If you have events being mapped to a particular event class, generally one event severity gets applied to all of those events. If, however, you want to change the event severity of certain events based on the contents of the event message, do the following:
- Navigate to the event class (under "Classes' in the left navigation, click Events, and then navigate to the event class containing the events you wish to conditionally map).
- Using to drop-down arrow in the tab bar, choose More | Transform
- In the Transform entry area, enter the following:
if evt.message.find("text to find") >= 0:
evt.severity = <desired severity>
For example:
if evt.message.find("timegenerated") >= 0:
evt.severity = 3
The above will change the severity of any events containing the text "timegenerated" from the default for the event class to 3 (warning). For your convenience, the event severity values are as follows:
| Severity | Description |
| 5 | Critical |
| 4 | Error |
| 3 | Warning |
| 2 | Info |
| 1 | Debug |
| 0 | Clear |
No comments:
Post a Comment