Commodore
Commodore
228 views

Event duplication based on server names

Hi All,

We have a requirement to duplicate alerts based on Server name in Omi.

Eg: A log file policy deployed on 6 servers. When condition matches and alert triggers for all 6 servers, only the First alert should be considered and others should duplicated with the first event.

So that we will get only 1 incident.

Usually this will work for same servers, So I am not sure whether it can be done for different server names.

Could you assist on this?

Omi - 10.62

Windows

LogFile monitor

Thanks,

Arunkumar.K

0 Likes
1 Reply
Captain
Captain

As per your requirement,you can opt for Stream based Event Correlation where you can use Repitition rule.

  1. Define the event filter with Title and  Sourced from Hosts is one of 6 servers
  2. Correlation attribute-Title
  3. Choose the time window within which they shoud be treated as duplicates or repitition
  4. Choose everytime for the condition to be executed
  5. Choose first event as reference and release all events

 

 

 

Tags (1)
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.