We have a set of servers that generate alarms in the event log (basically a cluster). Each host generates an ntevl alarm with a custom message. The issue we have - even the message is the same, the source and hostname are all different. So I was thinking - what if I create a pre-processing rule to change source and the hostname so it would seem that all these alarms would come from one host.
The script is very simple:
event.hostname = "hostname01"
event.source = "hostname01"
But it doesn't seem to work - the alarms come unchanged. Am I missing something?