Example: Adding to event information through enrichment

You can add to event data using the enrich action in the event policy. Adding information to specific events can help inform your teams about the problem more accurately.

About this task

For example, you might have a monitoring tool that sends a short summary included in the event data. The summary might be a basic note about the problem which does not carry enough detail to make it clear what the issue is. Using the enrich action, you can add more detail to the summary, making it more helpful in understanding the issue at a glance.

A possible example is when critical warnings about high bandwidth utilization only include a short summary stating "band util critical". Using the enrich action, you can set up an event policy that adds information to the summary to make it more meaningful.

Procedure

  1. Click Policies on the IBM® Cloud App Management Administration page.
  2. Click Create event policy.
  3. Go to Details and enter a name in Policy name, for example, Bandwidth warnings: Make summary more informative. You can also add an explanation of the policy in Description to help you and others understand the purpose of the policy, for example, Update summary for high bandwidth utilization events to make them more meaningful. Apply to critical or more severe warnings.
  4. Click Specify conditions in Events, and set the following conditions:
    1. Set Condition 1 as follows: select Event Type from the list of attributes, select is from the list of operators, and enter the identifier for the type of event in the field: BAND_UTIL.
      Note: This is an example. The attribute values depend on your event source. When creating similar policies, check the values from your events to ensure you set the correct value.
    2. Ensure you have AND set and click Add condition.
    3. Set Condition 2 as follows: select Severity from the list of attributes, select Is from the list of operators, and select Critical.
  5. Optional: When selecting Specify conditions, you can check to see how many events would have matched the conditions you set. Go to the end of the Events section, select the number of days between 1 and 30, and click Test. The result shows how many events would have matched the policy conditions.
    Click Show results to view a list of all the events that would have matched the conditions in the set time. Click New test to change the time frame for testing, or if you changed conditions and want to check again for matching events.
    Note: If your event policy enriches fields used by the conditions of your policy, you might not find any matching events after the policy is enabled and applied.
  6. Select the Enrich check box in Action, and expand the section.
  7. Select Summary from the list of attributes, and enter the following text in the field to update the summary with: Bandwidth utilization for the interface is critically high. Application response times may be affected. Ensure you have Append to field selected.
  8. Set Enable to On to start using the policy. The policy might take up to 30 seconds to become active and its settings to take effect.
  9. Click Save.

Results

When events match the set conditions, the summary for such events is updated with the text provided. In this example, the text is added after the existing summary description. You can also select to add it before the description that arrives with the event, or overwrite the summary entirely with the description you specify.