The Zurich release has arrived! Interested in new features and functionalities? Click here for more

How to Configure Event rules for Response_time and Node_Status from SolarWinds

narendra19
Tera Contributor

‎04-25-2023 07:39 AM

Hi,

 

We have an integration with SolarWinds and it is creating thousands of event. I do not need all those event to create Alerts so I am trying to create event rules for the parameters:

Node_Status     -    Anything above 2 hours of down time

Response_time -  Anything above 350ms

 

When I checked on the Event description field it just says Node is down, it does not specify any time. Also, when I check for  Response_time I see the description saying the node is already responding. I am not seeing anything which says just Response time.

narendra19_0-1682433059801.png

Any help is appreciated.

 

Thanks

0 Helpfuls
  • 855 Views
3 REPLIES 3

Punit S
Giga Guru

‎04-25-2023 04:11 PM

To create event rules for the parameters you mentioned, you can use the following steps:

  1. Go to the Event Management application in your ServiceNow instance.

  2. Click on the "Event Rules" module and create a new event rule.

  3. In the Conditions section, add the following conditions:

    • For Node_Status, use the "Node Status" field with the operator ">=" and the value "2h" (this will check for anything above 2 hours of down time).
    • For Response_time, use the "Response Time" field with the operator ">=" and the value "350" (this will check for anything above 350ms).

  4. In the Actions section, you can choose to either suppress the event (which will prevent it from creating an alert) or forward it to a different destination.

Regarding the Event Description field, it sounds like the SolarWinds integration may not be providing enough information to properly identify the events you want to filter out. You may need to work with the SolarWinds team to ensure the integration is sending the necessary details for ServiceNow to create event rules based on your criteria.

 

Please mark my answer as a solution/helpful in case it adds value and moves you a step closer to your desired ServiceNow solution goal.

Thanks,
Punit

0 Helpfuls

narendra19
Tera Contributor
In response to Punit S

‎04-25-2023 09:38 PM

Hi Punit,

 

Thanks for your reply.

I am not seeing these parameters in the event rule conditions. I am seeing only limited parameters in the conditions. Here are the screen shots.

 

Preview file
132 KB
Preview file
112 KB
0 Helpfuls

Punit S
Giga Guru

‎04-26-2023 02:46 PM

Thank you for providing the screenshots. Based on what you have shown, it appears that the Node_Status and Response_time parameters are not available as fields in the event rule conditions. However, you can still create event rules based on these parameters by using the event message field and filtering events based on specific keywords.

To create an event rule based on Node_Status, you can create a new event rule with a condition that includes the keyword "Node is down" in the event message. You can also add an additional condition that filters events by the SolarWinds node ID or name, depending on your setup. This will ensure that the event rule only triggers when the specified node is down for more than two hours.

To create an event rule based on Response_time, you can create a new event rule with a condition that includes the keyword "Response_time" in the event message. You can also add an additional condition that filters events by the SolarWinds node ID or name, depending on your setup. This will ensure that the event rule only triggers when the specified node has a response time above 350ms.

Here's an example of what the event rule conditions could look like for the Node_Status parameter:

Condition 1: Field: Event message Operator: Contains Value: Node is down

Condition 2: Field: Node ID or Node Name Operator: Equals Value: [Node ID or Node Name]

And here's an example of what the event rule conditions could look like for the Response_time parameter:

Condition 1: Field: Event message Operator: Contains Value: Response_time

Condition 2: Field: Node ID or Node Name Operator: Equals Value: [Node ID or Node Name]

Note that in both cases, you will need to replace "[Node ID or Node Name]" with the appropriate value for your SolarWinds setup. Additionally, the exact keywords and syntax may depend on the structure of your SolarWinds event messages, so you may need to adjust the conditions accordingly to match the specific keywords used in your integration.

 

Please mark my answer as a solution/helpful in case it adds value and moves you a step closer to your desired ServiceNow solution goal.

Thanks,
Punit

0 Helpfuls