Event field mapping configuration

Event field mappings are rules that are used to map values from specific fields to values in other fields. Event Management stores event field mappings in the Event Field Mapping [em_mapping_rule] table. The event field mapping rules apply after event rule processing and just prior to alert generation. The mapping values from the Event Mapping Pair [em_mapping_pair] table apply to the alert. The original event severity remains unchanged.

For example, if the events came with the field "org_severity" that get the values "Low, Medium, High" and you want the alert Severity to hold the value, create an event field mapping rule that maps the field org_severity to Severity, with values.

Table 1. Event field mapping example
Original org_severity value Map to alert Severity value
Low Warning
Medium Major
High Critical