Bind alerts to a specific process
Bind specific server processes to their corresponding Configuration Items (CIs) in the CMDB to ensure accurate mapping and visibility. This binding is crucial for identifying service dependencies, reducing ambiguity from generic process names, and enabling effective monitoring. It supports faster alert resolution, impact analysis, and better alignment between infrastructure and application components in dynamic environments.
始める前に
Role required: evt_mgmt_admin
このタスクについて
Sometimes, when an alert (or event) comes into the system, it needs to be connected — or "bound" — to a Configuration Item (CI) in the CMDB. By default, the system binds alerts to host specified in the Node field of the event. Imagine a situation where you have a Windows server running multiple processes, like MSFT SQL Instances and SQL Server Analysis Services. The challenge is to bind an event to the specific process instance rather than just the host server, as multiple processes could have the same generic name, such as MSSQLSERVER, leading to ambiguity.
The following example procedure uses a Windows server as the host, MSFT SQL Instances as the CI class of the process, and MSSQLSERVER as the process name. The following steps are based on the assumption that the event Node field of the event provides the host name, and the Additional Information field contains specific process details required for binding.
| Action | Steps |
|---|---|
| Set event rule: Add process name | Add the process name sa_process_name in the event rule. |
| Set event rule: Define CI type | Select the target CI type in the event rule. For example, MSFT SQL Instances. |
| Define process mapping | Navigate to the Process to CI Type Mapping table [em_binding_process_map] and add an entry mapping a CI type (e.g., MSFT SQL Instances) to a process name (e.g., MSSQLSERVER). |
| Bind CI to alert | When an event is triggered, the system:
|
手順
-
Select the Transform and Compose Alert Output tab and perform the following steps:
- Select the Manual attributes check box.
- Enter sa_process_name is ${process}.
sa_process_name is a special variable name used to specify the name of the process to search for. ${sa_process_name} will appear in the Additional information field of the event. Instead of ${process}, you can enter any other field name from which the variable sa_process_name derives its value.
-
In the CI type field, select MSFT SQL Instances.
The CI type determines the specific CMDB table where the system searches for the matching CI.
-
Navigate to All and search em_binding_process_map.list.
The Process to CI Type Mappings page opens. Here the values from the CI type column are mapped to entries in the Process column. For example, cmdb_ci_db_mssql_instance is mapped to the MSSQLSERVER process.
- オプション:
Verify that the node is in a Runs on::Runs relationship with the appropriate process.
-
Create an event with Node value as the name of the host such as Windows Server (V-W2K3-SQL2008).
The Additional information field in the event has a key called process whose value is MSSQLSERVER.In the following image, you can see the processing notes indicating that the binding has occurred between the alert and the matching process.