Common Event FormatΒΆ
In all IT infrastructure, a business application is supported by several technologies like the network, the database, middleware layer and so on, which have from a monitoring point of view their own languages in regards to the supervision insight data that are collected.
On the other hand, in front of these technologies that provide data growing exponentially today and in order to get out from a silo technology perspective supervision only, we need a federal vision with a real time and smart data aggregation which means a common language able to map different data sources.
The function of the Common Event Format approach is to translate these different languages into a common language which is easy to understand by the IT staff.
Based on monitoring metrics and logs activity, you can detect abnormalities or alerts represented by an event, then all these events coming from different sources will be mapped to a unique Common Event Format hub.
Thanks to the CEF, for each event from the IT Infrastructure it will provide answers to the following questions:
- What is the issue?
- Which services or customers are impacted?
- Who is responsible for fixing this?
- What is the impact on your Service Level Agreements?
Please find below the list of the LIKPI CEF fields:
| Field Label | Regexable | Queryable | Description |
|---|---|---|---|
| Severity | true | true | Represents the severity of an event |
| Priority | true | true | Represents the importance of an event |
| RepeatCount | false | false | Number of times that the same event has occurred |
| Received | false | true | Date and time when the event was received |
| Received Client | false | true | Date and time when the event was received by the ObsAgent |
| Notes History | false | true | A list of free text annotations for an event with the Datetime |
| Object | true | true | The component or instance of any infrastructure |
| ObjectClass | true | true | To identify the source alert type |
| Host | true | true | FQDN host name of the system |
| HostAddress | true | true | Network address for the host |
| MetricType | true | true | Name of the metric parameter |
| MetricValue | true | true | Value of the metric |
| Message | false | true | Summary of the alert |
| AIOpsCellID | false | false | Id of the AIOpsCell |
| ProbeRef | false | false | Hostname of the ObsAgent |
- The Field Label is how the field will be represented the events console
- All fields above are internal and cannot be modified
- Regexable means they can be used when you define Regex rule
- Queryable means they can be used when you define a Query events
- All fields are string types except Received and Received Client as datetime types
The CEF console shows you the defaults CEF attributes and allows you to create custom ones.
Controls description:
