Time Over Threshold message customization
Article ID: 379353
Updated On:
Products
Issue/Introduction
This article describes the configuration process of the alarm_enrichment probe, so it populates the custom5 field with the information that the TOT policy has processed the alert.
The Alarm Message also will contain the actual TOT value.
Environment
DX UIM 23.4.x
NAS
alarm_enrichment
Resolution
1. Put the below rule in the <enrichment-rules> section of the nas.cfg:
<x>
match_alarm_field = et_id
match_alarm_regexp = (threshold.dynamic)
use_enricher = os_enricher
lookup_by_alarm_field = robot
lookup_by_regexp =
<overwrite-rules>
udata.message = ToT:[alarm.udata.values.tot] [alarm.udata.message]
udata.custom_5 = [alarm.et_id] tot[alarm.pri]:[alarm.udata.values.tot]
udata.custom_4 = [cmdb.os_type]
</overwrite-rules>
</x>
Note: replace "x" with another the actual number of the rule ( if there were 3 rules already, x should be 4)
Note 2: The "use_enricher" section must reflect the name of the enricher source created for this enrichment purpose (read more in additional section)
Example :
2. Restart nas and alarm enrichment probes.
Additional Information
When the TOT value is blank, then it is considered non-TOT alarm
Suppose you have not configured any alarm enrichment rules before. In that case, you need to make sure to configure the enrichment-source section properly :
<enrichment-source>
<cmdbs>
<os_enricher>
population_query = select name,ip,os_type from cm_computer_system
user = <database user>
password = <database user password in plain text>
query = select name,ip,os_type from cm_computer_system where name=?
active = true
connection_url = jdbc:sqlserver://<ip address or hostname of sqlserver>:1433;DatabaseName=<Database Name of cmdb table>;
</os_enricher>
</cmdbs>
</enrichment-source>
(*) password string is automatically encrypted when the nas probe is restarted.
Additional article references:
How to configure alarm enrichment rule to add user_tag value for new alarms.
Feedback
