Select 'ALL events occur within N seconds' in the Additional Criterion pane and enter search criteria in at least two of the Event Pattern fields to create a search that correlates and groups sets of events according to their occurrence within a specified time interval. Select the optional Sequence enforced check box to match only on event groups that occur in the order of the event patterns.
Example: Detect increase in severity with sequence enforced
Pattern 1:
AlertedMdrElementID=? and matches (Severity,'^M.*')
Pattern 2:
AlertedMdrElementID=? and (Severity='Critical' or Severity='Fatal')
This example searches for a combination of events that have the same AlertedMdrElementID, which have therefore been generated from the same connector on the same CI. The first event must have a severity that starts with M, which would be minor or major. The second event must have a severity of critical or fatal. For Additional Criterion, select 'ALL events occur within 600 seconds' and select Sequence enforced. This search detects when the severity of an event on the same CI has increased from a previous event within the last ten minutes.
Example: Correlate service shutdown with sequence enforced
Pattern 1:
AlertedMdrElementID=? and matches (Summary,'service has started')
Pattern 2:
AlertedMdrElementID=? and matches (Summary,'service has stopped')
This example searches for a combination of events that have the same AlertedMdrElementID, which have therefore been generated from the same connector on the same CI. The first event must contain 'service has started' in its summary, and the second event must contain 'service has stopped' in its summary. For Additional Criterion, select 'ALL events occur within 30 seconds' and select Sequence enforced. This search detects a service that is crashing every time it starts. You could scope this search to the Mid-tier connector to search all events or on a subset of connectors for a targeted search.
Note: For an end-to-end scenario using this search pattern, see Event Management Scenarios.
|
Copyright © 2013 CA.
All rights reserved.
|
|