You can customize Temporal Pattern policies by adding or editing conditions in the policy
and the actions that are triggered.
Before you begin
You must first disable automatic updates before you can edit a policy. For more information,
see Disabling automatic updates.
About this task
Condition sets in a policy are run on an else, if basis. Meaning, the actions associated
with a set of conditions are run when those conditions are met. If the conditions are not met, the
business logic that is defined in the next condition set is applied.
Color coding is used in conditions to identify strings (pink), values of (blue), and
enumerated values (turquoise). As illustrated in the following example:
Procedure
In the
main navigation menu, select Automations, and click
Policies.
Configuring temporal pattern policies
Filter the table to display temporal pattern policies only. For more information, see
Filtering policies.
You must first disable automatic updates before you can edit a policy. In the table row of the
policy that you want to edit, click the menu overflow icon , and select
Edit.
The Edit policy window displays the Policy details,
conditions, and associated actions.
The Customize policy section is where you configure what conditions the
alerts must meet before the actions are applied to them.
The first condition in each condition set is determined by the temporal pattern analytics. You
cannot change the Property, Operator, or Matches of the first condition in each condition set. You
can change the Value.
By setting a Value field to the value of another property, you can
compare the value of one alert property to one or more other alert properties.
To define a new condition, click Add condition.
In the fields provided, select the Property,
Operator, Matches, and Value
for the new condition.
In the following example, a condition is added so that the
policy applies only to alerts that have a prefix of either Error or Warning in their
summary field.
Click Add condition.
From the Property drop-down list, select alert.summary. You can
type sum and the system displays all alert properties that contain the text
sum in the property drop-down list, which in this case is only
alert.summary.
From the Operator drop-down list, select
Contains.
From the Matches drop-down list, select any of.
In the values field, type Error and then click
String: Error in the pop-up window. In the same field, type
Warning and click String:
Warning.
Note: Multiple conditions are joined by the AND operator, which means that alerts are matched only
if all of the individual conditions are true. To remove a condition, click
Delete.
To add more condition sets to a policy, click Add set of
conditions. Alternatively, to copy and paste an existing condition set click
Copy condition set.
Tip: Use the sidebar to browse a policy's condition sets and actions.
Specify the actions that are triggered. From the drop-down list, select the alert
properties to use as the correlation key.
You can also start typing in the alert
properties field to display properties that match your text. For example, try typing name,
node, or sev and see what options are provided.
Multiple properties can
be selected as correlation keys. You can also concatenate alert properties with
strings.
Note: Policies must be enabled or disabled only in the main Policy
window. Do not set the policy to on or off in the Edit policy
window.
Save the temporal pattern policy.
Configuring seasonal policies
Filter the table to display seasonal policies only. For more information, see Filtering policies.
You must first disable automatic updates before you can edit a policy. In the table row of the
seasonal policy that you want to edit, click the menu overflow icon and select
Edit.
The Edit policy window displays the Policy details,
conditions, and associated actions.
In the Policy details section, after first disabling the automatic
updates for a seasonal policy, administrators can suppress or unsuppress events and set values to
enrich events for seasonal policies. If the event does not occur in the time window, then the
administrator can create an action and set the additional property
fields.
Note: When
creating a seasonal anomaly action, complete all fields. If empty fields are used when editing the
policy, seasonal anomaly action events are not created.
Note: You can also edit a policy from Alert viewer page. To edit a policy,
click Edit Policy. For more information, see step 4 in Displaying alert seasonality
Save the seasonal policy.
Results
It can take up to 60 seconds to fully propagate the updates across Netcool
Operations Insight analytics after
your policy changes are saved.