...
This event correlation and synthesis feature is configured in the same way as the duplicate suppression, namely by putting event creation rules into conf/EventRules.nmis
.
An event creation synthesis rule consists of:
- an event
name
, which specifies the name of the newly created event, - a list of
events
(more precisely, their names), which are the events to consider for correlation, - a (minimum)
count
of events that have to be detected to trigger the rule, - an optional list of
groupby
clauses, which define whether the count is interpreted globally for all named events, or separately within smaller groups, - optional
delayedaction
andÂenrich
clauses, which adjust the handling of the newly created event, - and finally a
window
parameter, which defines the time window to examine.
...
Code Block | ||
---|---|---|
| ||
'3' => { name => 'Customer Outage', events => ["Node Down","SNMP Down"], window => '60', count=> 5, groupby=>['node.customer'], # count separately for every observed value of groupcustomer enrich=>{priority => 3, answer => 42}, # any such items gets inserted in the new event }, |
...