How do I enrich alarms using the SOI event integration

book

Article ID: 49312

calendar_today

Updated On:

Products

CA Spectrum

Issue/Introduction

Description:

I have integrated the SOI Event Integration (EI) into Spectrum Infrastructure Manager but am having trouble enriching alarms.

Solution:

Here is how to enrich an alarm:

For our example scenario we chose the Trouble Ticket ID field which all alarms have by default and is normally blank unless manually populated, or populated automatically by other data sources such as the Spectrum Service Desk Integration. This column is not displayed in Alarm views out of the box. To display it, right click on any column in the Alarms tab of the Spectrum OneClick client console and select the 'Trouble Ticket ID' column to be displayed.

On the EI Manager Host, if we look at the spectrum-src.xml file found in the directory:
\Program Files (x86)\CA\Event Integration\Manager\PolicyStore\sources

This is one of the default lines in this file:
<Field format="[{0},{1},{2}]" input="spectrum_AlarmId,spectrum_AlarmType,spectrum_Cause" output="internal_msgvalue"/>

Here is one that has been edited:
<Field format="{0}-enhanced by EI" input="spectrum_TroubleTicket" output="spectrum_Alarm_TroubleTicketID"/>

The first double quote ("") section tells EI what to get from the incoming alarm. The {0} means take the value that is already there, and add whatever else is in the "". So in this case if there was a value, for example '456', take 456 and append '?enhanced by EI' after that value.

NOTE: *** if there is no value, this rule will fail. In the example above, if the trouble ticket id is blank the rule will fail.

The second value between "" tells EI what part of the alarm we are looking at and pulling the value referenced in the first section from.

The third value between "" tells EI what section of the alarm to put the new value into, it must always start with spectrum_Alarm (case sensitive) and then the actual field name.

Here is a rule that will actually work for us for this test, since the Trouble Ticket ID field will be blank.
<Field format="3-abc" input="" output="spectrum_Alarm_TroubleTicketID"/>

Note the {0} is gone from the first section, so we are not expecting any input and will instead add the value '3-abc'. Since we are not expecting input, the second section is also blank.

Finally, we have defined what field in the alarm to enhance in the third section.

The following is a rundown of this process and then we show the actual alarm with the enriched value from the EI Integration.

The EI framework service (CA EI IFW) gets the alarms from SPECTRUM and returns the enriched alarms to SPECTRUM:

<Please see attached file for image>

Figure 1

The CORE service ( CA EI CORE) seen below is the service that actually performs the processing and enriching of the alarms:

<Please see attached file for image>

Figure 2

Here we see a default alarm in Spectrum for contact lost due to an incorrect SNMP Community String in the following screen shots:

<Please see attached file for image>

Figure 3

<Please see attached file for image>

Figure 4

<Please see attached file for image>

Figure 5

Here we see the alarm raised and the Trouble Ticket ID field is blank:

<Please see attached file for image>

Figure 6

Now on the EI host server the CORE ( CA EI CORE) service has been stopped which triggers the framework service (CA EI IFW) to pick up the alarm and it creates a file in the inbox folder as seen below:

<Please see attached file for image>

Figure 7

Then the CORE (CA EI CORE) service is restarted and we see the *.in files have been moved to the Wipbox (work in progress) folder and are being processed; the *.in files are being turned into the *.out file which gets sent back to Spectrum. (The .out file is the last one in the screenshot):

<Please see attached file for image>

Figure 8

For the sake of this article, we have stopped the framework service (CA EI IFW) so we can see the *.out file it in the Outbox folder once it is finished being created:

<Please see attached file for image>

Figure 9

Here we see the Events created in Spectrum that report that a Spectrum Alarm has been received in an enriched form:

<Please see attached file for image>

Figure 10

Here we see the Alarm that has been enriched, which now has a value, for the Trouble Ticket ID field added to it:

<Please see attached file for image>

Figure 11

Environment

Release: SPPREM05900-9.2-Spectrum-Infrastructure Manager-Premium Suite
Component:

Attachments

1558712611481000049312_sktwi1f5rjvs16snh.gif get_app
1558712609627000049312_sktwi1f5rjvs16sng.gif get_app
1558712607942000049312_sktwi1f5rjvs16snf.gif get_app
1558712606108000049312_sktwi1f5rjvs16sne.gif get_app
1558712604232000049312_sktwi1f5rjvs16snd.gif get_app
1558712602284000049312_sktwi1f5rjvs16snc.gif get_app
1558712600444000049312_sktwi1f5rjvs16snb.gif get_app
1558712598629000049312_sktwi1f5rjvs16sna.gif get_app
1558712596683000049312_sktwi1f5rjvs16sn9.gif get_app
1558712564903000049312_sktwi1f5rjvs16sn8.gif get_app
1558712562959000049312_sktwi1f5rjvs16sn7.gif get_app