Create event field mappings Use event field mappings to provide more comprehensive information in an event alert by substituting values from the event field mapping rule into the event. Before you beginRole required: evt_mgmt_admin About this taskCreate the rule to match the event by its class and original values. Also specify the new values to replace the original values in the event. Procedure Navigate to Event Management > Event Field Mapping. Click New or open an existing rule to edit. Fill in the fields, as appropriate. Table 1. Event Field Mapping form Field Description Name Event field mapping name. Source Event monitoring software that generated the event, such as SolarWinds or SCOM. This field has a maximum length of 100. It is formerly known as event_class. Mapping type Mapping mechanism that is used to change an event field value. Constant: Mapping rule that transforms any value in the specified field to the new value provided. For example, a mapping rule could transform any value in the Node field to a hard-coded value such as Linux1. Single field: Mapping rule that transforms specific values from one event field to another event field. For example, whenever the ciscoFlashCopyStatus mapping rule finds the specific value 8 in the ciscoFlashCopyStatus name-value pair, the mapping rules updates the field value to copyDeviceBusy. Active Check box that activates or deactivates the event field mapping. If possible, find and apply another event field mapping rule. From field Event field to replace. To field Event field where the mapping rule inserts or updates the value. When this field is identical to the From field, the mapping rule updates the value in memory of the event field. Value Value you want to use for the To field. This field appears when the Mapping Type is Constant. Key (Event Mapping Pairs section) Value that the mapping rule searches for. Whenever the event field has this value, the mapping rule adds the value listed in the Value field to the field listed in the To field. This field appears when the Mapping Type is Single field. Value (Event Mapping Pairs section) Value you want to insert or update into the To field. The mapping rule overwrites any existing value in the To field. This field appears when the Mapping Type is Single field. Click Submit. Example For example, see these values for a predefined rule that is applied to events in the Trap From Enterprise 9 class. If the events contain the snmpTrapOID element with a value of iso.org.dod.internet.private.enterprises.cisco.0.0, the mapping rule changes the value to reload in alerts. If the events contain the snmpTrapOID element a value of iso.org.dod.internet.private.enterprises.cisco.0.1, the mapping rule changes the value to tcpConnectionClose in alerts. Field Values Name cisco.snmpTrapOID Source Trap From Enterprise 9 Mapping type Single field From field snmpTrapOID To field snmpTrapOID Event Mapping Pairs Pair 1 Key: iso.org.dod.internet.private.enterprises.cisco.0.0 Value: reload Pair 2 Key: iso.org.dod.internet.private.enterprises.cisco.0.1 Value: tcpConnectionClose What to do nextTest an event field mapping by sending an event that contains a field that is present in the event field mapping.