Incomming events are missing value in Severity field - how do I set the value - via Event Rules??

Go to solution
JanneHjorth
Tera Contributor

‎10-26-2020 12:59 AM

Hi all.

I'm new to Event Management and at the moment we experience incomming events, where Severity field is empty. So no alerts are created. I have this record:
find_real_file.png

How can I set a value in Severity field and secure the creation of alerts??

I really need a helping hand here - thanks in advance.

Regards, 

Janne

Labels:
Preview file
84 KB
0 Helpfuls
  • 3,288 Views
1 ACCEPTED SOLUTION

Go to solution
patrickkenney
Kilo Expert

‎10-26-2020 07:26 AM

The Manual attributes will create a new Additional Details JSON pair. You will want to place a number, 0-5, into the Severity field. When the Transform contains a variable representation like ${severity}, it will use the value sent from the default event. In your case that is currently empty.

 

 

View solution in original post

12 REPLIES 12

Go to solution
patrickkenney
Kilo Expert

‎10-26-2020 07:26 AM

The Manual attributes will create a new Additional Details JSON pair. You will want to place a number, 0-5, into the Severity field. When the Transform contains a variable representation like ${severity}, it will use the value sent from the default event. In your case that is currently empty.

 

 

Go to solution
JanneHjorth
Tera Contributor
In response to patrickkenney

‎10-26-2020 07:33 AM

Ahhh - ok - so I need to put in the value 4 into the Severity field like this:

find_real_file.png

Preview file
35 KB
0 Helpfuls

Go to solution
patrickkenney
Kilo Expert

‎10-26-2020 07:36 AM

Correct. If you have different events that need different severities then you will need a unique rule with all the criteria needed to identify the event severity needed. Unfortunately Event rules do not have an if then else flow to them.

If you can determine the severity at the source and pass that with the event, you can eliminate the need for the rules.