One of the premier use cases of Cloud Event Management is to act on incoming events via Event and Incident Policies. In this article, you will see an easy to follow example to do just that. You will learn how to use specific values from the event and directly feed them into an assigned Runbook.
First, we will start with the scenario. The organisation has several event probes reporting in on problems with web applications. A common error pattern is an unavailable service. In that case, the probe will send an event with information on the system, the IP address, and a summary. The task of the Operations team is to check in on the system and see if the ports are down. If that is the case, the Operations Engineer opens a ticket in the internal ticketing system with the relevant information. Afterwards a Subject Matter Expert (SME) will fix the problematic application.
Luckily all the information is available directly from the event. The following fields are important:
- Event Summary
- IP Address
So, let’s take a look at the Runbook the Operation Engineers shall run. It consists of three steps:
- Log on to the system
- Run a script, which will check the ports on the system
- If the ports are down: Open a ticket in the internal ticketing system with the appropriate information
Above all we want to make sure to make parameters out of the parts of the Runbook which refer to the values from the Event. We do this in order to fill the respective parts of the Runbook with the correct information, so the Operations Engineer does not have to this themselves.
As you can see, the Runbook contains several commands and parameters to make response on the event really easy.
The Event Policy
The goal we want to reach is a really close integration between issue, event, and remediation. Consequently we need an Event Policy. The policy will watch incoming events for a specific pattern. After the pattern is recognised, we connect the event with the Runbook we created. Through the CEM user interface we can easily connect the Runbook parameters with the fields of the event.