There are a number of use cases where I would like to use TBEC rules but only allowing a topology pattern and ETI is too broad. For example if I want to create a pattern with CI types such running software or node I have no way of having the rule apply to only certain running software or only nodes with particular roles. I have other similar situations where I would like to correlate based on location but only for certain location types.
Right now my only option to filter what a TBEC rule applies to is to create a sub-CI type or a new ETI. This is not pratical so I end up having to hack something together with an EPI script to enrich the event and a stream based correlation. This is unfortunate since what I am trying to do is exactly what TBEC is design for but the lack of flexiblity filter CIs limits its usfulness.
Benefits / Value
The added flexibility will allow for greater use and adoption of TBEC.
Allow the TBEC rule to contain CI attribute (propertiy) filters much like you can when creating a TQL in the UCMDB.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.