Would like to set severity on event/ alert based on an attribute of affected CI

Nick9
Kilo Contributor

‎10-28-2020 12:46 AM

I have SNMP traps coming in, and while a MID Listener transform script would take care of setting some fields (resource, message key), I cannot set the severity until I check CMDB. 

I have tried setting a before insert rule on em_event in order to update it then, but the rule seems to be ignored. Oddly enough, if creating the event by hand in the platform, the rule works as expected. 

Any ideas how this could be achieved? Also, is there a way to capture the headers of an SNMP trap?

PS. I have also tried to place a rule before insert on the Alert. The rule works once - but after that, on subsequent events that should be matched to the same alert, severity is overwritten.

Kind regards,

Nick

Labels:
0 Helpfuls
  • 1,604 Views
11 REPLIES 11

Rahul Priyadars
Giga Sage
Giga Sage

‎10-28-2020 02:03 AM

Just trying to Understand here. OOTB severity have values like info,Warning,Minor,Major,Critical etc.

For the Given affected CI - What values you have in CMDB corresponding to these?

I was thinking from other way around - Any possibility of mapping this Apple to Orange in Monitoring Tool itself?

Regards

RP

0 Helpfuls

Nick9
Kilo Contributor

‎10-28-2020 02:07 AM

I do not have severity values set in CMDB. I basically have to look at the environment of the server and based on the value of the environment, set a value for severity. 

 

0 Helpfuls

Rahul Priyadars
Giga Sage
Giga Sage
In response to Nick9

‎10-28-2020 02:29 AM

Hi Nick,

In our environment some how its driven from Monitoring tools side.

Threshold parameter will vary as per the environment of the Server

For Non Prod - 95% Disk full may be a Minor

For Prod - 95% Disk full will be a Major/Critical

This configuration is driven done in Monitoring Tool. They group servers based on Environment Value which is also available in Monitoring System. We are using SolarWinds for Monitoring.

Regards

RP

Nick9
Kilo Contributor

‎10-28-2020 03:33 AM

I understand that. We have implemented similar event handling for other monitoring tools. Unfortunately, this particular one does not have the option of sending separate type of events for different environments - so we have to rely on the information in CMDB.

0 Helpfuls