Event Management stores event field mappings in the Event Field Mapping [em_mapping_rule] table. The mappings apply after event rule processing and prior to alert generation. The mapping values from the Event Mapping Pair [em_mapping_pair] table apply to the alert. The original event severity remains unchanged.

For example, if events come with the field "org_severity" with the values "Low, Medium, High" and you want the alert Severity to hold this value, create an event field mapping rule that maps the field org_severity to Severity, with these values:

Default event field mappings

Event Management provides default event field mappings for commonly used system monitoring tools. The Transform Value Pairs from event field mappings format the incoming event data for Event Management.

You can view the default event field mappings and mapping pairs by navigating to Event Management > Rules > Event Field Mappings and double-clicking Name.