Event

Regardless of how the events make their way to the instance, Event Management insists that each one be sent using the same format.

Event Form


Fields

Description

Populated By

Time Of Event

The Time that the event occurred.

Event

Source

Event monitoring software that generated the event.

External event monitoring tool.

Description

Reason for event generation.

External event monitoring tool.

Node

Node name, fully qualified domain name (FQDN), IP address, or MAC address that is associated with the event, such as IBM-ASSET.

External event monitoring tool.

Type

The metric type to which the event is related, such as Disk or CPU.

External event monitoring tool.

Alert Status

Status of the alert it will be Down, Down escalation repeat, or Ok.

External event monitoring tool.

Status

Current processing state of the event:

Ready: Event has been received and is waiting to be processed.

Processed: Event was successfully processed.

Event.

Severity

The options are typically interpreted as follows: Critical: Immediate action is required. The resource is either not functional or critical problems are imminent.

Major: Major functionality is severely impaired, or performance has degraded.

Minor: Partial, non-critical loss of functionality or performance degradation occurred.

Warning: Attention is required, even though the resource is still functional.

OK: An alert is created. The resource is still functional.

Clear: No action is required. An alert is not created from this event. Existing alerts are closed.

External event monitoring tool.

Key

It is an auto populated field combination of source and Configuration Item field value.

Event

Alert

If an alert was created as a result of the event, this field contains the Unique Alert Number.

Event

Additional Information

Any additional information for that event

External event monitoring tool

Configuration Item

Configuration Item name.

External event monitoring tool

Processing Log

Display of the event processing log.

Event.

Event Rules for Creating Alert

Event Management is responsible for addressing a new event that is comparable to events that already appear on an existing alert. The information on the event is added to either the alert that is already present or to a new alert, depending on the Key, the Alert Status of the event, and the Status of the alert that is already present. Event fields provide a one-of-a-kind identifier for each event. The information from the fields is analyzed by Event Management in order to decide whether a current alert should be updated or if a new one should be created.

  • Each event is uniquely identified by the Key.


.Key is the combination of source and Configuration Item field so if there is already an alert with that key and Status of that alert is open then we update the existing alert by increasing Event count in that alert.


Because The key is the combination of the source and the Configuration Item field, if there is already an alert with that key and the status of that alert is open, then we will update the existing alert by increasing the Event count in that alert.

  • In addition to this, the specifics of any and all events that are connected to that alert are being recorded in the Notes column of the alert table.


  • If we got an event with the Alert status is Ok, it would look something like this:


Therefore, make sure that the existing alert contains This Key and has the status "Closed" like so:


  • In the event that we already have an alert with that key, but the status of that alert is "Closed," then we will issue a new alert.