Adding event-based rules in a custom alert profile
Event-based rules are a set of conditions that you can configure. When the conditions are satisfied, an alert is generated.
- To add basic event-based rules,when you create a custom alert profile, click+underEvent-Based Rules.
- In theCreate Rulewizard, enter a name and description for the rule.
- Set the alert severity.
- Select an event type and the corresponding event name and pressNext.
- Use logical operators and add values to create conditions based on the event type, event name, the event attributes that the system supports.
- Optionally, add a recommended action that the administrator must take when an alert is generated.
- Review the summary and save the rule.
- To add advanced event-based rules,after Step 5 of adding the basic event-based rules, selectAdvanced Settings.
- In theGroup Byfield, type and select an event attribute by which you want to group the events.
- In theUniquefield, type and select an event attribute by which you want to filter unique entries after grouping the events.
- Enter theThresholdvalues. For example,6events in2minutes.
- PressNextand continue Step 6 onward to add the rule.
System internally handles event-based alerts based on the event-alert relationship. Event-based alerts have three types of relationships:
- One to one- Where there is an alert raised for each event of a particular type or criteria.
- Many- This relationship is based on theGroup Byattribute of incoming events. If the count exceeds the threshold that you set in the given time span then an alert is raised.
- Many to one- This relationship is similar to the earlier one with a slight difference on the threshold count. The threshold count is not based on theGroup Byattribute rather on theUniqueoccurrences of an attribute inGroup By.