Link Search Menu Expand Document

Event Export

Page Layout

Event exports are configured from this page. Fluency allows the definition of logical “pipes”/”streams” to export system events and notifications.

Each logical stream can be used to select different events for exporting, based on the Selector and Lambda fields.

The event streams are then sent to one or more end points, defined in the Export stream section. These export streams are generally emailed, but can also be distributed through other methods/platforms, such as Slack channels, for instance.

This configuration page is used for configuring rules to define an event stream for export of system events and notifications. These rules will configure the events for export to designated endpoints, either email addresses or Slack channels.

There are fields to define a name and description, and three additional sections: event selector, lambdas, and event exports.

The event selector is where the user can define which fields and values they are trying to match.

The event exports define which end points the user would like to send the event stream to. These event exports are configured in the Export Mechanism of Events section.

Creating an End Point

An end point can be created in the Export Mechanism of Events table. Click the “+ EXPORT” button to open the creation wizard.

Give the end point a name and (optional) description. Then select the stream location, either email or slack. This is an example of email.

Input the email(s) you would like the notifications to be sent or cc’d to.

Once the endpoint is saved, it should appear in the Export Mechanism of Events table.

This is a second export definition.

This one has an email listed in both the “To” field and the “Cc” field. Exports that use this end point definition will forward exports to both of these email addresses.

Once saved, both these end points will appear on the Export Mechanism of Events table.

Creating an Export

An export can be created in the Notification Definition table. Click the “+ PIPE” button to open the creation window.

Give the export a name and (optional) description. Then indicate which events you want to apply the end point to. Check the “Match All” box to have every event exported to the end point. In this case, we want events with severity level “critical” to be exported. Select “severity” from the dropdown menu, then type as many matches as desired into the “Match” field. In this case, just enter “critical.” Click the “+ ADD” button to add this match.

In the event exports section, select the desired end point from the drop down list. In this case, we want the test_email end point we defined above. Select this from the list and click “+ ADD” to add it.

Click the “SAVE” button at the bottom of the window to add this export to the table. It will immediately be active, but this status can be toggled using the switch to the left of each export on the table.

Matching Fields

The “Event Selector” section can be used to match a number of predefined fields. In the last section, we used it to match a specific severity.

Like above, give the export a name and (optional) description). Now, instead of selecting “severity” from the Match field dropdown, select “category.” The category we want to match is Network Behavior, so type it into the Match bar and press enter to add it to the list. More matches can be added to the list. When done, click “+ ADD” to add the match to the list.

Once added, the match will appear in the “Event Selector” table. More fields can be added to further filter the events. Once finished, choose any desired event exports from the dropdown and add them to the export.

Lastly, select the desired end points from the dropdown menu under “Event Exports” and add them. Click the “SAVE” button to save the export.

Once saved, the export will appear in the Notification Definition table.

Excluding Fields

The match fields can also be used to exclude criteria.

As before, select the Match field and enter the matches. In this example, “category” is selected again, and this time the match is “User Account Management.”

To the right of the Match bar is a checkbox for “Exclude.” Check the box to indicate that the matches for this field are being excluded from the desired events.

Click “+ ADD” to add this match to the list. Note that the “Exclude” column reads “true,” indicating that events with this criteria will be excluded.

Add any desired end points to the export and click “SAVE” to save the export.

The new export will appear in the Notification Definition table. Note that under the “Selection” column there is a toggle button for “Exclude.” For this new export, the button is toggled on. Exclusion of a field can be toggled using this switch.