Notification content variables
The content of email and command notifications can include information from events in the following form:
'${objectname/objectattribute}'
Note
Do not escape event command messages and event summaries. For example,
write this command as: ${evt/summary} (rather
than echo '$evt/summary').
Object names can be
evt, evtSummary, or
urls; or for clearing event context,
clearEvt and
clearEventSummary. For each object name, the
following lists show valid attributes (for example,
'${evt/DevicePriority}' ):
Attributes of evt and clearEvt
| Value | Description |
|---|---|
| DevicePriority | value of the priority of the device |
| agent | Typically the name of the daemon that generated the event. For example, an SNMP threshold event has zenperfsnmp as its agent. |
| clearid | id of the event this clear event will clear |
| component | component this event is related to |
| count | how many times this event occurred |
| created | when the event was created |
| dedupid | dynamically generated fingerprint that allows the system to perform de-duplication on repeating events that share similar characteristics |
| device | device this event is related to |
| eventClass | class of this event |
| eventClassKey | Free-form text field that is used as the first step in mapping an unknown event into an event class. |
| eventGroup | Free-form text field that can be used to group similar types of events. This is primarily an extension point for customization. Currently not used in a standard system. |
| eventKey | Free-form text field that allows another specificity key to be used to drive the de-duplication and auto-clearing correlation process. |
| eventState | state of the event |
| evid | unique id for the event |
| facility | the syslog facility |
| firstTime | First time that the event occurred. |
| ipAddress | IP address |
| lastTime | Most recent time that the event occurred. |
| manager | value of manager |
| message | a message communicated by the event |
| ntevid | windows event id |
| ownerid | owner id |
| priority | syslog priority |
| prodState | The production state of the device. |
| severity | The integer that identifies the event severity level. |
| severityString | The descriptive label that identifies the event severity level. |
| stateChange | The last time that the event status changed. |
| status | The status of the event. |
| summary | A brief message summarizing the event. |
Attributes of eventSummary and clearEventSummary
Note
Some of the values in the following table are direct duplicates of evt attributes. For example, uuid -> evt.evid.
| Value | Description |
|---|---|
| uuid | evt.evid |
| occurrence | evt.count |
| status | evt.eventState |
| first_seen_time | evt.firstTime |
| status_change_time | evt.stateChange |
| last_seen_time | evt.lastTime |
| count | evt.count |
| current_user_uuid | UUID of the user who acknowledged this event |
| current_user_name | name of the user who acknowledged this event |
| cleared_by_event_uuid | UUID of the event that cleared this event (for events with status == CLEARED) |
| notes | event notes |
| audit_log | event audit log |
| update_time | last time a modification was made to the event |
| created_time | evt.lastTime |
| fingerprint | evt.dedupid |
| event_class | evt.eventClass |
| event_class_key | evt.eventClassKey |
| event_class_mapping_uuid | If this event was matched by one of the configured event class mappings, it contains the UUID of that mapping rule. |
| actor | event actor |
| summary | evt.summary |
| message | evt.message |
| severity | evt.severity |
| event_key | evt.eventKey |
| event_group | evt.eventGroup |
| agent | evt.agent |
| syslog_priority | evt.priority |
| syslog_facility | evt.facility |
| nt_event_code | evt.ntevid |
| monitor | evt.monitor |
| tags | event tags |
Attributes of urls
| Value | Description |
|---|---|
| ackUrl | URL for acknowledging the event |
| closeUrl | URL for closing the event |
| reopenUrl | URL for reopening the event |
| eventUrl | URL for viewing the event |
| eventsUrl | URL for viewing events for the relevant device, or all events |
ZenPacks can define additional notification actions and can extend the context that is available to notifications to add objects or attributes.