Editing policies

You can customize Temporal Pattern policies by adding or editing conditions in the policy and the actions that are triggered.

About this task

Condition sets in a policy are executed on an else, if basis. Meaning, the actions associated with a set of conditions are executed when those condition are met. If the conditions are not met, the business logic defined in the next condition set is applied.

Color coding is used in conditions to identify strings (pink), values of (blue), and enumerated values (turquoise). As illustrated in the following example:

1. In the main navigation menu, select Automations and click Policies.
2. Filter the table to display temporal pattern policies only. For more information, see Filtering policies.
3. In the table row of the policy that you want to edit, click the menu overflow icon and select Edit.
   • The Edit policy window displays the Policy details, conditions, and associated actions. Here you can rename the policy or add a description.
   • The Customise policy section is where you configure what conditions the events have to meet before the actions are applied to them.
   • The first condition in each condition set is determined by the temporal pattern analytics. You cannot change the Property, Operator, or Matches of the first condition in each condition set. You can change the Value.
   • Setting a Value field to the value of another property allows you to compare the value of one alert property to one or more other alert properties.
4. To define a new condition, click Add condition.
5. In the fields provided, select the Property, Operator, Matches, and Value for the new condition.
   In the following example, a condition is added so that the policy applies only to events that have a prefix of either Error or Warning in their Summary field.
   1. Click Add condition.
   2. From the Property drop-down list, select alert.summary. You can type sum and the system will show in the property drop-down list all event properties that contain the text sum, which in this case is only alert.summary.
      Note: For information on how the event properties map to ObjectServer alerts.status fields, see Mapping of Policies GUI event properties to ObjectServer fields.
   3. From the Operator drop-down list, select Contains.
   4. From the Matches drop-down list, select any of.
   5. In the Values field, type Error and then click String: Error in the pop-up. In the same field, type Warning and click String: Warning.
   Note: Multiple conditions are joined by the AND operator, which means that events will be matched only if all of the individual conditions are true. To remove a condition, click Delete.
6. To add additional condition sets to a policy, click Add set of conditions. Alternatively, to copy and paste an existing condition set click Copy condition set.
   Tip: Use the sidebar to navigate a policy's condition sets and actions.
7. Specify the actions that are triggered. From the drop-down list, select the event properties to use as the correlation key.
   You can also start typing in the event properties field to display properties that match your text. For example, try typing name, node, or sev and see what options are provided.
   Multiple properties can be selected as correlation keys. You can also concatenate event properties with strings.
8. Note: Policies must be enabled or disabled only in the main Policy window. Do not set the policy to on or off in the Edit policy window.
   Save the policy.