Use Case:
Event Management plays a crucial role in both proactive and reactive tickets within service management scenarios. Numerous articles detail the process of integrating with monitoring tools. However, once the integrations are established, it is essential to understand how events, alerts, tickets, and remediation mappings correspond with the out-of-the-box (OOB) behavior.
Solution:
SG Connectors - These are pre-configured solutions that can be integrated with monitoring tools such as Splunk and Zabbix. They offer a plug-and-play approach for setting up endpoints and credentials.
Integration - Custom code can be developed to facilitate integrations using flow designer, Business Rules, and Script Includes; however, this is applicable only for connectors that are not readily available.
Table Schemas Connectivity is organized in a sequential manner:
1. After the integration is established, events will be transmitted through the integration and recorded in the 'em_event' table.
2. Once an event is generated and stored in the 'em_event' table, it will be governed by event rules ($sa_event_rules). In this context, events are filtered according to the established configuration, with Event Inputs and Event Raw Info being categorized accordingly. Threshold is utilized for mapping and converting into an Alert. The binding functionality facilitates the mapping of the CI Binding.
3. Alerts are produced based on events and their corresponding rules. However, the management of these alerts is conducted through the 'em_alert' and 'em_alert_management_rule' components. The alert filter assists in determining the validity of the alerts.
4. The alert actions are designed to facilitate the creation of incidents. The subflow or flow will be integrated into the alert management rules. It enables the generation of incidents based on specific conditions.
5. Upon the generation of the incident, it will be associated with the Service Operation Workspace and connected to the Service Dashboards and application mapping.
6. Remediation can be accomplished via the 'Playbook'. The actions to be taken are outlined within the playbook, which will be implemented by the designated resolver groups and individuals. It facilitates both proactive and reactive ticket creation and resolution.
To conduct the testing, please utilize the script provided in the background and evaluate each of the aforementioned tables individually to comprehend their functionalities. It is important to note that the configurations for event and alert rules are established based on the scenarios outlined below.
var event = {
"source": "EMTest",
"node": "V-W2K3-32-Web02",
"type": "SNDemo",
"message_key": "My Message Key",
"severity": "2",
"description": "memory leak I/O disk error",
"status": "3",
}
var script = new sn_em_ai.EvtMgmtEmEvent(event); // OOB Script include
script.createEvent(); //OOB Script Include function
#eventManagement #event #alert #proactiveTickets #reactiveTickets #remediation
Hope you like it. If any questions or remarks, let me know!
If this helped you in any way, I would appreciate it if you hit bookmark or mark it as helpful.
Regards,
Suresh.
1 Comment
