DX Unified Infrastructure Management

With APM 10.5.2, there is a new integration for UIM which is using REST. I set it up in my lab but it seems regardless what severity the alert (Danger, Caution in APM), the severity level in UIM is always Informational unless I am mistaken. Is there a way with this new integration to "map" the severity, for example:

- APM (Caution) to UIM (Minor)

- APM (Danger) to UIM (Major or Critical)

Also, one cosmetic issue is that all Alerts from UIM are insert on the APM EMhost regardless which APM agent raise the alert. It would be nice if the application/webserver are running UIM robot, the integration can map the APM alerts to the corresponding Robot in UIM. I understand it is not always the case that the host where APM is monitoring would have UIM robot installed but the integration should at least attempt to map the events. Instead, we are now stuck with a large Alert count on the EMHost UIM Robot.

update to this question.

I am looking at the new APM to UIM integration (in preparing for my project) and found a few unexpected behaviors. Let me know if you have any comments or correction to my findings. Would you guys able to point me to the right person who is responsible for the new APM to UIM integration (specifically the Alert Action) so that I can ask some questions.

https://docops.ca.com/ca-apm/10-5/en/administrating/configure-webview/define-ca-uim-alert-action

With APM 10.5.2, the new integration from APM to UIM is using REST from APM EMhost to an UIM host with webservices_rest and wasp probes. I set it up in my lab but it seems regardless what severity the alert (Danger or Caution in APM), the severity level in UIM is always Critical unless I am mistaken, APM Clear Alerts are mapped to UIM severity “Informational”, is there a way with this new integration to "map" the severity, for example:

- APM (Caution) to UIM (Minor)

- APM (Danger) to UIM (Major or Critical)

- APM (Clear) to UIM (Clear)

What I did was I went into APM and setup Caution thresholds only, Events from UIM are output to “UIM_Events  - APM Caution thresholds.log”. Then I removed all the Caution thresholds and setup Danger thresholds only, events from UIM are output to “UIM_Events  - APM Danger thresholds.log”. If you look at the attach output files from UIM events, Events that are set for Caution and Danger threshold levels shown in the message field (4^th column) in APM are mapped to Critical in UIM, which I think is not correct.

Here are the headers for my attached file, these are fields from UIM

source,level,severity,message,nimid,sid,subsys,time

Another not so perfect with the integration is that all events are insert against the APM EMHost (for the Spectrum guys, we don’t have SBG in UIM) in UIM, this would means the APM EMhost server will have tens of thousands of events. The more ideal behavior is that the integration should attempt to insert the events onto the APM agent host (in my case server pm09) rather than the EMhost (in my case server ap-cons0103) if the APM agent host has UIM Robot installed.

hi Paul,

did you get/find an answer/update to your question/description please? if so, could you please share it with us? thank you