Service Operations Insight

We are trying to create event policy to enrich the user attribute. But the policy seems to be not working, as we could see the user attribute is not updated as per the policy.

Condition: fn:Parse(${pattern1.Summary},' :  (.*?) \(')

Sample alert: Alert::: Device Name : XX-XX-XXX (10.0.0.1)::Description: Critical alert on the device interface.

Expected user attribute: XX-XX-XXX

Tested the same in regex tester. Its working fine. But in SOI its not working. Please check and let me know if there are any issues in the policy.

Thanks,
Kavi

Hi Kavi,

there seems to be a typo in your parsing pattern.
You have two blanks in-between : and ( but your Alert only contains a single blank following : and then the device name.
Try this condition:
fn:Parse(${pattern1.Summary},' : (.*?) \(') 

Michael

------------------------------
Customer Success Architect
CA Deutschland GmbH (a Broadcom company)
------------------------------

Original Message:
Sent: 06-12-2019 01:35 AM
From: Kaviarasu Jayapal
Subject: Event Enrichment Policy

We are trying to create event policy to enrich the user attribute. But the policy seems to be not working, as we could see the user attribute is not updated as per the policy.

Condition: fn:Parse(${pattern1.Summary},' :  (.*?) \(')

Sample alert: Alert::: Device Name : XX-XX-XXX (10.0.0.1)::Description: Critical alert on the device interface.

Expected user attribute: XX-XX-XXX

Tested the same in regex tester. Its working fine. But in SOI its not working. Please check and let me know if there are any issues in the policy.

Thanks,
Kavi