You can add to event data using the enrich action in the event policy. Adding information
to specific events can help inform your teams about the problem more accurately.
About this task
For example, you might have a monitoring tool that sends a short summary included in the event
data. The summary might be a basic note about the problem which does not carry enough detail to make
it clear what the issue is. Using the enrich action, you can add more detail to the summary, making
it more helpful in understanding the issue at a glance.
A possible example is when critical warnings about high bandwidth utilization only include a
short summary stating "band util critical". Using the enrich action, you can set up
an event policy that adds information to the summary to make it more meaningful.
Procedure
-
Click Policies on the IBM® Cloud App
Management
Administration page.
-
Click Create event policy.
-
Go to Details and enter a name in Policy name,
for example,
Bandwidth warnings: Make summary more informative
. You can also add an
explanation of the policy in Description to help you and others understand
the purpose of the policy, for example, Update summary for high bandwidth utilization
events to make them more meaningful. Apply to critical or more severe warnings.
-
Click Specify conditions in Events, and set the
following conditions:
-
Set Condition 1 as follows: select Event Type
from the list of attributes, select is from the list of operators, and enter
the identifier for the type of event in the field: BAND_UTIL.
Note: This is an example. The attribute values depend on your event
source. When creating similar policies, check the values from your events to ensure you set the
correct value.
-
Ensure you have AND set and click Add
condition.
-
Set Condition 2 as follows: select Severity from
the list of attributes, select Is from the list of operators, and select
Critical.
- Optional:
When selecting Specify conditions, you can check to see how many events
would have matched the conditions you set. Go to the end of the Events
section, select the number of days between 1 and 30, and click Test. The
result shows how many events would have matched the policy conditions.
Click
Show results to view a list of all the events that would have matched the
conditions in the set time. Click New test to change the time frame for
testing, or if you changed conditions and want to check again for matching events.
Note: If your event policy enriches fields used by the conditions of your policy, you might not find
any matching events after the policy is enabled and applied.
-
Select the Enrich check box in Action, and expand
the section.
-
Select Summary from the list of attributes, and enter the following text
in the field to update the summary with: Bandwidth utilization for the interface is
critically high. Application response times may be affected. Ensure you have
Append to field selected.
-
Set Enable to On to start
using the policy. The policy might take up to 30 seconds to become active and its settings to take
effect.
-
Click Save.
Results
When events match the set conditions, the summary for such events is updated with the text
provided. In this example, the text is added after the existing summary description. You can also
select to add it before the description that arrives with the event, or overwrite the summary
entirely with the description you specify.