Templates
Each event uses information from a template when it is created. The Template Manager manages and creates new templates to use as preset values for alerts on saved searches.
See Role Overview for capabilities required to manage templates.
Managing Templates
The following image shows the Template Manager UI:
The search field can be used to filter by template name.
Use the following buttons to manage templates:
| Button | Function |
|---|---|
 | Add Template |
 | Copy Template |
 | Save Template |
 | Delete Template |
Create a template
To create a template:
- Click the
Add Entrybutton at the bottom of the list. - Give the template a unique name.
- Set the correct values for the template referring to Event Creation > Alert Action Setup.
- Click the save button on the upper right side of the template section.
The following options are available:
| Information | Description |
|---|---|
| Template name | The name of the template. |
| Tenant | The tenant specifies what index and collection the events created by this alert are stored in. |
| Impact | The impact of the alert. Typically, an estimation. |
| Urgency | The urgency of the alert. Typically, an estimation. |
| Assignee | The default assignee for the AME event. |
| Notifications | A pre-configured notification scheme. The scheme defines who will get a notification when changes occur to an event. |
| Status | The default status for events created by the alert. |
| Time-to-live (TTL) | How long an event should be kept alive. |
| TTL Target | If TTL is set, the target status for the event after the TTL is reached. |
| Tags | A list of tags to assign to the event |
| Notable fields | A list of fields to show under the Notable Fields Tab. Alternatively, a wildcard can be set to show all fields. |
| Append alert | If set, Alerts with identical titles will be appended to existing open events. |
| Notify append | If set, appended Alerts will also trigger notifications. |
| Resolution | The default resolution. |
The default template can not be deleted.
Update and delete a template
Revise the information and press the Save Template button to update a template.
To delete a template, press the Delete Template button next to the save button
in the upper right corner of the template section.
Deleting a template will not update your saved searches relying on that template. Please make sure to update your saved searches beforehand.
How Appending Events Works
When the Append Alert flag is enabled, AME will add new Alerts to existing Events. The following criteria must be fulfilled:
- The Event Title has to be identical
- The Event must be of type
NeworIn Progress, not in aDonestate.
If the criteria are fulfilled, AME will append the new alert to the existing event with the following consequences:
- The
first seentime will not change - The
countwill be increased by one - The event results will be added to the
datatab with their newalert time - The
notable eventstab will be updated with the latest event results