Task: Filter Event
All events generated by the technology configuration items may not be significant or relevant for business, but they may still be generated as it may not be possible to turn off the event notification system. Therefore, adequate filtering must be done to eliminate duplicate and insignificant events before taking further action.
Relationships
RolesPrimary Performer: Additional Performers:
Outputs
    Process Usage
    Main Description

    Once an event detected by the monitoring tool/agent is received, it undergoes filtering. This is done to identify if an event is relevant/significant and whether it needs any further action. Duplicate events, if any, are eliminated. The insignificant or informational events may simply be registered within the system logs and no further action may be required.

    During this task the first level of correlation, i.e. the determination of whether the event is informational, a warning, or an exception, must also be done. This correlation is usually done by an agent or correlation engine. Events which are not insignificant and merely informational can be recorded in log files on the technology configuration items itself and no further action should be taken.

    In case every event is significant in an engagement, this task may not be necessary. In which case, every event would move directly into a management tool’s correlation engine, even if the event is duplicated. Also, in some cases it may have been possible to turn off all unwanted event notifications.