This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Defect with the EventLog rule

Hi,

FMS 5.7.5. I am facing some issues with the default EventLog rule and i found the below defect in the release notes.

IC-1253 : Replace or augment the Event Log rule with a multi-severity rule. I tried using the default rule's condition in a multi severity rule and doesn't seem to work.

Can you please advise the condition that i can use in a multi sevrity rule for alerting on event logs.

Regards,

0 barryla over 7 years ago

Hi Rv

You need to ensure that the severity in the alarm properties is the same as the severity you want to trigger on in the rule.

The rule does work on the multi-severity option.

If you can send screenshots of the properties of the agent as well as the rule, I could quickly check it out if you are still struggling.

Regards

Barry
Cancel
Up 0 Down

Cancel
0 r_v over 7 years ago

My main issue is with the rule's "alarm message" field. I am not sure how to set the "alarm message" for the multi-sev rule for eventlogs.
Cancel
Up 0 Down

Cancel
+1 barryla over 7 years ago

To get the text as per the log file, you need to create a variable with the following expression:
def records = #records#;
records.findAll{it.severity.name == "Warning"}*.recordText.unique().join(",");
Where you change the "Warning" to either "Error" or "Fatal" depending on the severity
Cancel
Up 0 Down

Cancel
0 barryla over 7 years ago

And the alarm message is already set in the OOTB rule, so you can just copy that from there.
Cancel
Up 0 Down

Cancel