...
- a rule
name
, which is for display purposes only when suppression is concerned, - a list of
events
(more precisely, their names), which are the events to consider for suppression, - an optional list of
groupby
clauses, which define whether thresholds are to be interpreted globally for all named events, or separately within smaller groups, - a
window
parameter, which defines the time window to examine, - optional
delayedaction
andautoacknowledge
parameters (in opEvents 2.0.4 and newer), - and a
suppress
clause with a min and/or a max occurrence parameter.
...
All named events that are listed in a suppression rule and which have occurred in the preceding window
seconds are checked and counted together. Listing multiple events in one rule will lump them together as far as the occurrence counting is concerned. These recent events will then be apportioned to groups if groupby
is used, and then the event count is compared to the min/max occurrence parameters. If the count is above min
and below max
, then the new event is marked as a duplicate (of the oldest event that was counted) and has its action_requiredchecked
property set to 0 1 which prevents any event actions like escalations future policy actions (e.g. escalations) from being executed; the event is nevertheless shown in the opEvents GUI.
If the suppression clause contains no min
parameter, then a minimum of 1 is assumed. If no max
is present, then infinity is used. Both min
and max
include the current event, so a min
of 2 will suppress the first and further repeats.
Delaying and Closing of Trigger Events
In opEvents 2.0.4 and newer, suppression rules can optionally specify a number for the delayedaction
property, to delay all policy action processing for potential trigger events. If the criteria for suppression are met within the delay period, then all action processing will be aborted and skipped for these suppressed events. If the autoacknowledge
property is also set, then the suppression includes not just aborting action processing but also marking the event as acknowledged.
Grouping
If no groupby
clause is present, then the set of matching events is counted directly, which may be too generic for many common scenarios. For example suppressing events for a particular customer or service group wouldn't be possible. Grouping solves this problem: the set is split into groups with matching property values and the thresholds are applied to those groups.
...