Alarm Enrichment Rules Not working as they used to, we have rules that look at a table and if the Source name of an alarm matches a value in the table, then to update the Source of the Alarm before it generates an alarm. We are able to make this work in our test environment, however the same setup in production and it does NOT work.

Release : 20.1

Component : UIM - ALARM_ENRICHMENT

- nas v9.30

- alarm Subjects

1. Deactivated and/or cleaned up all bogus/defunct queues in Test/DEV then PROD.

2. In Test/DEV and Prod we eliminated the reference to any 'Alarm1' Subjects

3. We also cleaned up the ATTACH and GET queues that were unnecessary since nas replication and forwarding was already in place. You cannot have both. Therefore, I left the replication and forwarding in place and deactivated the queues, then also removed any occurrence of Alarm1. Checked the results and then still everything was working as expected and also there were no more occurrences of the bogus alarm with severity of (Major) for what was a clear alarm.

Bottom line is that MOST of the time, in most environments, you want to make sure that the alarm_enrichment Subject is alarm and the nas alarm Subject is alarm2.

Quick checklist of message Subjects for nas, alarm_enrichment and alarm_routing_service probes
https://knowledge.broadcom.com/external/article/9822/quick-checklist-of-message-subjects-for.html

How to switch back from using EMS to using NAS again
https://knowledge.broadcom.com/external/article/199273/how-to-switch-back-from-using-ems-to-usi.html

So now, as a result, the Test/DEV environment and PROD alarm source field values are being populated with the short hostname, and you are no longer receiving clear alarms with the wrong severity (Major) as per our changes and checking the alarm results in both environments.