The Default Event Attributes page enables you to indicate default settings for all events generated by the policy.
These defaults affect all new and existing rules. You can override the defaults in individual rules if needed. If a rule contains empty event attributes, the agent will use the defaults for the new event.
In the BSM Connector user interface, click in the toolbar. Then click Event >
XML File.
Alternatively, double-click an existing policy to edit it.
Click Defaults to open the Default Event Attributes page.
This task describes how to configure default settings for all events generated by the policy.
Click Event Attributes to define default event attributes, such as severity and category.
Tip: After loading the indicators from the connected OMi server, the Indicators tab shows a hierarchy of configuration item types.
To insert an indicator, drag the indicator with its state from the Indicators tab to the policy.
Click Event Correlation to set the type of duplicate event suppression and define the method used to suppress duplicate events.
Click Custom Attributes to add additional information to all events generated by this policy. For example, you might add a company name, contact information, or a city location to an event.
Click Advanced to define default advanced attributes such as legacy HPOM attributes and agent
settings.Optional. Use the Sample Data tab to drag XML properties (XML elements and attributes) and values to the attribute boxes. Alternatively, you can type the path to the XML property or value directly into the attribute box.
XML properties use the following syntax: <$DATA:/<XMLProperty>
>
<XMLProperty>
is the path from the root XML element of XML data to a specific XML element or attribute within that data. XML path uses slashes (/) as the path delimiters.
BSM Connector replaces the XML property at runtime with the value of the specified XML element or attribute. If you insert an XML value, the value will be used.
Note: The Sample Data tab is empty if no sample data is loaded into
Optional. Use the Mappings tab to add mapping definitions to the attribute boxes.
Mappings are custom variables that you define in the mappings tab (see also Configuring Event Defaults in XML File Policies). The default name of the mapping variable is map<XMLProperty>
, for example mapSeverity
.
Alternatively, type the custom variable into the attribute box using the following syntax:
Map Name list contains the map name of the variable: map<XMLProperty>
, for example mapSeverity
.
Input Data Property list item: <$DATA:/<XMLTag>/<XMLProperty>>
For example, the custom variable mapSeverity
has the following input data property: <$DATA:/PerformanceAlert/Severity>
where Severity
is a child element of PerformanceAlert
.
Optional. Use the Indicators tab to add indicators to the source or target value fields. After loading the indicators from the connected OMi server, the Indicators tab shows a hierarchy of configuration item types
Optional. In the Policy Variables tab, add policy variables to
HP recommends to surround variables with quotation marks, for example "<$MSG_NODE>"
or "<$MSG_GEN_NODE>"
, at least for those variables whose values can contain space characters.
Description |
|
---|---|
Title |
Brief description of the nature of the event. |
Description |
Detailed description of the event. |
Severity |
Severity assigned to the event. |
Date and time when the event was created. Use the following conventions when specifying the date and time attribute:
If you leave the attribute empty or if none of the time formats above can be matched, then the date and time when the agent created the event appears in OMi. This time always appears using the time zone of the agent at creation time (for example, 11:30 (CET/winter). This means that this time always appears in this fixed time zone. |
|
Category |
Name of the logical group to which the event belongs (for example, Database, Security, or Network). The event category is similar in concept to the HP Operations Manager message group. |
Subcategory |
Name of the logical subgroup (category) to which the event belongs (for example, Oracle (database), Accounts (security), or Routers (network)). |
ETI |
Contains the event type indicator (ETI) resolution hint, which OMi uses to associate the event with an ETI and for event correlation. Use the format |
Node |
Name of the system where the event occurred (for example, node.example.com). |
Related CI |
Contains the CI that is related to the metric (for example, oraclesid01@@node.example.com or C:@@server.example.com). Use the format ![]() It is necessary to differentiate between CIs that have a Composition relationship to a node, and those that do not have such a relationship:
For more information about CI resolution in OMi, see the OMi User guide or online help. |
Sub Component |
Information used to identify a subcomponent of a CI. This CI subcomponent is used to calculate an aggregated status within OMi's Service Health for selected CIs. If an HI is populated by events from multiple components, you can specify a component name in this field in order to ensure the correct calculation of the HI state. For example, if you have a Computer CI with two CPUs, |
Source CI |
Contains the source related CI. For example, type the name and instance of the third-party system that provides events (for example, NNMi@@mgmt1.example.com or SCOM@@mgmt2.example.com). If you enter a source related CI, OMi tries to find the corresponding CI in the RTSM. |
Source Event ID |
ID of the event in the third-party system. This ID is required for synchronization of event changes with the source event. It also enables drilldown into the third-party system in the Event Browser in OMi. Tip: The file that the policy reads usually contains the source event ID. If you are working with sample data, you can drag the source event ID from the Sample Data tab and add it to the source event ID field. |
Send with closed status |
Sets the event's lifecycle status to Closed before sending it to OMi. Possible values: yes = Sets lifecycle status to Closed. no = Does not set the lifecycle status to Closed. Default value: empty (= no) Tip: Click |
Description |
|
---|---|
Event Key | An identifier used to identify duplicates and for Close Events with Key. |
Close Events with Key |
If events with the event key that you type here exist in the OMi event database when this event is received, these events are automatically closed. You can use pattern matching and variables to match multiple event keys. For example, consider the following pattern:
This pattern is evaluated by first replacing the variables with the values that they resolve to, for example:
This pattern is then compared using pattern matching rule against the event keys for all events in the OMi event database. Any key that you provide in the policy is treated as a simplified OM pattern in OMi. Therefore a plain string is treated as a substring and not as a complete match. The key in our example will match: critical:cabbage.example.com:TEST critical:cabbage.example.com:TEST1 critical:cabbage.example.com:TEST2A and so on. To ensure that that the key matches only exact values, enclose the attribute value in an OM Pattern Expression, starting with ^ (start of line) and ending with $ (end of line), for example: ^critical:cabbage.example.com:TEST$ Note: An HP Operations Manager i Event Management Foundation License is required to enable the Close Events with Key feature in OMi. |
Suppress Deduplication on Server | Stops automatic discarding of new events that are duplicates of existing events. |
Event Suppression | |
Suppress events which are |
|
Suppression Method |
For event correlation, you can define one of three correlation methods:
|
Time Interval |
Time interval during which duplicate events are ignored. |
Suppress for no longer than |
Time interval after which duplicate events are no longer ignored. |
Description |
|
---|---|
![]() |
Create New Custom Attribute: Creates a new custom attribute. |
![]() |
Delete Custom Attribute: Deletes an existing custom attribute. |
Name |
The name of the custom attribute. The name is case-insensitive. Custom attributes are additional attributes that contain any information that is meaningful to you. For example, you might add a company name, contact information, or a city location to an event. You can have more than one custom attribute attached to a single event. The following custom attribute names cannot be used because they are reserved for internal use:
|
Value |
Value of the custom attribute. |
Description |
|
---|---|
Event Drilldown | |
Event Drilldown URL |
URL of the event in Event drilldown information enables OMi users to launch the user interface of the third-party system in the context of an event. Tip: To drill down to a specific event in the third-party system, add the source event ID to the URL. Note: This event attribute can also be set by OMi based on a BSM Connector integration server configuration. If a policy and an integration server configuration both set this attribute, the information in the policy takes precedence. |
OM Attributes | |
Application |
Application that caused the event to occur. Unlike the Related CI attribute, which is a direct relationship to a CI in the RTSM, the application attribute is a simple string-type attribute (for example, Oracle and OS). |
Object |
Device such as a computer, printer, or modem. Unlike the Related CI attribute, which is a direct relationship to a CI in the RTSM, the object attribute is a simple string-type attribute (for example, |
Type |
String used to organize different types of events within an event category or subcategory (for example, users or applications, accounts and security). The attribute is automatically set to |
HPOM Service ID |
ID of the service associated with the event. A service ID is a unique identifier for a service and can be used in OMi to identify the node and CI associated with the event. |
Agent MSI |
The message stream interface (MSI) allows external applications to interact with the internal event flow of HP Operations Agent. The external application can be a read-write application, for example, an event processing program that can read events, modify attributes, and generate new events for retransmission to the server. The application could also read events, or send its own events. |
Divert events | If Agent MSI is enabled, diverts an event to the MSI instead of to the server when an event is requested by an external application. |
Copy events | If Agent MSI is enabled, sends the event to the server, and a copy of the event to the MSI. |
Description |
|
---|---|
![]() |
Refresh. Loads the configured indicators from the Note:
|
<Search …> |
Entered search string is used to search the indicators and highlight only the indicators containing the specified string. To search for indicators with specific text strings in the name, type the string in the <Search …> field and click the |
<Indicators> |
Hierarchy of configuration item types with associated health indicators (HIs), which are applicable for the event integration only, and event type indicators (ETIs). To insert an indicator with a state in a policy, drag and drop the indicator from the Indicators tab to the relevant field in the policy. |