Administer events An event is a notification from one or more monitoring tools that indicate something of interest has occurred, such as a log message, warning, or error. Event process flow Event Management receives external events and generates alerts based on event and alert rules. Events can be sent directly to your instance using an email server, script, SNMP trap, or a web service API. The corresponding alerts appear on dashboards for tracking and remediation purposes. As the computer, software, or service generates events, the MID Server polls the external event tracking tool. The MID Server, which maintains a connection to Event Management, sends the information to your instance for storage, processing, and remediation. Event fields uniquely identify each event. Event Management uses this information to determine whether to create a new alert or update an existing one. By default, each event is uniquely identified by the Message Key. If the Message Key is not populated, a concatenation of the Source, Type, Node, Resource, and Metric Name fields are used and these fields populate the Message Key. If identifiers are not supplied in the event, you can add them with event rules. The instance stores events in the Event [em-event] table and attempts to generate alerts based on pre-defined rules and event mappings. Regardless of whether an alert generates, the original event is always available for review and remediation. Alerts then generate according to the following process flow. Find the best matching event rule for an event. If the source of the event matches the source specified in an existing rule, then a rule is matched. Also, if the event matches the optional rule Filter and the event additional_info value matches the rule Additional Information filter. A rule without any filter is ignored, for example the source filter is missing or the Additional Information filter is missing. If multiple rules are defined for the same type of event, use the rule Order to determine the order of rule application. If the rule Ignore check box is selected, no alert generates. However, the event is still available for review and remediation. If the Transform check box is selected, apply the transforms. If transform compose parameters are also set, apply additional content to display to the user in the alert. When the Threshold check box is selected, accumulate all events until the threshold is met. Generate a single alert for the events. Search for an event field mapping even if there was no event rule. If an event field mapping is found, apply the mapping information. If the event has no severity after the event transformations, retain the event for reference purposes and do not generate an alert. Search the Alert [em_alert] table for a matching message key. If a matching message key exists, update the alert according to the event information. Otherwise, create an alert. Later, if another event has the same matching key, associate the events under a single alert. If possible, bind the alert to a specific CI for root cause analysis. Figure 1. Event process flow View eventsEvent Management tracks individual events to manage external systems. An event is a notification from one or more monitoring tools that indicates that something of interest has occurred, such as a log message, warning, or error. Event Management receives or pulls events from one or more external event sources and stores them in the Event [em_event] table. Event Management provides a list of raw incoming events. Enable automatic CI creationIT and Operational Metrics events pushed from specified sources can automatically create CIs.Event collection configurationEvent Management receives external events via an event collector or script. If you are using a script to collect events, no configuration is required. All other methods of collecting events require configuration.Event field mapping configurationEvent field mappings are used to map values from specific fields to values in other fields. Event rule configurationYou can configure event rules to generate alerts for tracking and remediation. Event rules are stored in the Event Rule [em_match_rule] table. The rules do not change the event records in the Event [em_event] table. Instead, changes to event data are stored in the instance memory.