for all named events, or separately within smaller groups, - optional
delayedactionandenrichclauses, which adjust the handling of the newly created event, - and finally a
windowparameter, which defines the time window to examine.
...
| Code Block | ||
|---|---|---|
| ||
'3' => {
name => 'Customer Outage',
events => ["Node Down","SNMP Down"],
window => '60',
count=> 5,
groupby=>['node.customer'], # count separately for every observed value of groupcustomer
enrich=>{priority => 3, answer => 42}, # any such items gets inserted in the new event
}, |
...