Skip to main content
Version: 1.13.0

Monitoring Rules

Monitoring rules are used for message processing. Received messages in the target table are analyzed according to the monitoring rules. If they satisfy conditions specified by the rules, monitoring events are created or updated.

Create a monitoring rule

To create a monitoring rule, complete the following steps:

  1. Navigate to Monitoring and Event ManagementConfigurationMonitoring Rules.
  2. Click New and fill in the fields.
  3. Click Save or Save and exit to apply the changes.

Monitoring rule form fields

FieldMandatoryDescription
TypeY

Specify the event type. Available options:

  • Information – responds to similar non-critical events accumulated over a certain period. For example, consecutive errors occurred during the user authentication in a short time.
  • Warning – tracks whether a service or device parameters have reached a threshold value. Further processing occurs if there is a specified number of active events of this type after a certain period.
  • Exception – determines whether a metric for a service or a system component has reached a specified breach value. When an event of this type is received after a certain period of time, a revalidation occurs.
NameYSpecify a name for the monitoring event rule. The name should be unique.
Monitoring sourceYSpecify the monitoring source whose messages will be processed by this rule.
Event ruleYSpecify the event rule that will process the monitoring events created by this monitoring rule. You can only choose the event rules with the same Type.
Message conditionsY

Specify the conditions that determine which messages will be processed by this rule.

If a message matches the condition, then the system checks whether there is an event created by this rule with the same composite key. This check is needed to validate the message based on the Event condition.

Event conditionsY

Specify the conditions based on which the message will create or update events.

  • If there is no event record with the same composite key as the message, but the Event conditions are satisfied, an event record is created.
  • If the message satisfies the conditions and there is an event with the same composite key, the value in the Message count field is updated.
  • If the message that does not meet the conditions and there is an event with the same composite key, the state of the event changes to Inactive.

If there is no event with the same composite key and the Event conditions are not satisfied, then the message is not relevant for further analysis and reaction. It remains in the Target Table as a log.

ActiveNSelect this checkbox to enable the rule.
OrderNSpecify the rule order for the Warning type of events. When the order is specified, the event object created by the rule with the lowest order will be available in the event response script.

Monitoring event

Monitoring Event records are created and updated automatically. When the monitoring rule is satisfied, the system checks the composite key value of the Target Table record with the composite key of the Monitoring Event records.

  • If the message from the Target Table satisfies the Event conditions and there is no event record with the same composite key, the system inserts a new Monitoring Event record.
  • If the message from the Target Table satisfies the Event conditions and there is an event record with the same composite key, the system updates the values in the Message count.
  • If the message from the Target Table does not satisfy the Event conditions and there is an event record with the same composite key, the system deactivates the event.
FieldDescription
Type

The type of the event that is defined in the related monitoring rule:

  • Information
  • Warning
  • Exception
Monitoring ruleThe monitoring rule based on which the event is created.
State

The state of the event:

  • Active
  • Inactive
Message countThe number of event messages that have the same composite key.

In the Related Lists area, the Message tab contains the list of all Target Table messages that created the current event or updated the value in the Message count field. The message that deactivated the event is not included in the list. To store these messages, the Monitoring Event Messages table is created.

Monitoring event message


When Event Conditions are satisfied, the system automatically creates a record in the Monitoring Event Messages (itsm_monitoring_event_message) table. The record binds the message from the Target Table with the Monitoring Event record.