Working with Event Policies and Actions › Create an Event Policy with an Enrichment Action › Create a Script Enrichment Action › Script Enrichment Examples

Script Enrichment Examples

The following examples show how you can use the enrich event action to enrich events with information from a script when search patterns match:

Example: Enrich events with descriptive information from CA NSM

This example shows how you can use the enrich event action to enrich events with output information from a script when search patterns match. The example uses the CA NSM enrichment provided with the Mid-tier connector. This enrichment could be useful in CA SOI for situations such as the following:

• You want to use CI properties in CA NSM in alert queue criteria or for escalation policy
• You are using custom properties in CA NSM that are not imported into CA SOI
• You want to use information from CA NSM in alerts or CIs that are not managed in CA NSM
• You want to parse partial information from a property for use in a different context

Important! The enrichments use .jar files that are only available with the Mid-tier connector. Deploy these provided enrichments on the Mid-tier connector only.

This example enriches events with comment information stored about the related CI in CA NSM. The information could help you resolve alerts related to the CI. For this enrichment to work, at the minimum, a CA NSM WorldView client must be installed with the remote WorldView repository on the connector system to which you deploy the event policy.

• Select Script on the Enrichment Configuration page, and select NSM in the Templates drop-down list.
• Use the User and Password fields to enter valid credentials for the CA CMDB server, and leave the default values in all other fields.
• Do the following on the Enrichment Policy Configuration page:
  • Enter values for the provided method parameters in the Input Parameter column in the Assigned Values column:
    • i1: /r nsmserver
    • i2: /u ${user}
    • i3: /p ${password}
    • i4: /pf dnsname
    • i5: /pv ${pattern1.AlertedMdrProdInstance}

    This parameter configuration queries the defined CA NSM instance for CIs with a dnsname property that matches the AlertedMdrProdInstance property value and returns the comment property value of the matching CI. It uses substitution strings for the required CA NSM credentials (referencing the credentials entered on the previous page) to avoid entering the information unencrypted.

  • Enter ${comment} in the Assigned Value cell corresponding to the User Attribute 1 Event Property cell.

  This enrichment queries the defined CA NSM instance for the comment property of the CI with a dnsname property value that matches the AlertedMdrProdInstance property value. If there is no match, the enrichment does not occur. If there is a match, the comment value is returned from the matching CI and assigned to the User Attribute 1 property in the enriched event.

  For example, consider an event with the AlertedMdrProdInstance property value of server5. The server5 value matches a CA NSM WorldView managed object DNS name. The comment value in the matching CI is 'Reinstalling operating system', and this value appears in the enriched event for User Attribute 1. In this case, the logged comment would indicate that you can clear any alert associated with the server being down, because the operating system is currently being refreshed.

• Deploy the policy on the Mid-tier connector.

Example: Enrich events with information from a Windows VB script

This example illustrates how you can enrich events with output information from a Windows VB script. Information from the Windows operating system that is not already included with an event could be useful for alert diagnosis and resolution. In this example, the event policy calls a VB script using the event server name as input and returns the location of the associated server:

• Select Script on the Enrichment Configuration page, and enter the following information in the fields:
  • Script Path: C:\Windows\System32
  • Script Name: cscript /NoLogo C:\tools\LocationLookup.vbs

  This script looks up the location of the system provided in the input parameter. The /NoLogo modifier ensures that only a comma-separated list of values are returned by the script, which is required for the enrichment to work.

• Do the following in the Parameter Configuration table:
  • Enter INPUT in the first Input Parameter cell.
  • Enter fn:Parse(${pattern1.AlertedMdrElementID},'.*:(.*)') in the corresponding Assigned Value cell.

  These values control the input parameter for the VB script. The assigned value for the script input is the system on which the event occurred. The parse function extracts the server name from the AlertedMdrElementID property. This format is valid for AlertedMdrElementID properties from the Universal connector. Output from other connectors may require a different format to return the server name.

• Enter ${retval1} in the Assigned Value cell for the User Attribute 1 property in the Enrichment Property Assignments table.

  This assignment enriches events with the output of the script in the User Attribute 1 property. For example, if an event occurs on a system in Minnesota, the script looks up the location based on the system name, and Minnesota appears in the User Attribute 1 property in the enriched event.

• Deploy the policy on the applicable connector.

  Matching events are enriched with the location of the source system in the User Attribute 1 event property. You can use the enriched location information to configure alert queues, as criteria in escalation policies, or as a way to determine alert assignments.