The Alert Enrichment Policies page displays enrichment policies filtered by the value in the Select Client list.

  • If you do not select a client, you see the policies that apply to multiple clients.
  • If you select a client, you see the policies that apply to the client.

Create an alert enrichment policy.

  1. Go to Setup > Alerts > Alert Enrichment.

  2. Choose one of the following options to define the scope of the enrichment policy.

    • Do not select a client in the Select Client list if the enrichment policy applies to more than one client. If you don’t select a client, the policy is a partner-level policy and can be used for multiple clients.
    • Select a client in the Select Client list if the enrichment policy is limited to one client. If you select a client, the policy is a client-level policy and can only be used by the selected client.
  3. Click Create New or Add, depending on whether you have any existing enrichment policies.

Use the New Alert Enrichment Policy page to define the policy name and scope.

Define policy name and scope

The New Alert Enrichment Policy page looks slightly different depending on whether you select a client before you create a new enrichment policy. If you chose a client, the Client radio buttons are not available.

Alert Enrichment
  1. Enter a Name for the enrichment policy.

  2. If you did not select a client before creating the policy, select the client scope for the policy:

    • Include All Clients: Include all partner clients.
    • Include Clients: Include some partner clients.
    Alert Enrichment

    If you select Include clients, use the Add Clients dialog to include or exclude the clients to whom you want to apply this enrichment policy:

    Alert Enrichment
  3. Toggle the Mode button to turn the enrichment policy ON or OFF. You can later change the mode in the enrichment policy list by navigating to Setup > Alerts > Alert Enrichment.

Specify alert filter criteria

You can narrow the enrichment to a subset of events by filtering the alerts using specific attributes. Leave the filter in the default OFF state to process all alerts.

To filter alerts:

  1. Set Apply Filter Criteria to ON, which presents options for specifying filter rules and attributes.

    Alert Enrichment
  2. Use the Match toggle to select how to apply alert enrichment rules that match filter rules:

    • Any: Apply alert enrichment to an alert that matches any of the rules.
    • All: Apply alert enrichment to only alerts that match all of the defined rules.
  3. For each rule, define the following rule properties you want to apply to alerts:

    Rule PropertyDescription
    attribute typeSelect the attribute type to narrow the attribute list to one of the following types:
    • Native Attributes: Select from the list of native attributes.
    • Resource Custom Attributes: Select from the list of custom, user-defined attributes.
    attributeSelect an attribute to filter on from the attribute list. The list of available attributes depends on which attribute type you chose.

    Specify a predicate or regex to apply to the filter:

    • Contains
    • Not Contains
    • Equals
    • Not Equals
    • Starts with
    • Ends with
    • Regex
    The predicate/regex list is dependant on the attribute.
    predicate/regex valueSpecify the predicate or regex value to be matched against the attribute value.
  4. Click the plus icon to define additional filters.

Define the alert enrichment policy

The policy definition specifies the criteria for extracting the problem area from the alert subject or description string.

Alert Enrichment
  1. Select the alert metric:

    • Syslog
    • Windows Service
    • SNMP Trap

    You can also enter the name of an alert metric for other log-type metrics.

  2. Select the alert property from which to extract the enrichment information:

    • Description
    • Subject
  3. Enter a regex to match against the subject or description string. See the regex example, for more information on regex and regex groups.

  4. Enter the group number associated with the alert. (default 0)

  5. Click the plus icon to define additional policies.

Save the alert enrichment policy

When you finish defining the enrichment policies, click Save to store the policy definition and view the list of saved policies.

Later, you can navigate to Setup > Alerts > Alert Enrichment to view the list of saved definitions.