====== Alarm rules ======
  Alarm rules allow to filter and redirect alarms toward existing plugins.
  

**By example, you could do the following:**
  * Send all SAP jobs alarms to Bob by email
  * Send internal alarms to Redpeaks admin by email
  * If non office hours, send system CRITICAL alerts by SMS
  * Decrease alert severity for non production systems
  * Discard non CRITICAL alerts from JAVA stacks of customer X
  * Send all alarms from customer A to ServiceNow plugin
  * Send all alarms from customer B to ScienceLogic SL1 plugin

{{..:administration:pasted:20190215-174840.png?1000}}

===== Configuration =====

==== Activation ====

  * By default, alarm rules are not active
  * All generated alerts are propagated to all active plugins
  * Use the activation button to enable alarm rules processing.
{{..:administration:pasted:20190215-181356.png}}

**Warning:**
  * If alarm rules are enabled, but no rules are defined, **no alerts will be propagated** to any plugin.
  * You should at least define a rule that will take care of the default propagation of the alerts.

=== Rules definition ===

  * Created rules will be organized in a table in a predefined order.
  * Rules will be processed in the order displayed in the table
  * You can move a rule up or down
  * Press **Add** button to create a new rule.
  * Set a meaningful name and a description to define your rule

{{..:administration:pasted:20190215-181922.png}}

**Stop on first match:**
  * If enabled, the alarm won't be processed by the next rule if it matches current rule filters.
  * Useful if you want to restrict or prevent the propagation of some alerts

The configuration of the rule consists of setting following parameters:
  * **Plugins:** Where the alarm will be sent if matches all filters
  * **Schedule:** Define when the rule is active
  * **Severities:** What serverities to handle
  * **Filter:** What alarm parameters are expected
  * **Action:** What is going to be done with the alarm if all filter matches

=== Plugins === 
  * Select the list of plugins that will be used to propagate the alert if it matches the rule filters
  * Unless the selected action is **Reject**, each plugin from the list will receive the alarm.

{{..:administration:pasted:20190215-182313.png}}

=== Schedule === 
  * Define when the rule is active
  * You can define a time window within the day, some day of the week or a specific date
  * Dates field can remain empty
  * By example, you can use this option to send an alert by SMS to the support team during non office hours.

{{..:administration:pasted:20190215-182631.png}}

=== Severities === 
  * Define the alarm severities to match
  * Process only alarms with a matching severity
  * You can by example process only MAJOR and  CRITICAL alarms

{{..:administration:pasted:20190215-183155.png}}

=== Filters === 
  * Filter will be applied on alarm parameters
  * Only the alarms that matches the filter will be processed by the ''Action''
  * The filter will apply on one or several components:
    * **Group**: The group of the system for which the alarm is generated.
    * **System SID**
    * **Stack type**: ABAP/JAVA/SYBASE/HANA/BO
    * **System tag**: The tag associated to the group
    * **Module**: The [[..:administration:alarmrules:moduleIds|module ID]] of the alarm
    * **Alarm tag**: The tag associated with the alarm
    * **Alarm message**: The message itself
    * **Alarm count**: The number of times the alarm has been triggered since first raised time. Reset to 1 when cleared.
    * **Agent**: The agent from which the alarm is coming from
  * The filter will compare the component value of the alarm with a value, by using following comparators:
    * **Equals**: Strictly equal to a given value (case insensitive)
    * **Matches with**: A way to check that value contains at least some part of text (see example below)
    * **Different than**: Is strictely different than a given value
  * The filter will evaluate the rules in the predefined order, using the selected operator
    * **AND**: All rule must be true
    * **OR**: At least one rule must be true

{{..:administration:pasted:20190215-184013.png}}

  * ''Matches with'' examples

^ Operation ^ Filter value ^ Comment ^
| contains | ABC | Matches if value contains text 'ABC' |
| contains any | ABC, DEF, GHI | Matches if value contains at least one of the coma separated text |
| contains all | ABC + DEF | Matches if value contains all coma separated text |
| excludes | !ABC | Matches if value does not contain 'ABC' |
| excludes all | !ABC, !DEF | Matches if value does not contain any of the coma separated text |
| Regexp | .*ABC.*DEF$ | Matches if value contains ABC and ends with DEF |

=== Actions ===
  * Defines how to process the alert if it matches all above filters, including schedules and severities:
    * **Process**: Simply propagate the alert to the selected plugins
    * **Reject**: Discards the alert
      * If you want the alarm to be completely rejected, you must enable: **Stop on first match**
    * **Send to**: Send the alert to the specified recipient (Needs to be associated with email plugin)
    * **Transform**: Modifies the content of the alarm

{{..:administration:pasted:20190215-185000.png}}

**Transform:**
  * Allows to modify the alarm severity

**Transform syntax:**
  * severity+X : Increase the level of severity by X
  * severity-X : Decrease the level of severity by X
  * severity=X : Set the level of severity to X

**Note:** More transform capabilities to come.