Event Data Substitution

Some event actions allow you to include event-specific information as part of the text message. Including event information is referred to as event data substitution. Refer to the help associated with a specific event action template for information on where event data substitution can be used.

The text of an event message is divided into keywords. When used in a message, a keyword must be preceded by the ampersand symbol (&). The keywords are:

&date
Specifies the date the event occurred.
&time
Specifies the time the event occurred.
&text
Specifies the event text, if supplied by the event.
&type
Specifies the event type criteria used to trigger the event.
&severity
Specifies the severity level of the event.
&system
Specifies the name of the system for which the event was generated.
&sender
Specifies the name of the system from which the event was sent. This keyword returns null if unavailable.
&group
Specifies the group to which the target system belongs and is being monitored. This keyword returns null if unavailable.
&category
Specifies the category of the event.
&pgmtype
Specifies a dotted representation of the event type using internal type strings.
&timestamp
Specifies the coordinated time of the event (milliseconds since 1/1/1970 12:00 AM GMT).
&rawsev
Specifies the non-localized string of event severity (FATAL, CRITICAL, MINOR, WARNING, HARMLESS, UNKNOWN).
&rawcat
Specifies the non-localized string of event category (ALERT, RESOLVE).
&corr
Specifies the correlator string of the event. Related events, such as those from the same monitor threshold activation, will match this.
&snduid
Specifies the unique ID of the event sender.
&sysuid
Specifies the unique ID of the system associated with the event.
&prop:filename#propname
Specifies the value of the property string propname from property file filename (relative to \tivoliWg\classes).
&sysvar:varname
Specifies the event system variable varname. This keyword returns null if a value is unavailable.
&slotid:slot-id
Specifies the value of the event detail slot with the non-localized ID slot_id.
&md5hash
Specifies the MD5 hash code (CRC) of the event data (good event specific unique ID).
&hashtxt
Specifies a full replacement for the field with an MD5 hashcode (32-character hex code) of the event text.
&hashtxt16
Specifies a full replacement for the field with a short MD5 hashcode (16-character hex code) of the event text.
&otherstring
Specifies the value of the detail slot with the localized label that matches otherstring. This keyword returns OTHERSTRING if unavailable.

Note: When you specify an event data substitution keyword containing more than one word, substitute the underscore character ("_") for each space between words. For example, to use the keyword "User Logon" you must enter "User_Logon" in the text of the event message. A sample entry containing this keyword might be: "User &User_Logon just logged on to the system."

Example of message text with event data substitutions:

Please respond to the event generated for &system, which occurred &date. The text of the event was &text with a severity of &severity.