Search for	Example	Results
A single word	`cat`	Topics that contain the word "cat". You will also find its grammatical variations, such as "cats".
A phrase. You can specify that the search results contain a specific phrase.	`"cat food"` (quotation marks)	Topics that contain the literal phrase "cat food" and all its grammatical variations. Without the quotation marks, the query is equivalent to specifying an OR operator, which finds topics with one of the individual words instead of the phrase.

Search for	Operator	Example
Two or more words in the same topic	`AND` `and` `+` (plus symbol) `&` (ampersand)	`cat AND dog` `"cat food"+milk` `"cat food"&"dog food"`
Either word in a topic	`OR` `or` `\|` (pipe)	`cat OR dog` `cat \| dog`
Topics that do not contain a specific word or phrase	`NOT` `not` `!` (exclamation point)	`NOT cat` `! dog`
Topics that contain one string and do not contain another	`^` (caret)	`cat ^ mouse`
A combination of search types	`( )` parentheses	`cat + (dog \| mouse)` `cat \| dog + (! mouse)`

Operations Manager i10.62

Administer > Event Processing > Event Storm Suppression

Event Storm Suppression

If a problem is experienced on a managed system that results in the generation of an abnormally high number of events within a relatively short period of time, this phenomenon is known as an event storm. It is very probable that the root cause is already known and is being addressed. However, related events are also being generated. These events do not provide any useful information but may result in significantly increased loads on the servers running OMi. To avoid this situation, OMi can be configured to look for event storms from managed systems and discard all subsequent events until the event storm condition for a particular system is over.

An event storm is detected when the number of events received within the detection time period, as a result of a problem on a system, exceeds the configured threshold required to enter an event storm condition.

In a distributed deployment, each gateway server tracks its own event storm status individually. Because event storms are bound to the gateway server on which the events are received, the load on the overall system can be kept to a minimum.

When an event storm is detected on a system, events from this system are discarded until the rate of incoming events drops below the event storm end threshold. You can configure exception rules to select events from a system under event storm conditions that match a filter and either display these events in the Event Browser or close them (available in the Event Browser under Closed Event). The event storm end event automatically closes the associated event storm begin event.

Note Events that are released back into the event pipeline as a result of matching an exception rule may undergo subsequent processing which can result in these events not being displayed in the Event Browser or appearing in the Closed Events Browser.

Tasks

Configure Event Storm Suppression

To configure event storm suppression:

Open the Change Event Storm Suppression dialog box from Administration:

Administration > Event Processing > Correlation > Event Storm Suppression

Alternatively, click Event Storm Suppression.

Then select the Edit Item button.
Conditions: Specify the event storm suppression conditions as follows:
1. Events to Begin event storm suppression: Minimum number of events received from a system within the configured Analyze Time Period for Event Storm Suppression to be activated.
2. Events to End event storm suppression: Event Storm Suppression is ended when the number of events received from a system within the configured Analyze Time Period falls below this value.
3. Analyze Time Period: Time period over which the event storm condition is assessed.
Optional.Exceptions: Selected events from a system under event storm conditions can be retained and displayed in the Event Browser by configuring exception rules.

Note Events that are released back into the event pipeline as a result of matching an exception rule may undergo subsequent processing which can result in these events not being displayed in the Event Browser or appearing in the Closed Events Browser.

To create Exception rules:
1. Create filters to select the types of events that you want to retain.
2. Open New Item the Add Exception dialog box and add an Exception rule, specifying a filter that is used to select the events to be retained. Check Log only if you want to close the selected events on receipt.
3. Rearrange the rules as appropriate. The first rule that matches an event is applied and subsequent rules ignored.
Optional.Begin Event: An event is always sent to the Event Browser when an event storm is detected, identifying the affected system and the event storm rate. You can customize the severity, category and subcategory. In addition, you can chose to close a previous, open event storm end event on receipt of a new event storm begin event.
Optional.End Event An event storm end event is always sent to the Event Browser when an event storm is assessed as over, identifying the affected system and the post-storm event rate. The event storm end event closes the associated event storm begin event automatically. You can customize the severity, category and subcategory. In addition, you can chose to close the event storm end event directly to history.
Click OK to save the event storm suppression configuration.
Select Activate Item, if you want to activate event storm suppression.

Send Help Center feedback