Attribute mapping between event management and Humio
Learn about the relationship between Netcool® Operations Insight® attributes and incoming Humio event fields.
Event Attributes | Humio Placeholders | Incoming Humio Event Fields | Examples in payload |
---|---|---|---|
resource.name |
events.name |
"anacron", "systemd". Syslog programname |
|
resource.hostname |
events.host |
"ubuntu18-dev11" If invalid format, set to "unknown resource" |
|
resource.ipaddress |
events.host |
If events.host is a valid IP address, then set to
resource.ipaddress |
|
resource.type |
Server, if syslogtag is not empty. |
||
resource.sourceId |
events.pid |
24719 | |
resource.service |
events.facility |
"cron", "daemon" | |
type.eventType |
{alert_name} |
alert.name |
"RSyslog Event" |
type.statusOrThreshold |
{query_string} |
alert.query.queryString |
#type=syslog-utc | severity!=info |
summary |
events.message |
|
|
severity |
events.severity |
If the severity is not defined in the Humio alert description field, Netcool Operations Insight sets the severity according to the Syslogd Probe default rules file. For more information, see Syslogd Prob. |
|
timestamp |
events.@timestamp |
1595227508103 | |
urls.url |
{url} |
linkURL |
|
urls.description |
URL to open Humio with the alert’s query |
||
sender.name |
"Humio" |
||
sender.type |
"Humio" |
||
sender.service |
events.name |
||
details.event |
JSON.stringing (events) |
Stringify each event in events for the related event. | |
details.alert |
JSON.stringing (alert) |
Exclude the events. |