DX Unified Infrastructure Management

  • Private Community

  • 1.  Alarm_enrichment Rule

    Posted Nov 30, 2018 06:40 AM
      |   view attached

    Hi All,

     

     

    I am trying to create alarm enrichment rule to add user_tag value for network devices in the alarm message, since user_tag value is one of the important column mapped with Servicenow for ticket creation.

     

    For servers I have tried with 

    Query:

    select robot,usertag from USERTAG_SNOW where robot =?

    Population query

    select robot,usertag from USERTAG_SNOW

     and I was able to get the usertag for the servers.

     

    So I have tried to to the same thing for network devices by using hostname instead of robot.But I am not the getting the user_tag in the alarm message.

     

    Please refer the attached document for configuration screenshots.

     

    Please help me on this.

     

    Regards,

    Usha

    Attachment(s)

    docx
    Alarm_enrichment Rule.docx   90 KB 1 version


  • 2.  Re: Alarm_enrichment Rule

    Broadcom Employee
    Posted Nov 30, 2018 08:12 AM

    Can you try to use Source instead of Hostname ?

    It might be the ip address of the network device but the hostname is not a key field in the alarm message and is sometimes only in the udata of the message.

    Which probe is the alarm from?

    Can you show the alarm you are trying to enrich?

     



  • 3.  Re: Alarm_enrichment Rule

    Posted Dec 04, 2018 05:43 AM

    Hi Rowan,

     

    Thank you for the suggestion.I tried with source instead.It is working for the alerts from the server pack.

     

    When I try to enrich an alarm from net_connect probe it did not work unfortunately.

     

    This is the sample alarm I am trying to enrich.

     

     

    Regards,

    Usha



  • 4.  Re: Alarm_enrichment Rule

    Broadcom Employee
    Posted Dec 04, 2018 05:52 AM

    Hi, In net_connect profile, what is selected for [Alarm Source] ?



  • 5.  Re: Alarm_enrichment Rule

    Posted Dec 04, 2018 05:56 AM

    Hi Yu,

     

    Alarm source is selected as profile name.

     

    Regards,

    Usha



  • 6.  Re: Alarm_enrichment Rule

    Broadcom Employee
    Posted Dec 04, 2018 06:00 AM

    IP address is used for profile name ?



  • 7.  Re: Alarm_enrichment Rule

    Posted Dec 04, 2018 06:03 AM

    ya.Thats right.

     

    Regards,

    Usha



  • 8.  Re: Alarm_enrichment Rule

    Broadcom Employee
    Posted Dec 04, 2018 06:10 AM

    So can you change profile name to hostname ?



  • 9.  Re: Alarm_enrichment Rule

    Broadcom Employee
    Posted Dec 04, 2018 06:19 AM

    I have a similar user case running in my lab environment, enriching alarms from net_connect, although I'm updating the Origin field in the alarm but it shouldn't make any difference.

    Can you check you are using "udata.source” in the lookup field in the nas.cfg config field, lookup_by_alarm_field.

    Also that your data has the IP address and hostname for the lookup

     



  • 10.  Re: Alarm_enrichment Rule

    Posted Dec 06, 2018 05:14 AM

    A possible problem can be that your UIM alarm udata.source can be a hostname or an ip address.

    But your custom SQL table only contains the hostname.

    If you could add an extra column with the ip address you could use a query like:

    select hostname, management_ip, usertag from usertag_snow with(nolock) where ? in (hostname, management_ip)

    note: in that case the hostname would be returned if the hostname OR/AND the management_ip has a match