Defining notification content
The following sections describe the options on the Content tab of the Edit Notification dialog box.
Notification content variables
The content of email and command notifications can include information from events in the following form:
'${objectname/objectattribute}'
Do not escape event command messages and event summaries. For example,
write this command as: ${evt/summary} (rather
than echo '$evt/summary').
Object names can be evt,
evtSummary, or urls; or for clearing event context, clearEvt and
clearEventSummary. For each object name, the following lists show
valid attributes (for example, '${evt/DevicePriority}'):
Attributes of evt and clearEvt
| Value | Description |
|---|---|
| DevicePriority | value of the priority of the device |
| agent | Typically the name of the daemon that generated the event. For example, an SNMP threshold event has zenperfsnmp as its agent. |
| clearid | id of the event this clear event will clear |
| component | component this event is related to |
| count | how many times this event occurred |
| created | when the event was created |
| dedupid | dynamically generated fingerprint that allows the system to perform de-duplication on repeating events that share similar characteristics |
| device | device this event is related to |
| eventClass | class of this event |
| eventClassKey | Free-form text field that is used as the first step in mapping an unknown event into an event class. |
| eventGroup | Free-form text field that can be used to group similar types of events. This is primarily an extension point for customization. Currently not used in a standard system. |
| eventKey | Free-form text field that allows another specificity key to be used to drivethe de-duplication and auto-clearing correlation process. |
| eventState | state of the event |
| evid | unique id for the event |
| facility | the syslog facility |
| firstTime | First time that the event occurred. |
| ipAddress | IP address |
| lastTime | Most recent time that the event occurred. |
| manager | value of manager |
| message | a message communicated by the event |
| ntevid | windows event id |
| ownerid | owner id |
| priority | syslog priority |
| prodState | The production state of the device. |
| severity | The integer that identifies the event severity level. |
| severityString | The descriptive label that identifies the event severity level. |
| stateChange | The last time that the event status changed. |
| status | The status of the event. |
| summary | A brief message summarizing the event. |
Attributes of eventSummary and clearEventSummary
Some of the values in the following table are direct duplicates of evt attributes. For example, uuid -> evt.evid.
| Value | Description |
|---|---|
| uuid | evt.evid |
| occurrence | evt.count |
| status | evt.eventState |
| first_seen_time | evt.firstTime |
| status_change_time | evt.stateChange |
| last_seen_time | evt.lastTime |
| count | evt.count |
| current_user_uuid | UUID of the user who acknowledged this event |
| current_user_name | name of the user who acknowledged this event |
| cleared_by_event_uuid | UUID of the event that cleared this event (for events with status == CLEARED) |
| notes | event notes |
| audit_log | event audit log |
| update_time | last time a modification was made to the event |
| created_time | evt.lastTime |
| fingerprint | evt.dedupid |
| event_class | evt.eventClass |
| event_class_key | evt.eventClassKey |
| event_class_mapping_uuid | If this event was matched by one of the configured event class mappings, it contains the UUID of that mapping rule. |
| actor | event actor |
| summary | evt.summary |
| message | evt.message |
| severity | evt.severity |
| event_key | evt.eventKey |
| event_group | evt.eventGroup |
| agent | evt.agent |
| syslog_priority | evt.priority |
| syslog_facility | evt.facility |
| nt_event_code | evt.ntevid |
| monitor | evt.monitor |
| tags | event tags |
Attributes of urls
| Value | Description |
|---|---|
| ackUrl | URL for acknowledging the event |
| closeUrl | URL for closing the event |
| reopenUrl | URL for reopening the event |
| eventUrl | URL for viewing the event |
| eventsUrl | URL for viewing events for the relevant device, or all events |
ZenPacks can define additional notification actions and can extend the context that is available to notifications to add objects or attributes.