...
The configuration file EventRules.nmis
can contain any number of user-defined event synthesis and suppression directives given in a simple, almost self-explanatory format.
...
- a rule
name
, which is for display purposes only when suppression is concerned, - a list of
events
(more precisely, their names), which are the events to consider for suppression, - an optional list of
groupby
clauses, which define whether thresholds are to be interpreted globally for all named events, or separately within smaller groups, - a
window
parameter, which defines the time window to examine, - and a
suppress
clause with a min and/or a max occurrence parameter.
Note that this configuration file can also contain rules for Event Synthesis, which differ just slightly (they have a count
parameter and no suppress
clause).
Here is an example rule:
Code Block | ||
---|---|---|
| ||
'5' => { name=>"suppressing repeats", # name not relevant for suppression events=>['Node Configuration Change'], groupby=>['node.node'], window=>120, suppress=>{min=>2, max=>8}, }, |
...