Create event field mappings Use event field mappings to provide more comprehensive information in an event alert by substituting values from the event field mapping rule into the event. Before you beginRole required: evt_mgmt_admin About this taskCreate the rule to match the event by its class and original values. Also specify the new values to replace the original values in the event. Procedure Navigate to Event Management > Event Field Mapping. Click New or open an existing rule to edit. Fill in the fields, as appropriate. Figure 1. Event field mapping Table 1. Event Field Mapping form Field Description Name Event field mapping name. Source Event monitoring software that generated the event, such as SolarWinds or SCOM. This field has a maximum length of 100. It is formerly known as event_class. Order Enter a number to define the order in which this action should be processed. Actions with lower numbers are processed first. Mapping type Mapping mechanism that is used to change an event field value. Single field: Mapping rule that transforms specific values from one event field to another event field. For example, whenever the ciscoFlashCopyStatus mapping rule finds the specific value 8 in the ciscoFlashCopyStatus name-value pair, the mapping rules updates the field value to copyDeviceBusy. Constant: Mapping rule that transforms any value in the specified field to the new value provided. For example, a mapping rule could transform any value in the Node field to a hard-coded value such as Linux1. Active Check box that activates or deactivates the event field mapping. If possible, find and apply another event field mapping rule. Right-click the form header and select Save. If you selected Single field, fill in the fields, as appropriate. Table 2. Single value fields Field Description From field Event field to replace. To field Event field where the mapping rule inserts or updates the value. When this field is identical to the From field, the mapping rule updates the value in memory of the event field. If you selected Constant, fill in the fields, as appropriate. Table 3. Constant fields Field Description Value Value you want to use for the To field. This field appears when the Mapping type is Constant. Value (Event Mapping Pairs section) Value you want to insert or update into the To field. The mapping rule overwrites any existing value in the To field. This field appears when the Mapping type is Single field. In the Key field, fill in the fields, as appropriate. Click + to add more Key fields, as required. Table 4. Key fields Field Description Key (Event Mapping Pairs section) Value that the mapping rule searches for. Whenever the event field has this value, the mapping rule adds the value listed in the Value field to the field listed in the To field. This field appears when the Mapping type is Single field. Click Submit. Example For example, see these values for a predefined rule that is applied to events in the Trap From Enterprise 9 class. If the events contain the snmpTrapOID element with a value of iso.org.dod.internet.private.enterprises.cisco.0.0, the mapping rule changes the value to reload in alerts. If the events contain the snmpTrapOID element a value of iso.org.dod.internet.private.enterprises.cisco.0.1, the mapping rule changes the value to tcpConnectionClose in alerts. Field Values Name cisco.snmpTrapOID Source Trap From Enterprise 9 Mapping type Single field From field snmpTrapOID To field snmpTrapOID Event Mapping Pairs Pair 1 Key: iso.org.dod.internet.private.enterprises.cisco.0.0 Value: reload Pair 2 Key: iso.org.dod.internet.private.enterprises.cisco.0.1 Value: tcpConnectionClose What to do nextTest an event field mapping by sending an event that contains a field that is present in the event field mapping.