You can control the way in which the incident service stores events and creates incidents for a selected CA User Activity Reporting Module server. You can set the following values:
Specifies how long in days the service retains incidents in the incident database. If the value is 0, events are never deleted. Expired incidents are not displayed.
Specifies how often a single correlation rule can create incidents, allowing you to reduce unwanted multiple incidents. For the purposes of incident generation limits, different versions of a rule are considered separate rules. So if you have applied multiple versions of a rule in your environment, they are limited separately. Limit values include:
Indicates whether incident generation limits are applied.
Sets a threshold for the number of incidents generated by a single rule. This value works with the Time value, if that value is above 0. After these numbers are reached, the incident service applies the Blocked Time limit. So if you set Count to 3, and the Time to 10, the limit applies after a single rule generates more than 3 incidents in 10 seconds.
Sets a threshold, in seconds, for the number of incidents generated by a single rule. This value works with the Count value, if that value is above 0. After these numbers are reached, the incident service applies the Blocked Time limit. So if you set Count to 3, and the Time to 10, the limit applies after a single rule generates more than 3 incidents in 10 seconds.
Specifies an interval in seconds, when a rule is blocked from creating further incidents. When this limit is reached, the rule creates no incidents until the time expires.
|
Copyright © 2013 CA.
All rights reserved.
|
|