As an administrator, you search for and interact with events using the properties for the USM alert type. The valid properties appear when you right-click an Event Pattern field on the Event Search tab of the Event Policy dialog. Valid property values also appear for enumerated properties.
All USM alert properties are supported in searches, but many are optional properties that are not present in every event.
Use the lists of properties that follow to understand the information depicted by each property. Use the right-click menu in the Event Search tab to add properties to a search and add valid values for properties with enumerated values.
The properties present in every event that you can use in normalized event searches are as follows:
Note: For more information about USM alert properties, see the USM schema documentation on the CA SOI Bookshelf.
Defines the domain manager that originated the event. The tooltip for each data source on the left pane displays this value as Connector Type.
The right-click menu in the event search tab displays these numeric values as domain manager names for increased usability. Always use the right-click menu to assign an AlertedMdrProduct value to avoid having to manually enter the numeric value.
Example: CA:09998 (Sample Connector)
Defines the domain manager system that originated the event. This property is typically the host name of the system where the domain manager is installed. The tooltip for each data source on the left pane displays this value as Instance Name.
Defines the unique identifier of the CI that originated the event.
Defines the type of condition that the event reports. The most common valid values are Quality, Risk, Compliance, and Cost.
Defines the event severity.
Note: Even though events with severity values of normal and informational are returned in event searches and can participate in event policies, events with these severities cannot appear as alerts in the Operations Console.
Defines a summary description of the event.
You can include the following properties in event searches using the provided scoping controls for source and time. Therefore, they are typically not required in the actual event search pattern:
Defines the domain manager that originated the event. The tooltip for each data source on the left pane displays this value as Connector Type.
The right-click menu in the event search tab displays these numeric values as domain manager names for increased usability. Always use the right-click menu to assign an MdrProduct value to avoid having to manually enter the numeric value.
Example: CA:09998 (Sample Connector)
Defines the domain manager system that originated the event. This property is typically the host name of the system where the domain manager is installed. The tooltip for each data source on the left pane displays this value as Instance Name.
Defines a unique identifier for the event.
Defines when the condition that caused the event occurred. This property uses the xs:dateTime format: YYYY-MM-DDTHH:MM:SS.SSS-Z.
Defines when the event was created. This property uses the xs:dateTime format: YYYY-MM-DDTHH:MM:SS.SSS-Z.
The optional event properties that you can include in event searches are as follows. Not all events have these properties assigned, which would eliminate them from any search using these properties:
Note: When you select a property added to the usm-core2 update to the USM schema, it appears in the search pattern with a 'usm-core2:' prefix
Defines a high-level category, such as Application, SystemAndStorage, and so on.
Defines the Person CI to which the event is assigned in the following format: MdrProduct,MdrProdInstance,MdrElementID.
Note: Assigning an alert from the Operations Console does not affect this event value.
Defines the user name or login ID of the person assigned to the alert, if known.
Defines comments associated with the alert.
Defines the duration over which a number of identical events occurred. This property uses the xs:duration format.
Provides a complete alert message when the message is longer than the 1024 character length permitted by the Message property.
Defines a comma-separated string of name-value pairs, where the name and value are separate by an equal (=) sign.
Defines a semi-colon-separated list of CIs experiencing issues related to this event. This property can only have a value when the AlertType is Risk-RootCause, and is therefore the root cause impacting other CIs. Each impacted CI is listed using the following format: MdrProduct,MdrProdInstance,MdrElementID.
Defines whether the event can be acknowledged.
Defines whether the event is acknowledged.
Note: Acknowledging an alert from the Operations Console does not affect this event value.
Defines whether the event can be cleared when an equivalent normal severity event is received.
Defines whether the event is currently cleared.
Note: Clearing an alert from the Operations Console does not affect this event value.
Defines a comma-separated list of types that identify the types in the domain manager whose instances are mapped when creating the USM instance.
Defines a detailed description of the event.
Defines an identifying name for a metric.
Defines a description of a metric.
Defines the metric type.
Defines a unit of measure defined by the SI and IEC Technical Committee standards.
Defines the data type of the metric.
Defines a value for a metric that crossed a threshold, or otherwise was the reason for the alert.
Defines the name of the application where the alert originated.
Defines the fully qualified DNS name of the device where the alert originated.
Defines the IPv4 address of the device where the alert originated.
Defines the IPv6 address of the device where the alert originated.
Defines a semi-colon-separated list of related events, which are events resulting from the same root cause. Each related event is listed using the following format: MdrProduct,MdrProdInstance,MdrElementID.
Defines the Incident CI created for this event in the following format: MdrProduct,MdrProdInstance,MdrElementID.
Defines the URL of the Incident CI created for this event.
Defines the number of identical events occurring within a specific time defined by the ElapsedTime property.
Defines when the event is no longer relevant. For example, a maintenance time may only be in effect for one hour. This property uses the xs:dateTime format: YYYY-MM-DDTHH:MM:SS.SSS-Z.
Defines the current trend toward more or less severity.
Defines a comma-separated list of alert classifiers that are useful for visualization or query.
Defines a tenant identifier.
Defines a URL to open the domain manager from which the event originated.
|
Copyright © 2013 CA.
All rights reserved.
|
|