Skip to content

Default Event Table

When Assure1 receives or retrieves data that will be used to create or update an Event, most applications allow the data to be manipulated via the rules so the information displayed is more useful.

Processing the event data is done in three basic steps.

  1. Data is received or retrieved from a device.

  2. Data is sent to the rules file for processing, if available. It is during this step that the Event Hash can be manipulated so the modified information is be saved to the database.

  3. Data is saved to the database.

Event.Events

In Assure1 v5 the Events.Alarm DB Schema has been renamed to Event.Events. Some Fields have been renamed, other new fields have been added while others remain the same. The following table shows you a list of the fields along with a brief description.

Field Name Field Type Description
EventID Number Do not set this, and do not change this. The ID is handled by the database. The ID can be used to refer to the Event; there will be 0 or 1 matches in the live table; and 0 or more matches in the history table. This field was AlarmId in Assure1 v4.
EventKey Alphanumeric The EventKey is normally set during the rules processing. If the same as another event, the new event will be considered a duplicate -- either a repeat message, or (if correlation is done by deduplication) updated status of message (link up / link down). If the key is different from every other key, the event will not be considered a duplicate with another. This field will only be unique in the "live" table; the old EventID can be deleted, and the next "matching" EventKey will create a new Event, unrelated to the previous one. This field was AlarmKey in Assure1 v4.
EventCategory Number 1 = Resolution. 2 = Problem. 3 = Discrete. This functionality was part of the AlarmType field in Assure1 v4. Primarily used by the mechanization CorrelateProblemResolutions, which looks for events with EventCategory = 1 and Severity = 0, and any matching events with EventCategory = 2 and Severity > 0. The matched events are then updated the fields EventCategory = 3, Severity = 0, ExpireTime = 300, as well as a few other fields. Other values are not used by this mechanization for correlation. Additionally, a conversion has been setup to map the default values for display purposes.
EventType Alphanumeric A string to indicate the type of event, e.g. linkUpDown for a linkDown trap. This field was AlarmGroup in Assure1 v4. The mechanization CorrelateProblemResolutions will only function if this is the same for correlating events.
Ack Number 1 = Yes, 0 = No. The event will be displayed differently based on this field. Event right-click Tools can be used to set the state manually.
Action Alphanumeric An indication of the non-human entity that caused a change to be made. The mechanizations DeleteExpired and CorrelateProblemResolutions will both set DeleteExpired if a matching event is found. Event right-click SQL Tools can set this by doing, SET Action = 'SQL Tool: Acknowledge'.
Actor Alphanumeric An indication of the entity that caused the change to be made. Mechanizations will set this field to EventMechanization. Event right-click SQL Tools set this to the logged-in user that used the tool.
Count Number The number of times this Event has happened (deduplicated). Should only be increased by the SQL ON DUPLICATE, and should not be set in rules.
Customer Alphanumeric This can be set to a value as needed.
Department Alphanumeric Customer.rules will set this to Unknown if not previously set.
Details Text A JSON text field for miscellaneous info, replacing the Custom1-5 fields. Rules can set values like "$Event->{Details}->{subject} = 'X'.
DeviceType Alphanumeric Used as a general category for the event. Customer.rules will set this to Unknown if not previously set.
Duration Number The time between FirstReported and LastChanged. Updated by EventMechanizations.
EscalationFlag Number If an event should be escalated or not. 0 = no, 1 = should be escalated, 2 = has been escalated. Some of the default rules for applications look for this value being set to 1 for additional processing. This field was EscFlag in Assure1 v4.
ExpireTime Number This functionality was part of the AlarmType field in Assure1 v4. Number of seconds after LastChanged for this Event to become eligible-to-be-deleted, which is done by the mechanization DeleteExpired.
FirstReported Number Epochtime with milliseconds of when this Event first happened. The application processing the event will generally set it to the time the event was received/retrieved, but rules could change it, if needed. The default "INSERT/ON DUPLICATE UPDATE" code will not update if a duplicate event is received.
IPAddress Alphanumeric The IPv4 or IPv6 address of the Device associated with this Event. For Device/Metric integrations, it is useful if an entry exists in the Device Catalog (similar to Node). Customer.rules will set this to 0.0.0.0 if not previously set.
LastChanged Number Epochtime with milliseconds; must be changed manually by everything that modifies the Event, for example, Event List Tools, CAPE, or other applications. The application processing the event will generally set it to the time the event was received/retrieved. The default "INSERT/ON DUPLICATE UPDATE" code will update if a duplicate event is received. Rules should not update the value.
LastReported Number Epochtime with milliseconds of the last time this Event happened. The application processing the event will generally set it to the time the event was received/retrieved, but rules could change it, if needed. The default "INSERT/ON DUPLICATE UPDATE" code will update if a duplicate event is received.
Location Alphanumeric Name, Address, or something similar associated with the Event. Event Analytics will use this if it is set.
Method Alphanumeric Protocol of how the event was received/retrieved. The binary will set a default value (Trapd, Syslogd, for example), but can be update in rules, if needed.
Node Alphanumeric Usually the DNS Name of the Device associated with this Event, and set via an IP lookup in the application that received the event. For Device/Metric integrations, it is useful if an entry exists in the Device Catalog (similar to IPAddress). Rules can update this field, if needed.
OrigSeverity Number The original severity when the event was first created. The event binaries will set this to the same as Severity on INSERT, but will not be changed on UPDATE.
OwnerName Alphanumeric The name of the currently-responsible person. Some event Tools (for example, "Acknowledge", "Delete", and "Take Ownership") set this to the username that executed the tool; "UnAcknowledge" sets it to 0. This field was OwnerId in Assure1 v4.
RootCauseFlag Number Used by applications to know whether the event is being processed as a root cause of another event or not.
RootCauseID Number Used by applications to know whether the event was caused by another event or not.
Score Number If a Priority value is set on a device, this field can be set to the event Severity * Priority to increase the number. Event Filters can be configured to show the hi-score Events first, or other processing may utilize this value.
Service Alphanumeric The SLM applications will set this to the name of the SLM Service if a violation is detected.
ServiceImpact Number
Severity Number Must be a value between 0 - 5. The event will change colors in the Event List based on the severity.
SubDeviceType Alphanumeric Used for vendor or model information for the event. Customer.rules will set this to Unknown if not previously set.
SubMethod Alphanumeric Usually set in rules to the specific processing that was done on the event, for example, the MIB that defines the trap, or the string "watchdog", or "Unknown".
SubNode Alphanumeric The Instance of the Event, for example, the ifIndex value of a linkUp trap. Mechanization CorrelateProblemResolutions requires that this is the same for correlating events. This field was SubAlarmGroup in Assure1 v4.
Summary Text The free-form text that is usually shown in the Event List. It should be a standalone description of the event. The "Default" display will also show the user the Node, EventType, Count, FirstReported and LastReported fields, so those details do not need to be repeated here.
TicketFlag Number A flag for the ticket state of this event. 0 = no ticket; 1 = ticket to be created; 2 = processing, 3 = opened.
TicketID Alphanumeric The Ticket ID associated with this Event in the external system. Should be populated by the process done to open the ticket in the external system.
ZoneID Number Can be set to the Device Zone that the device is in.

Table Changes

The following fields are new in Assure1 v5:

  • Action

  • Actor

  • Customer

  • Details

  • Duration

  • ExpireTime

  • LastChanged

  • OrigSeverity

  • RootCauseFlag

  • RootCauseID

  • Service

  • ServiceImpact

The following fields have been removed from the table when compared to Assure1 v4:

  • DstIP

  • DstPort

  • SrcIP

  • SrcPort

  • EscId

  • Custom1-5