Event field mapping configuration

Event field mappings are used to map values from specific fields to values in other fields. Event Management stores event field mappings in the Event Field Mapping [em_mapping_rule] table. The mappings apply after event rule processing and just prior to alert generation. The mapping values from the Event Mapping Pair [em_mapping_pair] table apply to the alert. The original event severity remains unchanged.

For example, if the events came with the field "org_severity" which get the values "Low, Medium, High" and you want the alert Severity to hold the value, create a event field mapping rule that maps the field org_severity to Severity, with values.

Table 1. Event field mapping example
Original org_severity value Map to alert Severity value
Low Warning
Medium Major
High Critical