|
|
| Subject: | Transform - Duplicating the event but not transforming |
| Author: | [Not Specified] |
| Posted: | 2014-04-17 09:35 |
Hello all,
I've discovered Zenoss (Core 4) the last month and I try to realize some correlation rules.
Recently, I've tested the rule "Transforms - Escalate by Count in a Time Window" (link : http://wiki.zenoss.org/Transforms_-_Escalate_by_Count_in_a_Time_Window).
I don't understand the result : I got a new alarm (with the severity "Critical", identified 5) but I would like simply a change of the ongoing event.
Please could you give me some explanations about this behaviour How to transform the ongoing event without creating a new event
In this example, you mentionned an escalation of the severity of the event if the count has exceeded 3 within an hour (elif existing_count > 3) but the change occurs after the 5th incoming event. I assume that the value of "existing_count" has to be equals to 4 or upper in the ZEP DB (corresponding to the events previously stored) and the ongoing event is not taken into account (at Transform time). Could you confirm that
Thank you in advance.
Best Regards,
Wes
| Subject: | new event. |
| Author: | [Not Specified] |
| Posted: | 2014-07-07 19:50 |
Wes,
Zenoss will create a new event in addition to the existing event. You cannot change the existing event in that manner. It is used for auditing purposes. once the threshold drops back both events should close. If you dont want to see the lower priority event, filter it on the event console.
Thanks,
Eric
| < |
Previous "Error collecting performance data: unpack requires a string argument of length ... |
Next Zeneventserver keeps stopping and devices say they are down |
> |