Configuring event pattern processing
Configure how patterns are derived from related events using this example-driven wizard panel.
Before you begin
- If there are no additional event types (see step 2) then all events in the Historical Event Database that match the configuration filter and date criteria in your analytics configuration are considered when looking for groups. The Default event identity field(s), specified in step 1, are used to pinpoint individual events. The Default event type field is used for the event type of the discovered related events, and is used to determine the event pattern.
- If there is one additional event type (see step 2) then all events that match the filter of that additional event type in the
Historical Event Database (and also match the filter and date criteria in your
analytics configuration) are considered first when looking for groups. The Event
identity field(s) of this additional event type are used to pinpoint individual events.
The Event type field of this additional event type is used for the event type
of the discovered related events. All other records in the Historical Event Database (that is, those
record that do not match the filter of the additional event type but which do match the filter and date criteria in your
analytics configuration) are processed using the Default event identity
field(s) and Default event type field, specified in item 1.
Note: The additional event type takes precedence over the default settings. Events which match the filter of the additional event type are processed first and then the remainder are processed using the default fields.
- If there is more than one additional event type then they are processed in order; that is, events that match the filter for the first additional event type are processed first, then the second, and so on. All remaining events that do not qualify for any additional event type filters are processed using the default fields. The order of additional types can be configured using this wizard.
About this task
An event pattern is a set of events that typically occur in sequence on a network resource. For example, on a London router LON-ROUTER-1, the following sequence of events might frequently occur: FAN-FAILURE, POWER®-SUPPLY-FAILURE, DEVICE-FAILURE, indicating that the router fan needs to be changed. Using the related event group feature, Event Analytics will discover this sequence of events as a related event group on LON-ROUTER-1.
Using the event pattern feature, Event Analytics can then detect this related event group on any network resource. In the previous example, the related event group FAN-FAILURE, POWER-SUPPLY-FAILURE, DEVICE-FAILURE detected on the London router LON-ROUTER-1 can be stored as a pattern and that pattern can be detected on any other network resource, for example, on a router in Dallas, DAL-ROUTER-5.
DL Oct 2019 RTC 69237 and 69238