Templates
Each event uses information from a template when it is created. The Template Manager manages and creates new templates to use as preset values for alerts on saved searches.
See Role Overview for capabilities required to manage templates.
Managing Templates
The following image shows the Template Manager UI:
The search field can be used to filter by template name.
Use the following buttons to manage templates:
| Button | Function |
|---|---|
 | Add Template |
 | Copy Template |
 | Save Template |
 | Delete Template |
Create a template
To create a template:
- Click the
Add Entrybutton at the bottom of the list. - Give the template a unique name.
- Set the correct values for the template referring to Event Creation > Alert Action Setup.
- Click the save button on the upper right side of the template section.
The following options are available:
| Information | Description |
|---|---|
| Template name | The name of the template. |
| Tenant | The tenant specifies what index and collection the events created by this alert are stored in. |
| Assignee | The default assignee for the AME event. |
| Impact | The impact of the alert. Typically, an estimation. |
| Urgency | The urgency of the alert. Typically, an estimation. |
| Notification | The notification scheme to use for the event |
| Tags | A list of tags to assign to the event |
| Notable fields | A list of fields is to be shown under the Notable Fields tab. Alternatively, a wildcard can be set to show all fields. Note: Internal AME Fields and the _raw field always have to be explicitly listed. |
| Status | The default status for events created by the alert. |
| Resolution | The default resolution. |
| Time-to-live (TTL) | How long an event should be kept alive. |
| TTL Target | If TTL is set, the target status for the event after the TTL is reached. |
| Append alert | If set, Alerts matching defines keys will be appended to existing open events. |
| Append strict | If set, Alerts with ... |
| Notification on append | If set, appended Alerts will also trigger notifications. |
| Append keys | A set of keys that are used as a criteria to group events |
| Append mode | The mode to use when an alert is appended to existing events |
The default template can not be deleted.
See Event Aggregation for more details about appending alerts.
Displaying _raw for notable fields will cause the KV Collection faster and may cause issues over time.
Update and delete a template
Revise the information and press the Save Template button to update a template.
To delete a template, press the Delete Template button next to the save button
in the upper right corner of the template section.
Deleting a template will not update your saved searches relying on that template. Please make sure to update your saved searches beforehand.