1. Cloud Control Monitoring Guide
  2. Enterprise Monitoring
  3. Managing Events, Incidents, and Problems
  4. Incident Rules and Rule Sets

Incident Rules and Rule Sets

An incident rule specifies criteria and actions that determine when a notification should be sent and how it should be sent whenever an event or incident is raised. The criteria defined within a rule can apply to attributes such as the target type, events and severity states (clear, warning or critical) and the notification method that should be used when an incident is raised that matches the rule criteria. Rule actions can be conditional in nature. For example, a rule action can be defined to page a user when an incident severity is critical or just send e-mail if it is warning.

A rule set is a collection of rules that apply to a common set of targets such as hosts, databases, groups, jobs, metric extensions, or self updates and take appropriate actions to automate the business processes underlying incident. Incident rule sets can be made public for sharing across administrators. For example, administrators can subscribe to the same rule set if they are interested in receiving notifications for the same criteria defined in the rule. Alternatively, an Enterprise Manager Super Administrator can assign incident rule sets to other administrators so that they receive notifications for incidents as defined in the rule.

In addition to being used by the notification system (see Rules in Notifications ), rule sets can also instruct Enterprise Manager to perform other actions, such as creating incidents, updating incidents, or call into a trouble ticketing system as discussed in Connectors.

Event Compression

Depending on what you are monitoring for, the number of incident alerts triggered by underlying events could potentially be high, with many of these notifications being related to the same underlying issue. Enterprise Manager lets you manage a potential flood of events using Event Compression so that you can focus on a smaller set of meaningful incidents. Event Compression allows you to group two or more related events into a single incident so that you can receive one notification about the incident instead of multiple notifications about each event that is part of the incident. There are two types of Event Compression you can use:

  • Event Compression Policies: These out-of-the box event compression policies will be enabled by default for all newly created event rules. The policies work with your incident rule sets to decide whether sets of related events can compress into a single incident. For more information, see Event Compression Policies.

    Note:

    Event Compression Policies are available with Enterprise Manager 13c Release 5 Update 8 or later.

    You can compare how Event Compression Policies would have affected the number of incidents in the past by running an Event Compression Analysis. For more information, see Assessing the Benefits of Using Event Compression Policies.

  • Rule-based Event Compression: This compression functionality is enabled at rule set level and implemented in two steps:
    1. Create an event rule that compresses related events into a single incident.
    2. Create an incident rule to send a notification (email, ticket creation, etc.) when an incident is created.

    For more information, see Rule-based Event Compression.