Monitoring rules are used for message processing. Received messages in the target table are analyzed according to the monitoring rules. If they satisfy conditions specified by the rules, monitoring events are created or updated.
Create a monitoring rule
To create a monitoring rule, follow the steps below:
- Navigate to Monitoring and Event Management → Configuration → Monitoring Rules.
- Click New and fill in the fields.
- Click Save or Save and Exit to apply the changes.
Monitoring rule form fields
Field | Mandatory | Description |
---|---|---|
Type | Y | Specify the event type. Available options:
|
Name | Y | Specify a name for the monitoring event rule. The name should be unique. |
Monitoring source | Y | Specify the monitoring source whose messages will be processed by this rule. |
Event rule | Y | Specify the event rule that will process the monitoring events created by this monitoring rule. You can only choose the event rules with the same Type. |
Message conditions | Y | Specify the conditions that determine which messages will be processed by this rule. If a message matches the condition, then the system checks whether there is an event created by this rule with the same composite key. This check is needed to validate the message based on the Event condition. |
Event conditions | Y | Specify the conditions based on which the message will create or update events.
If there is no event with the same composite key and the Event conditions are not satisfied, then the message is not relevant for further analysis and reaction. It remains in the Target Table as a log. |
Active | N | Select this checkbox to enable the rule. |
Order | N | Specify the rule order for the Warning type of events. When the order is specified, the event object created by the rule with the lowest order will be available in the event response script. |
Monitoring Event
Monitoring Event records are created and updated automatically. When the monitoring rule is satisfied, the system checks the composite key value of the Target Table record with the composite key of the Monitoring Event records.
- If the message from the Target Table satisfies the Event conditions and there is no event record with the same composite key, the system inserts a new Monitoring Event record.
- If the message from the Target Table satisfies the Event conditions and there is an event record with the same composite key, the system updates the values in the Message count.
- If the message from the Target Table does not satisfy the Event conditions and there is an event record with the same composite key, the system deactivates the event.
Field | Description |
---|---|
Type | The type of the event that is defined in the related monitoring rule:
|
Monitoring rule | The monitoring rule based on which the event is created. |
State | The state of the event:
|
Message count | The number of event messages that have the same composite key. |
In the Related Lists area, the Message tab contains the list of all Target Table messages that created the current event or updated the value in the Message count field. The message that deactivated the event is not included in the list. To store these messages, the Monitoring Event Messages table is created.
Monitoring Event Message
When Event Conditions are satisfied, the system automatically creates a record in the Monitoring Event Messages (itsm_monitoring_event_message) table. The record binds the message from the Target Table with the Monitoring Event record.
- No labels