Create an event policy with a script enrichment action to run a script and enrich an event based on its output values. The script must return a comma-separated list of properties and returned values as follows for the enrichment to work:
propertyname,value,propertyname,value...
Script enrichments require the following information:
The script must exist locally on every connector system to which you want to deploy the event policy.
Follow these steps:
The Enrichment Configuration page opens.
Note: The text at the bottom of the page indicates if any required information is missing.
Defines the directory path of the script to run for the enrichment, excluding the script name.
Example: C:\Program Files\myscripts
Defines the script name to use for the enrichment. Do not add command line arguments to the script name.
Example: GetObjectProperties.exe
(Optional) Defines the user name for running the script, if necessary.
(Optional) Defines the password for the specified script user name, if necessary.
Note: If the script requires user authentication in its parameters, enter the credentials here and reference them on the following page to ensure that the data is protected.
A confirmation dialog opens.
The script connection is verified. The Configuration Test Result dialog indicates whether the connection was successful.
Note: If you have to change this information after deploying the policy, restart the CA Catalyst Container service on the connector system or the appropriate plugin service to ensure that the change takes effect. For information about how to configure enrichment value caching, see Configure Enrichment Cache Timeout.
The Enrichment Policy page opens. Right-click each column on this page for additional help information.
Defines placeholder names for each required script input parameter. The enrichment always reads the parameters sequentially; therefore, the names that you enter for each parameter can be anything (param1, param2, and so on). Create an entry for each required input parameter to ensure that the script runs successfully.
Defines the event property or other value to use for the corresponding script parameter value. Use the right-click menu to assign the value of a property from any matching event pattern. The value for each script parameter can take any of the following forms:
Use the right-click menu to add provided functions to perform common data conversions on the search value to use for each script parameter.
To enter user credentials, use the following substitution characters to reference the credentials entered on the previous page:
${user}
${password}
Note: Entering a password value manually on this page creates an unencrypted record of the password.
The Preview cell displays the result of the entered value that is based on the selected event in the Event Log table. You must run an event search before creating the policy to get its results in the Event Log table for previewing enrichment values based on existing event content.
Include all required parameters for the script to run. If the script does not run successfully based on the entered parameters or does not return a comma-separated list of properties and values, the enrichment does not occur for that event.
Example
The following script adds a support person contact details depending on alert severity.
@echo off if %1==Critical
( echo lname,Scott,fname,Sue,email,email01@company.com,phone,631-001-0001,severity,%1 )
else (if %1==Major
( echo lname,Black,fname,Bill,email,email02@company.com,phone,631-002-0002,severity,%1 )
else (if %1==Minor
( echo lname,Unum,fname,Sven,email,email03@company.com,phone,631-003-0003,severity,%1 )
))
In the Parameter Configuration table, assign a variable whose value the input parameter in the script (%1) will use:
|
Input Parameter |
Assigned Value |
|
Severity |
${pattern1.Severity} |
Defines the script output property values to assign to the event properties in the Event Property column. This value determines the property value to use from the comma-separated list of properties and values that the script returns.
References to output properties must be in the following format: ${propertyname}, where propertyname is the name of the property in the comma-separated output list whose value you want to return. For example, for a script that returns the string 'city,value,state,value,zip,value', ${city} uses the returned value from the city output property for the enrichment. Any values entered without this format appear directly in the event as written. You can add enrichments to as many event properties as necessary.
Note: You can change the names of the User Attribute properties if you want them to accurately represent the enrichment properties that you assign to them. However, these properties appear under their original names in the Event Policy dialog, even if you renamed them. Assigning values to these original names properly displays the values under the renamed properties in the Operations Console.
The script property-based value can take any of the forms previously described for the input value: a single property value, multiple values, or a modified property value. Use the right-click menu to add provided functions to perform common data conversions on the enrichment value before assigning it to the specified property. The return value cannot contain an embedded comma.
Note: Only the properties that support enrichment value assignment appear in the Event Property column.
The Select Data Sources page opens.
|
Copyright © 2013 CA.
All rights reserved.
|
|