# Create the dedup id; This is what zenoss normally does to the event to ascertain if
# it is a duplicate (another occurance) of an existing event. We are doing it in this
# transform to be able to reference the count variable, which does not come with an
# incoming event.
dedupfields = [
evt.device, evt.component, evt.eventClass, evt.eventKey, evt.severity]
if not evt.eventKey:
dedupfields += [evt.summary]
mydedupid = '|'.join(map(str, dedupfields))
# Get the event details (including count) from the existing event that is in the mysql database
em = dmd.Events.getEventManager()
em.cleanCache()
try:
ed = em.getEventDetail(dedupid=mydedupid)
mycount = ed.count
except:
mycount = 0
# Do what you like with the count;
# In this example we up the severity to CRITICAL if the count is > 3
if mycount > 3:
evt.severity = 5
# If we have a Ping based device, we lower the severity on ping down
# We also have to assure that clear events, events that mean ping is working again,
# dont get their severity changed
if "Ping" in getattr(evt, "DeviceClass", None) and evt.severity != 0:
evt.severity = 1
transform: all events that come in from a certain device class, have their severity changed
Often put in /Events to get all events
If you have many events, putting it in /Events will cause all events to be evaluated through this
this can possibly be a bottleneck