Monitoring rules are used for message processing. Received messages in the target table are analyzed according to the monitoring rules. If they satisfy conditions specified by the rules, monitoring events are created or updated.

Create a monitoring rule


To create a monitoring rule, follow the steps below:

  1. Navigate to Monitoring and Event Management → Configuration → Monitoring Rules.
  2. Click New and fill in the fields.
  3. Click Save or Save and exit to apply the changes.

Monitoring rule form fields

FieldMandatoryDescription
TypeY

Specify the event type. Available options:

  • Information – responds to a sequence of informational messages associated with non-critical events. For example, consecutive errors occurred during the user authentication in a short time. 
  • Warning – indicates whether one of the service or device parameters has reached a threshold value.
  • Exception – determines whether a metric for a service or a system component has reached a specified breach value.
NameYSpecify a name for the monitoring event rule. The name should be unique.
Monitoring sourceYSpecify the monitoring source whose messages will be processed by this rule. 
Event ruleY

Specify the event rule that will process the monitoring events created by this monitoring rule. You can only choose the event rules with the same Type.

Message conditionsY

Specify the conditions that determine which messages will be processed by this rule. 

If a message matches the condition, then the system checks whether there is an event created by this rule with the same composite key. This check is needed to validate the message based on the Event condition

Event conditionsY

Specify the conditions based on which the message will create or update events.

  • If there is no event record with the same composite key as the message, but the Event conditions are satisfied, an event record is created.
  • If the message satisfies the conditions and there is an event with the same composite key, the value in the Message count field is updated.
  • If the message that does not meet the conditions and there is an event with the same composite key, the state of the event changes to Inactive.

If there is no event with the same composite key and the Event conditions are not satisfied, then the message is not relevant for further analysis and reaction. It remains in the Target Table as a log.

ActiveNSelect this checkbox to enable the rule.
OrderNSpecify the rule order for the Warning type of events. When the order is specified, the event object created by the rule with the lowest order will be available in the event response script.

Monitoring Event


Monitoring Event records are created and updated automatically. When the monitoring rule is satisfied, the system checks the composite key value of the Target Table record with the composite key of the Monitoring Event records.

  • If the message from the Target Table satisfies the Event conditions and there is no event record with the same composite key, the system inserts a new Monitoring Event record. 
  • If the message from the Target Table satisfies the Event conditions and there is an event record with the same composite key, the system updates the values in the Message count
  • If the message from the Target Table does not satisfy the Event conditions and there is an event record with the same composite key, the system deactivates the event. 
FieldDescription
Type

The type of the event that is defined in the related monitoring rule:

  • Information
  • Warning
  • Exception
Monitoring ruleThe monitoring rule based on which the event is created.
State

The state of the event:

  • Active
  • Inactive

Message count 

The number of event messages that have the same composite key.

In the Related Lists area, the Message tab contains the list of all Target Table messages that created the current event or updated the value in the Message count field. The message that deactivated the event is not included in the list. To store these messages, the Monitoring Event Messages table is created.

Monitoring Event Message


When Event Conditions are satisfied, the system automatically creates a record in the Monitoring Event Messages (itsm_monitoring_event_message) table. The record binds the message from the Target Table with the Monitoring Event record.

  • No labels