Hi all.
I appreciate if anyone can help me with this.
I am using alarm enrichment for capturing data in custom field.
I have as enrichment-source for capturing in logmon, pollagent, net_connect probe but I need add other rule with logmon but with enrichment-rule diffrent.
For some reason, the new rule only work with a alarm(217.x.x.01) and I don't know why doesn't to others.
This is the configuration ----->
<custom_headers>
custom_1 = Comentario
custom_2 = Alias/Responsable
custom_3 = Programado
custom_4 = Entidad
custom_5 = Servicio
</custom_headers>
<VPN>
active = true
connection_url = jdbc:sqlserver://IPDAB:1433;DatabaseName=UIM
user = userUIM
password = xxxxxxxxxxxxx
query = Select RTRIM(LTRIM(comercio)) as comercio from customerasa where PEER in (select replace(supp_key, ',', '') as peer from NAS_ALARMS (nolock) where supp_key =?)
population_query =
</VPN>
<5>
match_alarm_field = prid
match_alarm_regexp = logmon
lookup_by_alarm_field = supp_key
lookup_by_regexp =
use_enricher = VPN
<overwrite-rules>
udata.custom_4 = [cmdb.comercio]
</overwrite-rules>
</5>
This is the alarm(217.x.x.01) that working with alarm enrichment ------>
Captured of key ---->
Query for validate if it's working ----->
The DocNimbus show that alarm enrichment it's working and the custom_4 show the data geted from query ----->
The alarm is working as expected ----->
Now, with this alarm(200.x.x.114) the enrichment-rule not working, not mapping the data in custom_4 as expected.
The query it's working as expected, return the value necessary ----->
Does not put in the alarm the data (custom_4) from alarm enrichment ---->
This problem happen with all Ip less 217.x.x.01, i don't know why, because the logic it's the same for all.
Is possible that 2 enrichment-rules of same (match_alarm_regexp = logmon) naybe cause this behavior?
Has anyone gone through this that can tell me where the problem is?