Submit a ticketCall us

AnnouncementsAre You “Flying Blind?”

When it comes to your complex IT infrastructure, you want to ensure you have a good grasp of what’s going on to avoid any fire drills that result from guesswork. Read our white paper to learn how proactively monitoring your IT environment can help your organization while giving you peace of mind.

Get your free white paper.

Home > Success Center > Log & Event Manager (LEM) > Log & Event Manager (LEM) Documentation > LEM Administrator Guide > Get started building custom rule expressions in LEM

Get started building custom rule expressions in LEM

Updated: September 15, 2017

This topic provides information to help you write custom rule expressions in LEM.

About custom rule expressions

Use caution when creating rules. SolarWinds recommends that you practice creating filters before you start creating rules. Creating rules is similar to creating filters, but filters report event occurrences whereas rules act on them.

Begin configuring rules when you are comfortable with configuring filters. Always test your rules before implementing them.

You can create rules by configuring conditions between alert variables and other components (such as time of day sets, user-defined groups, constants, and so on). Using rules, you can correlate alert variables with other alerts and their alert variables.

You can configure rules to fire after multiple alerts occur. LEM remembers alerts that meet the basic rule conditions and waits for additional conditions to be met. The rule does not execute until the alerts meet all of the conditions and correlations defined for the rule.

When you correlate alert variables, you specify how often and in what time frame the correlations must be met before the rule is triggered. The combined correlations dictate when the rule initiates an active response.

Last modified

Tags

Classifications

Public