Previous Topic: Event Management ScenariosNext Topic: Event Management Example 3: Create a New Event to Indicate a Crashing Service

Event and Alert Management Deployment ScenariosEvent Management ScenariosEvent Management Example 1: Filter Duplicate Events from Integrated Domain Managers

Event Management Example 1: Filter Duplicate Events from Integrated Domain Managers

This scenario illustrates how you can filter duplicate events received from connectors with integrated domain managers so that one consolidated alert appears for each reported condition.

Several domain managers for which you may have connectors could already be integrated with one another. Examples of common domain manager integrations include the following:

For example, CA Spectrum might already be feeding its alarms into CA NSM when the two products are integrated. If you have CA Spectrum and CA NSM connectors installed, you could receive an alert for the original CA Spectrum alarm and an alert for the CA NSM alert representing the same CA Spectrum alarm. Duplicate alerts in CA SOI caused by cross-domain integrations require extra time to clear, could cause confusion for operators, and could provide an inaccurate report of CI severity.

This scenario assumes that you have integrated CA eHealth and CA Spectrum, so that CA eHealth alarms are sent to CA Spectrum. It does the following:

Follow these steps:

  1. Enter the following in the Event Pattern fields in the Event Search tab: 
    MdrProduct='CA:00005' and Message=?

    MdrProduct='CA:00002' and Message=?

    This search criteria returns events from CA eHealth and CA Spectrum that have identical message text.

    Note: The scenario assumes that the event message is the same for events from CA eHealth and integrated CA eHealth events from CA Spectrum. If the messages differ slightly, a more fine-grained search is required.

  2. Select ALL events occur within 120 seconds in the Additional Criterion pane.

    This selection specifies that the events must occur within two minutes of each other.

  3. Click Search.

    The search results appear.

  4. Click Create Policy.

    The Create Event Policy wizard opens and displays the New Policy page.

  5. Enter CreateConsolidatedEvent in the Policy Name field, select Create New Event, and click Next.

    The Create New Event page opens.

  6. Do the following:

    The Select Data Sources page opens.

  7. Select Save and Deploy policy, move the Mid-tier connector to the Selected Data Sources pane, and click Next.

    Note: Assignment to the Mid-tier connector is required, because the search requires event correlation across connectors. Assigning to the CA eHealth and CA Spectrum connector would prevent the events from correlating across domain managers. However, the MdrProduct values in the search patterns prevent the search from occurring on connectors other than CA Spectrum and CA eHealth.

    The Confirm page opens.

  8. Confirm the policy information and click Finish.

    The policy is deployed. This policy creates a new event to represent events duplicated in CA eHealth and CA Spectrum instances that are integrated each other. The event uses properties from the source CA Spectrum event and appends the message with a notification that the event is consolidating duplicates.

  9. Select the deployed policy in the Events tab, and click Edit Policy.

    The Create Event Policy wizard opens and displays the New Policy page.

  10. Enter FilterIntegratedEvents in the Policy Name field, select Filter Events and then Exclude, and click Next.

    The Select Data Sources page opens.

  11. Select Save and Deploy policy, retain the Mid-tier connector in the Selected Data Sources pane, and click Finish.

    The filter event policy is deployed. This policy discards the original CA eHealth and CA Spectrum events, so that only the created event becomes an alert in the Operations Console. The created event is not discarded, because the addition to the Message property causes its Message value to be different from the original events.