7.3 Setting Up the Incoming Data Stream

The following is an example of a fully-formatted stream of data that displays as a Operations Center event when sent to the NOC Universal adapter:

Component

Example Data Stream

Stream Header (Required)

### EVENT ###
Database_Monitor;

Required Data Fields

originating_event_id="34532";
msg="Instance is no longer active, tnsping failed";
severity="CRITICAL";

Additional Data Fields

hostname="server45.mosol.com";
process="oracle";
instance="ORCL";
application="people soft";
testing_id="12345";

Stream Footer (Required)

END
### END EVENT ###
PROCESSED

The following sections explain components of the data stream and how to test the validity of the data stream:

7.3.1 Required Stream Header and Event Class

All streams of data (events) must start with the following text on a line by itself:

### EVENT ###
event_class;

Where event_class is an identifier that represents an event class. For example, if the information source is a log file generated by a product named MonitorMyWWW that monitors Web sites. Replace event_class with MonitorMyWWW.

During the initial sending of data, the event_class value is set to the main class of the event. For data updates, this field is set to Sync to update existing events. In cases where there is no initial data mining capability, all events are sent as Sync and the adapter property EventConsoleName assigns the event class value. The event_class value is also useful defining right-click operations in the implementation.

7.3.2 Data Fields

Each incoming data field is represented by a field name and value, as shown in the following example:

Host="taz";process="oracle";instance="ORCL";

Requirements for data fields are:

  • Separate each field/value pair with a semicolon.

  • Fields are case-sensitive in Operations Center.

  • originating_event_id, severity, and msg are required data fields. They are mandatory for Operations Center to be able to process the data stream correctly.

    Required Field Name

    Descriptions

    originating_event_id

    A unique identifier that allows correct application of custom operations (such as clear or close) and updating of events later.

    • Value can contain numbers and letters.

    • If the system’s unique ID contains characters, it might be necessary to implement a hashing scheme to convert it to a number.

    severity

    A severity level for the event.

    • Value must be must be all uppercase and must contain one of these valid strings:

      • CRITICAL display color is red.

      • MAJOR display color is orange.

      • MINOR display color is yellow.

      • INFORMATIONAL display color is blue.

      • OK display color is green.

      • UNKOWN display color is gray.

    • If the severity field is set incorrectly, it defaults to UNKNOWN.

    Set unknown severity to UNKNOWN or pass codes other than the ones listed above.

    msg

    A description about the event which can include the cause, or information that displays after opening an event or moving the mouse over an event in the Operations Center Network view.

    • Value can contain numbers, characters, and any standard symbol, except semicolons.

    • If the value itself contains quotes, be careful not to break or mismatch the quotes as the event might process incorrectly.

  • originating_tec_hostname is not required for valid events. However, it must be included to have right-clicks for Close and Acknowledge work successfully. See Section 7.6, Understanding Alarm Operations and Event Status.

  • Data can be sent using multiple lines, such as:

    Host="taz";
    Process="oracle";
    Instance="ORCL";
    
  • If the event is sent in one line, the last field/value pair must have a carriage return embedded in the stream just before the ending footer data.

  • Surrounding values with quotation marks is optional, unless the value contains spaces.

7.3.3 Required Stream Footer

The end of the event must end with the following text on separate lines:

END
### END EVENT ###
PROCESSED

7.3.4 Closing the Event by Data Stream

When closing an event, it is necessary to specify the event class and define originating_event_id and status.

An example event stream to pass in order to close the alarm:

### EVENT ###
Database_Monitor;
originating_event_id="34532";
status="CLOSED";
END
### END EVENT ###
PROCESSED

7.3.5 Manipulating the Event Time Stamp

The date and time of the event creation/occurrence is the date and time when the NOC Universal adapter received the event. It has no relation to any date or time contained within the event.

You can use the date_reception field name to specify a specific date/time stamp.

To specify a hard-coded event time stamp:

  1. Stop the adapter.

  2. Right-click the adapter, and select Properties.

  3. Enter date_reception as the value for the UpdateTimestamp property.

  4. Add the following tag after the stream header tag:

    date_reception=”unix_timestamp

    To convert the desired date/time to a Unix time stamp, use a Web site such as OnlineConversion.com.

7.3.6 Testing the Validity of the Data Stream

To test the validity of the data stream:

  1. Telnet to the port on which the NOC Universal adapter is listening.

  2. Send the sample data stream.

    An event is created for the adapter.