The create event, enrichment, and normalization actions provide several functions that can perform common data conversions on the following values:
When you select a function using the right-click menu, a function reference appears in the selected cell with the syntax representing the parameters you must enter, if necessary. If the function requires an input, adhere to the format of the provided syntax for the function to work.
The available functions are as follows:
Host
The following functions are categorized as Host functions:
Returns the fully qualified domain name (FQDN) based on the IP address parameter. For example, use fx:fdqn(${pattern1.AlertedMdrProdInstance}) to convert the host name of the product from which the alert originated in the first event pattern to a fully qualified domain name. For example, if the property value is server5 (in the ca.com domain), the function would convert the value to server5.ca.com.
Returns the fully qualified local host name.
Returns the IP address based on the host name parameter. For example, fx:ip(${pattern1.AlertedMdrProdInstance}) converts the AlertedMdrProdInstance value to the system IP address.
Returns the IP address for the local host.
Returns the local host name.
The conversion functions convert a string to the function format (fdqn or IP), while the local functions return the local host in the function format.
Note: The IP functions return an IPv4 or IPv6 address, depending on the system IP stack.
Date and Time
The following functions are categorized as Date and Time functions:
Returns the XML standard date based on the date string and format parameters.
Returns the current date based on the epoch seconds parameter.
Returns the current date.
Returns an XML schema duration string based on the milliseconds parameter. This constructor function takes a value of milliseconds as an argument; for example, fx:xsDurationFromMilliSec(7545). The return value represents a duration of time; for example, P0DT0H0M7S. The format of the return value is PnDTnHnMnS, where nD is the number of days, T is the separator between date and time, nH is the number of hours, nM is the number of minutes, and nS is the number of seconds.
Returns an XML schema duration string based on the seconds parameter. This function takes a value of seconds as an argument; for example, fx:xsDurationFromSec(988). The return value represents a duration of time; for example, P0DT0H16M28S. The format of the return value is PnDTnHnMnS, where nD is the number of days, T is the separator between date and time, nH is the number of hours, nM is the number of minutes, and nS is the number of seconds.
Returns the current time based on the epoch seconds parameter.
Returns the current time.
Returns the XML standard date and time based on the date and time string and format parameters.
Returns the date and time based on the epoch seconds parameter.
Returns the current date and time.
String
The following functions are categorized as String functions:
Returns a lowercase string based on the mixed case string parameter.
Returns an uppercase string based on the mixed case string parameter.
Other
The following functions do not fall under any of the above categories:
Returns a uniform resource identifier based on the file path.
Returns a unique identifier.
Returns a parsed string based on the regex parameter.
For example, use fn:Parse(${pattern1.AlertedMdrElementID},'.*:(.*)') to parse out the first half of the AlertedMdrElementID property in the first event pattern. A property value of SA_Server:UC_Server would appear as simply UC_Server after applying this function.
Using nested functions is not supported. You cannot embed a function within another function.
Concatenating functions in the same cell also works. For example, multiple Parse functions separated by a space include both parsed values in the new event property.
For detailed descriptions of the functions, see the CA Catalyst Implementation Guide.
|
Copyright © 2013 CA.
All rights reserved.
|
|