X

Automatically Managing Alerts and Processing Events

Multiple Correlation Rule Types to Manage Alerts and Process Events

You can take actions on alerts automatically using ECM’s powerful correlation rules feature. You create the correlation rules needed by your enterprise and ECM automatically executes an action on an alert after evaluating a correlation rule as true against that alert.

First Step in Managing Alerts and Processing Events with Correlation Rules

After ECM creates an alert, it enriches the alert with the following types of correlation rules:
Maintenance rule – Sets the maintenance field to TRUE if the alert’s entity is in maintenance. You can add an additional action or action group to this default behavior, for example, sending an email informing the supervisor of the maintenance period. You may also deduplicate against alerts that are not maintenance.

Close Maintenance rule – Dynamically closes a maintenance window based on a condition from an incoming alert.
Tag rules – Sets the Tags column in the Alerts table to the value specified in the rule. For example, if the message contains the word, “postfix” or “sendmail,” then set the Tags column value to “email:”

Second Step in Managing Alerts and Processing Events

After applying the enrichment rules, ECM executes the next wave of correlation rules against the alert:
Upon Event Arrival – Rules that trigger actions based upon the alert attributes, for example, if the entity has an owner, set the owner of the alert to be the same as the entity. These rules are evaluated upon arrival of the alert or modification of the alert’s event count.

Periodic Rules – Rules that execute actions on a periodic basis based upon the alert attributes, for example, a rule that sets the alert severity to Clear when the severity is Info.

Problem Resolution Rules – Rules created in the Alerts table by identifying one alert as a problem and another alert as the solution to that problem.

Timed Conditions (X in Y) – Rules that trigger actions if an alert occurs X number of times over a Y period. If you only want to act if an alert has occurred X times without restrictions over the period, you can use a correlation rule (upon creation) and use the eventcount field in the conditions section.

Managing Alerts and Processing Events: You Make the Rules!

Use RightITnow ECM to take complete control of and exploit all of that information flooding in from your entire universe of entities. ECM uses maintenance, close maintenance, tag, upon event arrival, periodic, problem resolution and timed conditions correlation rules that you create and customize to manage alerts and process events with as little intervention from you as possible, freeing you from tactical fire fighting to think strategically about the direction and evolution of your IT Ops.

RightITnow:
Related Post