Bind alerts to non-host CIs

Release version: Washingtondc

Updated February 1, 2024

3 minutes to read

Bind an incoming event from a discovered application service or alert group to an alert, based on an event rule and the corresponding event field mapping. The event field mapping requires a URL or the port number and corresponding IP address for each service or alert group.

Before you begin

Role required: evt_mgmt_admin

About this task

If the event is specific to a non-host CI, for example an application services or alert group, use these steps to bind alerts to a non-host CI:

Leave the Node field empty.
Populate the CI Type with the CI type that you want to bind.
Make sure the additional_info field has enough information to uniquely identify the CI. The algorithm matches all additional_info attributes that have the same name as CI fields for that Event Type. If the match is successful, the event is bound to the CI.

Optional method:

Leave the Node field empty.
Populate the CI Identifier (ci_identifier) field with attributes, as described previously, that uniquely identify the CI.

Procedure

Navigate to All > Event Management > Rules > Event Rules.
Select New.

Enter a unique and meaningful name and fill in the form.

Table 1. Event Rule Info form
Field	Description
Source	Category to which this matching rule applies. The mapping rule only applies to events with the same event class value. If this value is empty, apply the rule to all events.
Order	Order in which an event rule is evaluated when multiple rules are defined for the same type of event. Event rules are evaluated in ascending order.
Description	Type additional information that describes the event rule.
Apply additional matching rules	Select to apply additional event matching rules according to the Order field. The last rule with binding settings sets the CI binding. When selected, the Thresholds tab is inactive.
Assignment group	For team-based integrations, select an assignment group. If no assignment group is defined in the event rule, then this event rule is considered as a global rule. When the rules are running – first the global rules run and then the rules that belong to the assignment group that the event’s source instance belongs to.

Select Binding to bind directly to a non-host CI.
Such as Service, VM, etc. (any CI type not extending cmdb_ci_hardware).
Select Override default binding to override the default binding.
The default binding uses the value of the Node field to try to match the CI name: CI name, FQDN, IP, or MAC address.
In the Binding type field, select CI field matching.
In the CI type field, select Configuration Item.
Select Transform and Compose Alert Output.
Clear the Node field.
In the Event Input table, select the Type.
1. In the Edit Regex Expressions dialog box, clear the Node field and select CI type..
  The field becomes a regex expression for the CI type.
  Any Additional Information field with a name the same as a field of the selected CI is used as an identifier. Transform and Compose screen can be used to add such fields. All identifier fields must be matched to bind to the CI.
2. Select Done.
Select Submit.
Navigate to Event Management > Rules > Event Field Mapping.

Create the corresponding event field mapping with these parameter values:


Field	Value
Source	Specify the event monitor software that generated the event.
Mapping type	Select Single field.
From field	Specify `temp node`.
To field	Specify `name`.

In the Transform Value Pairs section, insert new rows for each event-mapping pair.
1. Set the Key with the URL or an IP address with the corresponding port value.
2. Set the Value with the discovered application services, technical service, or alert group name.
For example, you can add an event-mapping pair for each service.
Select Submit.