Home Paris IT Operations Management IT Operations Management ITOM Health Event Management Administer events Event rules Alert binding to CIs with event rules

Alert binding to CIs with event rules

When alerts are associated with CIs, the task of remediation is simplified. During alert generation, Event Management uses event rules and other mechanisms to automatically bind alerts to CI information from the CMDB. For tracking purposes and remediation, the alert shows information about the CI that caused the event.

Alert binding process flow

Alerts bind to CIs based on the following process flow:

When an event arrives, Event Management checks the node or CI identifiers.
If no node exists, the generated alert can bind to the CI using the alert Type, Additional information, or Configuration item identifier fields.
If the event has a node value, search for a valid host.
If the event has a host and a CI type, try to bind to a device CI.
If the event has a host, try to bind to the application CI.

The event can contain the binding process flow in its Processing Notes field.

By default, events do not bind to CIs with a specified status, such as Retired. To enable binding events to these CIs, set the evt_mgmt.ignore_retired_cis_in_binding property to false.

To specify the CI statuses to be included in the evt_mgmt.ignore_retired_cis_in_binding property, add the relevant status numbers to the evt_mgmt.install_status_list_to_ignore_in_binding property, as per the following table:

Table 1. CI Statuses
Status Number	Status
1	Installed
2	OnOrder
3	InMaintenance
4	PendingInstall
5	PendingRepair
6	InStock
7	Retired
8	Stolen
100	Absent

Note: When adding more than one status, separate each status number with a comma.

Tracking and remediation

Alerts can be bound to CIs from the CMDB for tracking purposes and remediation. Event Management uses event rules and various mechanisms to automatically bind CIs to alerts. When information from an event populates a field with a value, the value either originates from the event source or from event rules. This enhances remediation, functionality, and integration with other ITOM products.

Binding to an application running on a specific host

If the event is specific to an application type, use the following steps to bind alerts to a specific application:

Use the procedures in the Bind alerts to a host CI topic.
Create an event rule with a filter that captures events on the application type you want.
In the event rule, select Binding.
Click Override default binding.
In the Binding Type field, select either CI's Identification or CI field matching.
1. For CI's Identification, specify the Class.
2. In the Criterion attributes field, specify name and sys_class_name.
3. In the Name Add Value field, specify the required name.
4. In the Container level 1 area, specify the required values.
5. If further container level fields appear, specify the required values.

For CI field matching, specify the required CI Type.
In the binding process, after the host is found, the algorithm matches all additional_info attributes that have the same name as CI fields for that CI type. If the match is successful, the event is bound to the CI.
If more than one matching application is found on the host, the alert is bound to the host and not to the application.

Where there is no CI Type, for example, when binding alerts to an SQL server application when the CPU on sqlServer.exe is over 90%, do the following:

Populate the Node field in the event with the CI name, FQDN, IP, or MAC address value. The bind is successful even if the host has more than one IP address or MAC address.
If you want to use a unique identifier that is not one of those previously mentioned, populate the event rule CI Identifier (ci_identifier) field with one or more unique identifiers of the CI. This field should be in JSON format. For example, to use a unique identifier that is not one of those previously mentioned, add a CI Identifier (ci_identifier) filter field with one or more unique identifiers of the CI. If the host CI is VMWare VM, and it has a field called MOID, use the JSON format and specify: {"moid":"<CI moid>"}
Create an event rule with an event match field which maps the process name to the mapping variable sa_process_name. In this case, do not use the CI type.

Binding procedures

Use the procedures in these topics to bind alerts.

Previous topic

Next topic

Release version

Alert binding to CIs with event rules

Alert binding process flow

Alerts bind to CIs based on the following process flow:

When an event arrives, Event Management checks the node or CI identifiers.
If no node exists, the generated alert can bind to the CI using the alert Type, Additional information, or Configuration item identifier fields.
If the event has a node value, search for a valid host.
If the event has a host and a CI type, try to bind to a device CI.
If the event has a host, try to bind to the application CI.

The event can contain the binding process flow in its Processing Notes field.

By default, events do not bind to CIs with a specified status, such as Retired. To enable binding events to these CIs, set the evt_mgmt.ignore_retired_cis_in_binding property to false.

Table 1. CI Statuses
Status Number	Status
1	Installed
2	OnOrder
3	InMaintenance
4	PendingInstall
5	PendingRepair
6	InStock
7	Retired
8	Stolen
100	Absent

Note: When adding more than one status, separate each status number with a comma.

Tracking and remediation

Binding to an application running on a specific host

If the event is specific to an application type, use the following steps to bind alerts to a specific application:

Use the procedures in the Bind alerts to a host CI topic.
Create an event rule with a filter that captures events on the application type you want.
In the event rule, select Binding.
Click Override default binding.
In the Binding Type field, select either CI's Identification or CI field matching.
1. For CI's Identification, specify the Class.
2. In the Criterion attributes field, specify name and sys_class_name.
3. In the Name Add Value field, specify the required name.
4. In the Container level 1 area, specify the required values.
5. If further container level fields appear, specify the required values.

For CI field matching, specify the required CI Type.
In the binding process, after the host is found, the algorithm matches all additional_info attributes that have the same name as CI fields for that CI type. If the match is successful, the event is bound to the CI.
If more than one matching application is found on the host, the alert is bound to the host and not to the application.

Where there is no CI Type, for example, when binding alerts to an SQL server application when the CPU on sqlServer.exe is over 90%, do the following:

Populate the Node field in the event with the CI name, FQDN, IP, or MAC address value. The bind is successful even if the host has more than one IP address or MAC address.
If you want to use a unique identifier that is not one of those previously mentioned, populate the event rule CI Identifier (ci_identifier) field with one or more unique identifiers of the CI. This field should be in JSON format. For example, to use a unique identifier that is not one of those previously mentioned, add a CI Identifier (ci_identifier) filter field with one or more unique identifiers of the CI. If the host CI is VMWare VM, and it has a field called MOID, use the JSON format and specify: {"moid":"<CI moid>"}
Create an event rule with an event match field which maps the process name to the mapping variable sa_process_name. In this case, do not use the CI type.

Binding procedures

Use the procedures in these topics to bind alerts.

How search works:

Topics are ranked in search results by how closely they match your search terms

Alert binding to CIs with event rules

Alert binding to CIs with event rules

Alert binding process flow

Tracking and remediation

Binding to an application running on a specific host

Binding procedures

On this page

Alert binding to CIs with event rules

Alert binding to CIs with event rules

Alert binding process flow

Tracking and remediation

Binding to an application running on a specific host

Binding procedures

Log in to personalize your search results and subscribe to topics