Search for	Example	Results
A single word	`cat`	Topics that contain the word "cat". You will also find its grammatical variations, such as "cats".
A phrase. You can specify that the search results contain a specific phrase.	`"cat food"` (quotation marks)	Topics that contain the literal phrase "cat food" and all its grammatical variations. Without the quotation marks, the query is equivalent to specifying an OR operator, which finds topics with one of the individual words instead of the phrase.

Search for	Operator	Example
Two or more words in the same topic	`AND` `and` `+` (plus symbol) `&` (ampersand)	`cat AND dog` `"cat food"+milk` `"cat food"&"dog food"`
Either word in a topic	`OR` `or` `\|` (pipe)	`cat OR dog` `cat \| dog`
Topics that do not contain a specific word or phrase	`NOT` `not` `!` (exclamation point)	`NOT cat` `! dog`
Topics that contain one string and do not contain another	`^` (caret)	`cat ^ mouse`
A combination of search types	`( )` parentheses	`cat + (dog \| mouse)` `cat \| dog + (! mouse)`

Operations Connector10.11

Administer > Policies > Open Message Interface Policies > Open Message Interface Policy User Interface > Configuring Rules in Open Message Interface Policies

Configuring Rules in Open Message Interface Policies

Rules define the action a policy should take in response to a specific type of incoming event. Each rule consists of the following:

A condition for the incoming data

The condition is the part of a policy that describes the data source.
Settings for the outgoing event

The settings define the actual event data that Operations Connector sends to OMi.

A policy must contain at least one rule. If the policy contains multiple rules, they are evaluated consecutively. After the condition is matched in one rule, rule evaluation stops.

To access

In the Operations Connector user interface, click in the toolbar, then click Event > Open Message Interface. The open message interface policy editor opens.

Alternatively, double-click an existing open message interface policy to edit it.

Click Rules to open the policy Rules page.

Learn More

Rule types

The rule types are:

Event on matched rule. If matched, Operations Connector sends an event to OMi. The event uses the settings defined for the rule. If you do not configure these settings, the default settings are used.
Suppress on matched rule. If matched, Operations Connector stops processing and does not send an event to OMi.
Suppress on unmatched rule. If not matched, Operations Connector stops processing and does not send an event to OMi.

Tasks

How to configure rules in open message interface policies

This task describes how configure policy rules.

In the Policy Rules section, click and select the type of rule to define what the policy should do in response to a specific string in a message. Each policy must have at least one rule.
In the Rule Content section, use the Condition tab to specify the attributes and values that the policy searches for in the message that the policy receives from opcmsg. If the policy finds a match, it may or may not generate an event, depending on the rule type.
1. In the Node field, type the fully qualified domain name, the node name, or the IP address if you only want to match messages whose node attribute is set to a specific node. Give multiple entries with the OR (|) operator (for example: node1.example.com|node2.example.com), or leave blank for all nodes.
  
  This field corresponds to the node option of the opcmsg command.
2. In the Message Group field, type the message group if you only want to match messages whose message group attribute is set to a specific message group. Give multiple entries with the OR (|) operator (for example: msggrp1|msggrp2), or leave blank for all message groups.
  
  This field corresponds to the msg_grp option of the opcmsg command.
3. In the Application field, type the name of the application if you only want to match messages whose application attribute is set to a specific application. Give multiple entries with the OR (|) operator (for example: appl1|appl2), or leave blank for all applications.
  
  This field corresponds to the application option of the opcmsg command.
4. In the Object field, type the name of the object if you only want to match messages whose object attribute is set to a specific object. Give multiple entries with the OR (|) operator (for example: object1|object2), or leave blank for all objects.
  
  This field corresponds to the object option of the opcmsg command.
5. Clear the Severity checkboxes if you only want to match messages whose severity attribute is set to a specific severity. You can select multiple severities but must select at least one.
  
  This field corresponds to the severity option of the opcmsg command.
6. In the Message Text field, type the pattern that you want the policy to compare with the message text in the source message that it is evaluating.
  
  This field corresponds to the msg_text option of the opcmsg command.
  
  For matching patterns, you can use standard pattern-matching rules of Operations Agent. Select the matches operator and click the icon in the Operand field to open the pattern matching toolbox window. The toolbox includes the following sections:
  - Pattern Matching Expressions. Click an expression to insert it into the Operand text box.
  - Variable Bindings Options. Variable binding options include the setting of case sensitivity check and the field separators used in the rule. If you do not specify the pattern matching options for the rule, either the defaults (enabled case sensitivity check; the space and the tab character as the separators) or the default options set for the policy are used.
Use the Event Attributes tab to define event attributes (for example, event title and description) for all events generated by this rule.

After loading the indicators from the connected OMi server, the Indicators tab shows a hierarchy of configuration item types.

To insert an indicator, drag the indicator with its state from the Indicators tab to the policy.
Use the Event Correlation tab to set the type of duplicate event suppression and define the method used to suppress duplicate events.
Use the Custom Attributes tab to add additional information to all events generated by this rule. For example, you might add a company name, contact information, or a city location to an event.
Use the Advanced tab to define an event drill-down URL, legacy HPOM attributes, and agent MSI (Message Stream Interface) settings.

Related tasks

How to Collect Event Data from the Open Message Interface

UI Descriptions

Policy Rules List

UI Element	Description
	Create New Rule: Provides the following options: Event on matched rule. If matched, Operations Connector sends an event to OMi. The event uses the settings defined for the rule. If you do not configure these settings, the default settings are used. Suppress on matched rule. If matched, Operations Connector stops processing and does not send an event to OMi. Suppress on unmatched rule. If not matched, Operations Connector stops processing and does not send an event to OMi.
	Copy Rule. Copies the selected rule. You can then rewrite the description of the copied rule and edit the rule.
	Delete Rule. Deletes the selected rule.
	Move Up. Moves the selected rule higher in the rule order.
	Move Down. Moves the selected rule lower in the rule order.
<Move to>	Entered number is used to select the rule with that sequence number in the list of rules. To select a specific rule in the rule list, type the rule's sequence number in the <Move to> field and click the button.
<Search Rules>	Entered search string is used to search the rule descriptions and highlight only the rules containing the specified string. To search for rules with specific text strings in the rule description, type the string in the <Search rules> field and click the button. The first matching rule is selected in the list of rules. Click the and buttons to move the previous and next matching rule.
	Activate/Deactivate Rule Filter. Activates and deactivates the rule filter.
Seq.	Sequence number of the rules. Rules are evaluated in a specific order. When one condition is matched, no additional rules are evaluated.
Rule Description	Description of the rule. It is good practice to use a description that helps you remember what the rule does.
Rule Type	The three rule types are: Event on matched rule. If matched, Operations Connector sends an event to OMi. The event uses the settings defined for the rule. If you do not configure these settings, the default settings are used. Suppress on matched rule. If matched, Operations Connector stops processing and does not send an event to OMi. Suppress on unmatched rule. If not matched, Operations Connector stops processing and does not send an event to OMi. You can change the rule type by clicking the current rule type in the list of rules and selecting another rule type from the drop-down list.

Condition Tab

UI Element	Description
Node	Fully qualified domain name, node name, or IP address that the policy compares with the node in the source message. Separate multiple entries with the OR operator (\|) or leave blank to match all nodes. Use the variable `<$OPC_MGMTSV>` to run automatic and operator actions on the management server (one of the gateway servers). Make sure that the command is available on all gateway servers (for example, instrumentations have to be deployed to all gateway servers). This field corresponds to the `node` option of the opcmsg command.
Message Group	Message group that the policy compares with the message group in the source message. Separate multiple entries with the OR operator (\|) or leave blank to match all message groups. This field corresponds to the `msg_grp` option of the opcmsg command.
Application	Application that the policy compares with the application in the source message. Separate multiple entries with the OR operator (\|) or leave blank to match all applications. This field corresponds to the `application` option of the opcmsg command.
Object	Object that the policy compares with the object in the source message. Separate multiple entries with the OR operator (\|) or leave blank to match all objects. This field corresponds to the `object` option of the opcmsg command. Although the term application generally refers to a general program name and object generally refers to a process or sub-program, you should use these values to assist your own organizational scheme.
Severity	Severity that the policy compares with the severity in the source message. At least one severity must be selected. This field corresponds to the `severity` option of the opcmsg command.
Message Text	Message text or pattern that the policy compares with the message text in the source message.

Event Attributes Tab

UI Element	Description
Title	Brief description of the nature of the event.
Description	Detailed description of the event.
Severity	Severity assigned to the event. Accept the severity that is set in the event defaults or choose a specific event severity: Critical, Major, Minor, Warning, Normal.
Category	Name of the logical group to which the event belongs (for example, Database, Security, or Network). The event category is similar in concept to the Operations Manager message group.
Subcategory	Name of the logical subgroup (category) to which the event belongs (for example, Oracle (database), Accounts (security), or Routers (network)).
ETI	Contains the event type indicator (ETI) resolution hint, which OMi uses to associate the event with an ETI and for event correlation. Use the format `<ETI name>:<ETI state>:<metric value>`. Specify the name of the indicator (for example, CPULoad), the indicator state (for example, High), and, optionally, the metric value (for example, 80). When OMi receives an event with an ETI resolution hint of CPULoad:High, and the ETI and state exist, the Event Type Indicator attribute is set to CPULoad:High in the event. The metric value is optional and serves informational purposes only.
Node	Name of the system where the event occurred (for example, node.example.com).
Related CI	Contains the CI that is related to the metric (for example, oraclesid01@@node.example.com or C:@@server.example.com). Use the format `<CI 1>:<CI 2>:...:<CI n>@@<hostname>`. Best practices for related CIs It is necessary to differentiate between CIs that have a Composition relationship to a node, and those that do not have such a relationship: For “hosted on” CIs `<key attribute 1>:<key attribute 2>:<key attribute n>@@<hostname>` Typically, a “hosted on” CI is a sub-type of “Running Software”. For example, a CI of type `websphereas` has a Composition relationship to a node. For virtual CIs `<key attribute 1>:<key attribute 2>:<key attribute n>` A virtual CI does not have a strong containment relationship (Composition relationship) to node. An example of a typical virtual CI type is cluster. This CI type does not have a strong containment relationship to a node. If you have problems resolving non-hosted CIs, provide the RTSM ID of the desired CI by using the format `UCMDB:<ci_uuid>`. For more information about CI resolution in OMi, see the OMi Help.
Sub Component	Information used to identify a subcomponent of a CI. This CI subcomponent is used to calculate an aggregated status within OMi's Service Health for selected CIs. If an HI is populated by events from multiple components, you can specify a component name in this field in order to ensure the correct calculation of the HI state. For example, if you have a Computer CI with two CPUs, `cpu #1` and `cpu #2`, events from both CPUs will be sent to the same `CPU Load` HI. By default, the events will override each other and create an incorrect HI state. To prevent this, you can populate Sub Component with values `"cpu #1"` and `"cpu #2"` which will cause the HI state to be calculated as an aggregated state between the two events.
Source CI	Contains the source related CI. For example, type the name and instance of the third-party system that provides events (for example, NNMi@@mgmt1.example.com or SCOM@@mgmt2.example.com). If you enter a source related CI, OMi tries to find the corresponding CI in the RTSM.
Source Event ID	ID of the event in the third-party system. This ID is required for synchronization of event changes with the source event. It also enables drilldown into the third-party system in the Event Browser in OMi. The file that the policy reads usually contains the source event ID. If you are working with sample data, you can drag the source event ID from the Sample Data tab and add it to the source event ID field.
Send with closed status (For the Open Message Interface, SNMP Interceptor, and Scheduled Task policies)	Sets the event's lifecycle status to Closed before sending it to OMi.

Event Correlation Tab

UI Element	Description
Event Key	An identifier used to identify duplicates and for Close Events with Key.
Event Suppression
Enable Event Suppression	Enables event suppression for the events generated by this policy. If event suppression is enabled in the event defaults, you can choose to apply them to or override them for this rule: Use default settings for Event Suppression. Applies the event suppression settings configured in the event defaults to this rule. Override default settings for Event Suppression: Enables you to configure specific event suppression settings for this policy rule.
Suppress events which are	Generated by the same input event. Select this option to suppress events that were sent in response to two separate input events that are identical except for the date and time that the event was generated (for example, identical entries in a log file). Generated by the same rule. Select this option to suppress events that match the pattern specified for the selected rule. This is a more general setting for the suppression of duplicate events. For example, a policy might contain a rule with this match pattern: `Error Message<#>` The log file lines `Error Message10` and `Error Message20` are not identical, but would both match this rule. Identical relative to their attributes. Select this option to suppress either events that have the same event key or (if no event key is present) events that have identical event attributes (except for the date and time that the event was generated).
Suppression Method	For event correlation, you can define one of three correlation methods: Time Interval. This correlation method lets you define an interval during which duplicate events will be ignored. For more information, read this detailed example. Time interval correlation example In the illustration below, the interval is set to 30 seconds, but the suppression is limited to 60 seconds. The represents events that are identical. The first input event (E1) matches a rule in the policy. The policy sends an event and starts timing. A second matching event (E2) occurs 25 seconds later. This event occurred less than 30 seconds after the first event, and is therefore suppressed. A third matching event (E3 ) occurs less than 30 seconds after the second event, and so is also suppressed. The next matching event (E4) occurs less than thirty seconds after the third event, but is also more than 60 seconds after the first event, and therefore the policy sends an event. Counter. This correlation method counts the number of matching input events and sends an event only after the number of matching input events equals the counter threshold. The counter can also be reset to zero after a time period that you specify. For more information, read this detailed example. Counter correlation example The represent events that are identical. The first input event (E1) matches a rule in the policy, and the counter increments to one. No event is sent. A second matching event (E2 ) occurs, the counter increments to two, an event is sent, and the counter resets. A third matching event (E3 ), and the counter increments to one. No event is sent. The next matching event (E4) occurs more than thirty seconds after the third event. Since at thirty seconds the counter was reset to zero, the counter now increments to one. No event is sent. Time Interval/Counter. If you use the Time interval and Counter together, events are evaluated first by the timer. If an event passes the timer, it is then evaluated by the counter, which either suppresses it or sends an event to OMi. If you specify just time interval correlation or just counter-based correlation in an individual event, any event defaults for the other correlation method also apply. For example, if you specify time interval correlation for an event, and the event defaults specify counter-based correlation, the combined time interval and counter-based correlation applies to both new rules and existing rules. You can change this default behavior, so that only the correlation method that you specify in the individual event applies. To change the default behavior, set the parameter `OPC_IGNORE_DEFAULT_MSG_CORRELATION=TRUE` in the `eaagt` namespace on the node. You can configure this parameter using `ovconfchg` at a command prompt.
Time Interval	Time interval during which duplicate events are ignored.
Suppress for no longer than	Time interval after which duplicate events are no longer ignored.
Counter threshold	Value that triggers an event if met or crossed.
Reset counter threshold after	Time interval after which the counter is reset to 0.

Custom Attributes Tab

UI Element	Description
	Create New Custom Attribute: Creates a new custom attribute.
	Delete Custom Attribute: Deletes an existing custom attribute.
Name	The name of the custom attribute. The name is case-insensitive. Custom attributes are additional attributes that contain any information that is meaningful to you. For example, you might add a company name, contact information, or a city location to an event. You can have more than one custom attribute attached to a single event. The following custom attribute names cannot be used because they are reserved for internal use: `Description` `EtiHint` `HP_OPR_SAAS_CUSTOMER_ID` `NoDuplicateSuppression` `RelatedCiHint` `SourceCiHint` `SourcedFromExternalId` `SourcedFromExternalUrl` `SubCategory` `SubCiHint`
Value	Value of the custom attribute.

Advanced Tab

UI Element	Description
Event Drilldown
Event Drilldown URL	URL of the event in thethird-party system. This is the complete path of the URL, and includes the FQDN (fully qualified domain name) of the computer that hosts the third-party system, the communication port, and the root URL path (for example, `http://nnmi.example.com:8004/nnm/launch?cmd=showForm&objtype =Incident&objuuid=$OPC_CUSTOM[nnm.incident.uuid]&menus=true`). Event drilldown information enables OMi users to launch the user interface of the third-party system in the context of an event. To drill down to a specific event in the third-party system, add the source event ID to the URL. This event attribute can also be set by OMi based on an Operations Connector integration server configuration. If a policy and an integration server configuration both set this attribute, the information in the policy takes precedence.
OM Attributes
Application	Application that caused the event to occur. Unlike the Related CI attribute, which is a direct relationship to a CI in the RTSM, the application attribute is a simple string-type attribute (for example, Oracle and OS).
Object	Device such as a computer, printer, or modem. Unlike the Related CI attribute, which is a direct relationship to a CI in the RTSM, the object attribute is a simple string-type attribute (for example, `C:`, and `/dev/spool`).
Type	String used to organize different types of events within an event category or subcategory (for example, users or applications, accounts and security). The attribute is automatically set to `BSMC_Message`. You can delete the value but it will be inserted when you save the policy.
HPOM Service ID	ID of the service associated with the event. A service ID is a unique identifier for a service and can be used in OMi to identify the node and CI associated with the event.
Agent MSI	The message stream interface (MSI) allows external applications to interact with the internal event flow of Operations Agent. The external application can be a read-write application, for example, an event processing program that can read events, modify attributes, and generate new events for retransmission to the server. The application could also read events, or send its own events.
Divert events	If Agent MSI is enabled, diverts an event to the MSI instead of to the server when an event is requested by an external application.
Copy events	If Agent MSI is enabled, sends the event to the server, and a copy of the event to the MSI.

Send Help Center feedback