Event Class Maps are the mechanism by which the events are integrated into the Zenoss system.
The following diagram shows an example of an event class mapping:
In this example, the event comes into the system it is parsed, and then assigned to the appropriate event class. Then, as the event class key is found and associated with the event, then the context for that event class is applied to the incoming event. Then the status for the event is updated based on its classification.
To create or update event class mappings:
-
From the left navigation menu, select Events.
-
Click the Mappings tab.
The Mappings page appears.
-
Click the name of the Event Class Mapping you want to Edit.
The page for the Event mapping you have chosen appears.
-
Click the Edit tab.
The Edit Event mapping tab appears.
-
Use the fields to define the Event Mapping.
The fields in this tab are defined as follows:
Name – Any name you want to call the Event Class Map.
Event Class Key – The Event Class key is what is initially used to map incoming events to event classes. For syslog events, EventClassKey is most commonly the “Tag” or identifier of the syslog event. Often, the syslog tag maps to the process name from which the event came.
Because the EventClassKey is non-unique, further matching may need to be performed to find a unique instance. This matching can be done through mechanisms, regular expression match, or Python expression evaluation. Because there will be list of instances against which these rules will be evaluated, the order of evaluation is important.
Sequence – If there is more than one match you can use the Sequence field to define sequencing priorities. The “Sequence” tab allows all instances for a particular EventClassKey to be ordered.
Rule – Enter a python expression to match to the event. This expression will be evaluated with the variable name “evt” bound to the current event. A detailed list of fields can be found in the Event Database Dictionary Appendix of the Admin Guide. An example of a rule using these fields would be:
evt.priority>4
Regex – The regex field is where you can enter regular expressions to match with events. When performing regular expression matches on an event extraction directives can be used to populate attributes of the event. These directives follow the Python format for named extractions in the form (?P<keyName>\S+).
Example - When creating a regular expression the original event text can be added to the example field and upon save the regular expression will be tested against this text. It is a great debugging tool for regex expressions.
Transform – one or more python statements. This allows you to modify the event through manipulation of the EVT variable. This section uses TALES Expressions, see the TALES Expressions section of this document for more information on using these expressions.
Explanation - Enter a textual description for matches for this event class mapping. Use in conjunction with the Resolution field.
Resolution - Use the Resolution field to enter resolution instructions for clearing the event.
If the EventClassKey lookup returns no results a second lookup will be performed using the key “defaultmapping”. Default mappings can be used to match large ranges of events by regular expression.
-
Once you have made all of your changes, click the Save button.
Zenoss News