Hello everyone,
I faced a problem with the configuration of new rule in the Event Console. I have experience, but for some reason is not working as I want. I am adding two messages, one for new alarm and for clear alarm.
For new active alarm:
BW-NOTIFICATION::alarmId.0: 55,
BW-NOTIFICATION::alarmText.0: The Diameter latency probe has entered a state of major congestion,
BW-NOTIFICATION::alarmType.0: Major Congestion Threshold Exceeded,
BW-NOTIFICATION::alarmSeverity.0: major,
BW-NOTIFICATION::alarmDateAndTime.0: 20210202143354069,
BW-NOTIFICATION::alarmState.0: Set,
BW-NOTIFICATION::componentName.0: Diameter Latency Probe,
BW-NOTIFICATION::instanceName.0: PC
if alarmState is equal to “Set” that is a message for new active alarm, if it is equal to “Cleared” it is a message for clear alarm.
BW-NOTIFICATION::alarmId.0: 55,
BW-NOTIFICATION::alarmText.0: The Diameter latency probe has entered a state of major congestion,
BW-NOTIFICATION::alarmType.0: Major Congestion Threshold Exceeded,
BW-NOTIFICATION::alarmSeverity.0: major,
BW-NOTIFICATION::alarmDateAndTime.0: 20210202143354069,
BW-NOTIFICATION::alarmState.0: Cleared,
BW-NOTIFICATION::componentName.0: Diameter Latency Probe,
BW-NOTIFICATION::instanceName.0: PC
That is my text to match:
BW-NOTIFICATION::alarmId.0:\s(\d+),\sBW-NOTIFICATION::alarmText.0:\s(.),\sBW-NOTIFICATION::alarmType.0:\s(.),\sBW-NOTIFICATION::alarmSeverity.0:\s(.),\sBW-NOTIFICATION::alarmDateAndTime.0:\s(\d+),\sBW-NOTIFICATION::alarmState.0:\s(.),\sBW-NOTIFICATION::componentName.0:\s(.*),
That is my text to cancel:
BW-NOTIFICATION::alarmState.0:\s(Cleared)
That is my Rewritting box:
That is how the States are configured:
One example of new alarm:
I want when a message is received and it has the same host name and pattern in text to match is found in the message if it has active event that match to be cancelled.
I read about text to cancel and how it is working and tried different scenarios but I cannot find solution.
Can you help?