Adding event-based rules in a custom alert profile

Event-based rules are a set of conditions that you can configure. When the conditions are satisfied, an alert is generated.
  1. To add basic event-based rules,
    when you create a custom alert profile, click
    +
    under
    Event-Based Rules
    .
  2. In the
    Create Rule
    wizard, enter a name and description for the rule.
  3. Set the alert severity.
  4. Select an event type and the corresponding event name and press
    Next
    .
  5. Use logical operators and add values to create conditions based on the event type, event name, the event attributes that the system supports.
  6. Optionally, add a recommended action that the administrator must take when an alert is generated.
  7. Review the summary and save the rule.
  8. To add advanced event-based rules,
    after Step 5 of adding the basic event-based rules, select
    Advanced Settings
    .
  9. In the
    Group By
    field, type and select an event attribute by which you want to group the events.
  10. In the
    Unique
    field, type and select an event attribute by which you want to filter unique entries after grouping the events.
  11. Enter the
    Threshold
    values. For example,
    6
    events in
    2
    minutes.
  12. Press
    Next
    and continue Step 6 onward to add the rule.
System internally handles event-based alerts based on the event-alert relationship. Event-based alerts have three types of relationships:
  • One to one
    - Where there is an alert raised for each event of a particular type or criteria.
  • Many
    - This relationship is based on the
    Group By
    attribute of incoming events. If the count exceeds the threshold that you set in the given time span then an alert is raised.
  • Many to one
    - This relationship is similar to the earlier one with a slight difference on the threshold count. The threshold count is not based on the
    Group By
    attribute rather on the
    Unique
    occurrences of an attribute in
    Group By
    .