|
|
| Subject: | Event transform based on event count |
| Author: | [Not Specified] |
| Posted: | 2014-04-25 11:17 |
From the following article( http://community.zenoss.org/docs/DOC-2554#Change_severity_dependant_on_c...) I found a transform to help do what I am looking to do, but it's not working. I get - exception AttributeError: cleanCache
| Subject: | Give this updated link for |
| Author: | [Not Specified] |
| Posted: | 2014-04-25 11:29 |
Give this updated link for the same thing a try: http://wiki.zenoss.org/Transforms_-_Escalate_by_Count
Copy/paste it exactly to see if you get any errors in the very beginning, if all looks good then start modifying it!
Hydruid
| Subject: | or is there a way to set an |
| Author: | [Not Specified] |
| Posted: | 2014-04-25 13:47 |
or is there a way to set an age on a error/critical alarm that will auto clear after so many minutes
| Subject: | Here is something to try |
| Author: | [Not Specified] |
| Posted: | 2014-05-13 14:05 |
Try this in the transform section:
if evt.severity > 0:
# Initialize existing_count.
evt.severity = 2
existing_count = 0
# Prefix for fingerprint (dedupid).
dedupfields = [evt.device, evt.component, evt.eventClass]
if 'getFacade' in globals() and getFacade('zep'):
# Zenoss >=4 method.
if getattr(evt, 'eventKey', False):
dedupfields += [evt.eventKey, evt.severity]
else:
dedupfields += [evt.severity, evt.summary]
zep = getFacade('zep')
evt_filter = zep.createEventFilter(
status=(0,1,2),
fingerprint='|'.join(map(str, dedupfields)))
summaries = zep.getEventSummaries(0, 1, filter=evt_filter)
if summaries['total']:
existing_count = list(summaries['events'])[0]['count']
else:
# Zenoss <4 method.
if getattr(evt, 'eventKey', False):
dedupfields += [evt.eventKey, evt.severity]
else:
dedupfields += [evt.eventKey, evt.severity, evt.summary]
em = dmd.Events.getEventManager()
em.cleanCache()
try:
db_evt = em.getEventDetail(dedupid='|'.join(map(str, dedupfields)))
existing_count = db_evt.count
except Exception:
pass
# Do what you like with the count and event;
if existing_count > 1:
evt.severity = 3
Notes:
1.) If you have special conditions you will have to edit the Rule, Regex and add more custom lines in the transform to use the criteria you set for it.
2.) You will want to change the last two lines to suite your needs...
if existing_count > 1: <--- This is what count do you want it to take action.
evt.severity = 3 <--- This is what level you want tit to set the event to after it meets your criteria.
In my example it's saying that any events that come in will be set to informational and if the event count goes to more than 1 it will set the severity to 3 and send and alert.
Hope this helps.
| Subject: | As for your other issue with |
| Author: | [Not Specified] |
| Posted: | 2014-05-13 14:22 |
As for your other issue with the event, unless a "clear" event comes in with the same Event Class Key it will not cancel out the issue events.
You could either set an expiration time limit on your events (not sure how to do that tho).
Also, I'm not certain windows sends clear events, you may want to look into that too. If you figure out how to get Windows to send a clear event please let me know.
| < |
Previous Error collecting performance data: NT_STATUS_OBJECT_NAME_NOT_FOUND |
Next Announcing Zenoss 4.2.5 |
> |