How to get host name from AlarmSystemEvent without a scoping query?

I am forwarding alarms to a third-party and have an event-driven rule on AlarmSystemEvent. I want this single rule to forward all alarms so I have no scoping query. I do not understand why but the built-in variables such as foglight_monitored_host_name require a scoping query to return a value. How can I, inside my rule's CommandAction, reference the hostname associated with the alarm as seen below?

 

Parents
  • You're right, when using an event-driven rule without a scoping query, variables like foglight_monitored_host_name may not return expected values because they rely on specific context provided by the scoping. One way around this is to use a script or expression inside the rule to access the associated monitored host, depending on how the event data is structured. It might also help to review how the event context is being passed during the alarm trigger.

    On a different note, if you’re part of a team or group and looking for a creative or fun name, check it outTeam Name Spot offers plenty of cool ideas to make your squad stand out!

Reply
  • You're right, when using an event-driven rule without a scoping query, variables like foglight_monitored_host_name may not return expected values because they rely on specific context provided by the scoping. One way around this is to use a script or expression inside the rule to access the associated monitored host, depending on how the event data is structured. It might also help to review how the event context is being passed during the alarm trigger.

    On a different note, if you’re part of a team or group and looking for a creative or fun name, check it outTeam Name Spot offers plenty of cool ideas to make your squad stand out!

Children
No Data