<style>p { margin: 0; }span.fr-emoticon.fr-emoticon-img { background-repeat: no-repeat !important; font-size: inherit; height: 1em; width: 1em; min-height: 20px; min-width: 20px; display: inline-block; margin: -0.1em 0.1em 0.1em; line-height: 1; vertical-align: middle; } span.fr-emoticon { font-weight: normal; font-family: "Apple Color Emoji", "Segoe UI Emoji", "NotoColorEmoji", "Segoe UI Symbol", "Android Emoji", "EmojiSymbols"; display: inline; line-height: 0; } blockquote { border-left: solid 2px #5e35b1; color: #5e35b1; margin-left:0; padding-left:5px;}blockquote blockquote{ border-color: #00bcd4; color: #00bcd4;}blockquote blockquote blockquote{ border-color: #43a047; color: #43a047;} table.grid{ border-collapse: collapse;} table.grid td, table.grid th { border: 1px solid #ddd;} .fr-fic.fr-dib{ display: block; margin: 5px auto;}.fr-fic.fr-dib.fr-fir{ text-align: right; margin: 5px 0 5px auto;}.fr-fic.fr-dib.fr-fil{ text-align: left; margin: 5px auto 5px 0;}.fr-fic.fr-dii{ float: none; margin: 5px auto;}.fr-fic.fr-dii.fr-fil{ float: left; margin: 5px auto;}.fr-fic.fr-dii.fr-fir{ float: right; margin: 5px auto;}img.fr-dib.fr-fir { margin-right: 0; text-align: right;}img.fr-dib.fr-fil { margin-left: 0; text-align: left;}img.fr-dib { margin: 5px auto; display: block; float: none;}img.fr-bordered { box-sizing: content-box; border: solid 5px #CCC;}img.fr-shadow { box-shadow: 10px 10px 5px 0px #cccccc;}img.fr-rounded { border-radius: 10px; -moz-border-radius: 10px; -webkit-border-radius: 10px; -moz-background-clip: padding; -webkit-background-clip: padding-box; background-clip: padding-box;}</style><p id="isPasted"><strong>In this guide we will cover:</strong></p><p><strong>- Setting up Event Management</strong></p><p><strong>- Creating an Event Rule</strong></p><p><strong>- Overseeing Events </strong></p><p><br></p><p><br></p><p>Event management allows you to manage the events that are triggered by Asset Management and Alerting integrations using webhooks. Using this module you can create rules to determine which events log tickets and control the fields/configuration on the ticket that gets logged for a specific event. This gives you more control over the alert/ management tickets that are created from integrations, both in terms of when they are created and the data they are populated with on creation. It also allows events to update an existing alert ticket that is related to that same event. </p><p><br></p><p>Throughout this guide we will refer to 'events' and 'alerts':</p><p><br></p><p><strong>Events:</strong> These are anything that trigger a webhook, results in a request being sent from the integration to Halo. The event being the scenario from the integration platform that is being sent into Halo via the API.</p><p><br></p><p><strong>Alert: </strong>A ticket that is created as a result of an event. The event is not solely for Alerts, it may be change management information you are ingesting into your Halo platform in order to store the history of assets. This is useful to track the life cycle and health of said assets.</p><p><br></p><p><strong><em>Note: This guide is only applicable to RMM integrations that create alerts using webhooks. For RMMs that create alerts using emails, see our guide <a data-fr-linked="true" href="https://usehalo.com/haloitsm/guides/1910/" id="isPasted" target="_blank" rel="noopener noreferrer">here</a>. To match existing alert tickets that are ingested via email, check out this runbook guide: </em></strong><a href="https://usehalo.com/haloitsm/guides/2268/" target="_blank" rel="noopener noreferrer"><strong><em>here</em></strong></a></p><p><br></p><p><strong><span style="font-size: 14pt;">Setting up Event Management</span></strong></p><p>First, head to Configuration and enable the module. </p><p><img src="https://halo.haloservicedesk.com/api/attachment/image?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6ImNkN2I0NzQ2LTYyNGEtNDM4Zi1hYTc5LTY1ZGJiZDRhN2YwNCJ9.3QnmWGFA3fbSgLu-cCV917NMUmKSy6Npe6D2_c_RSp8" class="fr-fic fr-fil fr-dib" width="116" height="135"></p><p><strong><span style="font-size: 10pt;">Fig 1. Enable Module</span></strong></p><p><br></p><p>Once enabled, ensure you and any other agents have permission to access this module. Head to Configuration > Teams & Agents > Agents > select and agent > Permissions tab, see 'Event Management Access Level'. For agents to be able to create new event management rules they will need 'read and modify' permissions. From v2.236+, access control is available on event rules, allowing you to grant specific Agents, Roles, Teams, or Departments access to specific rules. </p><p><br></p><p><img src="https://halo.haloservicedesk.com/api/attachment/image?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjI2Yzc0ZDU4LWVlODQtNGEzYy1iNGNhLTBmZDkxMzg2ZWM3NCJ9.rILDpz9Hg7JH0fCY_IqjnQAZG2_kXvftZkhvcV9A7LY" class="fr-fic fr-fil fr-dib" width="430" height="200"></p><p><strong><span style="font-size: 10pt;">Fig 2. Event Management Access Level permission</span></strong></p><p><br></p><p>Once the module is on and permissions added you will need to log out and back into Halo for this to take affect and the module to be visible. </p><p><br></p><p>You should now see Event Management in your navigation menu (this may be in your overflow menu, as shown in <strong>Fig 3</strong>).</p><p><br></p><p><img src="https://halo.haloservicedesk.com/api/attachment/image?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjA5NmI2MGVlLTA2ZGUtNDY3Ny1hMzgxLTcwODM5NzA0YjUzZCJ9.FoHwHssmpXRtituVElJekqkSjZQvLqYIZxKP1V_hPTc" class="fr-fic fr-fil fr-dib" width="382" style="width: 384px; height: 539.121px;" height="539"></p><p><strong><span style="font-size: 10pt;">Fig 3. Event Management in navigation menu</span></strong></p><p><br></p><p><strong><span style="font-size: 14pt;">Creating an Event Rule</span></strong></p><p>Start by heading to Configuration > Event Management > Event Rules > New, here you configure a new rule.</p><p><img src="https://halo.haloservicedesk.com/api/attachment/image?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjY0NjhkZWU1LWY1NDAtNDYzMC05NjZhLWFhODkwNDNhMWQ2NiJ9.wl4O_9m-6-Vrs0DsEBwmI7a_QiFV_01GjvQH_h2ak7g" class="fr-fic fr-fil fr-dib" width="180" style="width: 182px; height: 143px;" height="143"></p><p><strong><span style="font-size: 10pt;">Fig 4. Event Rules (Found in the Event Management Configuration Module)</span></strong></p><p><br></p><p id="isPasted">Rules work by checking criteria set against defined variables. These variables are based on the initial payload of the webhook, therefore any criteria you would like to set needs to be based on a value present in the webhook payload. </p><p><br></p><p>This means any webhooks you have set up for your Asset Management/ RMM integration(s) need to be redirected to post to the event management endpoint. To do this you will need to edit the webhook(s) you have set up for your Asset Management/ RMM alerts/ events (done within the integration platform) and change the endpoint URL to: https://{YourHaloDomain}/api/incomingevent/process</p><p><br></p><p><strong><span style="font-size: 12pt;">Authorising the Webhook </span></strong></p><p>When a webhook is posted to the event management endpoint (/api/incomingevent/process) it will need to be authorised to be processed. When setting up an event rule you can choose the authorisation used. On versions prior to v2.186 you will have to use a Halo application to authorise the webhook. On v2.186+ additional authorisation options are available. </p><p><br></p><p><strong>Authorising with Halo application</strong></p><p>This method should be used when a Halo application is being used to authorise your webhook's access to your instance. In which an application has been created in Halo, and the credentials from this application have been given to the webhook. When using this method you will need to change the permissions of the API application that is authorising the webhook connection. Head to into Halo, Configuration > Integrations > Halo API > view applications > select the application authorising the webhook(s) > permissions tab, enable the following permissions:</p><ul><li>edit:events</li><li>read:events</li></ul><p><strong><em>Note: To see which Halo application is authorising the application you will need to check your webhook configuration. </em></strong></p><p><br></p><p id="isPasted"><strong>Additional authentication options </strong></p><p>If your alerting system does not support OAuth (a Halo application has not been set up to provide credentials to the webhook) there are some alternative authentication options you can use, including:</p><ul><li>No auth (none)</li><li>API key</li><li>Basic auth (username and password)</li><li>Sign in Request body with a secret key (HMAC)</li></ul><p><br></p><p>The authentication option you choose will depend on the application the webhook is being sent from. You will need to obtain/generate authentication credentials from the webhook, then enter these against the event management rule here. </p><p><br></p><p>Now when an event occurs it will be evaluated by this module before creating an alert ticket. </p><p><br></p><p><strong><span style="font-size: 12pt;">Defining variables </span></strong></p><p>Head back to the event rule configuration and see the 'Inputs' tab. Here you will first need to specify the 'Event ID variable' this is the value in the payload that is the ID of the event, used for matching the same events to the same alert ticket. This will follow the format 'request^id' where 'id' is the event ID value specified in the webhook payload. Each variable created will begin with request^.</p><p><img src="https://halo.haloservicedesk.com/api/attachment/image?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6ImRlMGQ0NTU5LWJiN2EtNDU3MC04NDY2LWJiYzY2Mzk3OTc1ZiJ9.hyw8FsWsFSxzMBai89EhbjGh9RMsWZ2p67Fj8Dga4_E" class="fr-fic fr-fil fr-dib" width="900" style="width: 902px; height: 339.665px;" height="340"></p><p><strong><span style="font-size: 10pt;">Fig 5. Specify Event ID variable </span></strong></p><p><br></p><p>Now define the variables you would like to be evaluated by adding a line to the variables table. You will need to give the variable a name, select the data type and provide a description (if desired). Then, in the value field, enter 'request^' followed by the key value. </p><p><br></p><p><strong><em>Note: The value that is the event ID must have the data type 'Object'.</em></strong></p><p><br></p><p>For example, I am using the following payload in my webhook (this example uses the Datadog RMM):</p><p id="isPasted">{</p><p> "datadog_id": "$ID",</p><p> "security_signal_id": "$SECURITY_SIGNAL_ID",</p><p> "summary": "$EVENT_TITLE",</p><p> "priority_id": "1",</p><p> "user_id": "$USER",</p><p> "tickettype_id": "1",</p><p> "customfields": [</p><p> {"id": "239",</p><p> "value": "$HOSTNAME"}],</p><p> "new_external_link": {</p><p> "table_id": "1",</p><p> "module_id": "391",</p><p> "third_party_id": "$ID",</p><p> "third_party_url": "$LINK",</p><p> "third_party_desc": "$SECURITY_SIGNAL_ID"}</p><p> </p><p>}</p><p><br></p><p>I would like the ID, summary, priority and user values to be evaluated so I will create variables for these as shown in <strong>Fig 6</strong>. </p><p><img src="https://halo.haloservicedesk.com/api/attachment/image?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjFhZmVjMzBmLWY4OGMtNGQzNS1iNTg2LWU4MGQyZTI1ZTU0OCJ9.sXT6jWpqFOq9S3gB1B5Z79Htva2eTPZnS31YfaltUKY" class="fr-fic fr-fil fr-dib" width="959" style="width: 961px; height: 304.334px;" height="304"></p><p><strong><span style="font-size: 10pt;">Fig 6. Defined variables example</span></strong></p><p><br></p><p><strong><span style="font-size: 12pt;">Setting Rule Criteria</span></strong></p><p>Under the 'Criteria' section of the 'Inputs' tab you can set the criteria for the rule, if an event matches this criteria, a ticket will be logged. </p><p><br></p><p>Here you can add criteria to the table, choose the variable you would like to base this on, the rule type (equal to, contains etc.) and the value. The rule types you have available to choose from will depend on the data type of the variable. </p><p><br></p><p>In <strong>Fig 7 </strong>I have set the criteria so that the rule will match when the event has a summary containing 'Disk space low'.</p><p><br></p><p><img src="https://halo.haloservicedesk.com/api/attachment/image?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjVmYjFhODVmLTMzMjgtNGM3ZS05MzE0LTJhNGJkYzc4OTMyNiJ9.R1ue6LwrqMTYUQW6By5uPL49UZplWdKFLrsBvHN3R2o" class="fr-fic fr-fil fr-dib" width="968" style="width: 970px; height: 255.052px;" height="255"></p><p><strong><span style="font-size: 10pt;">Fig 7. Example rule criteria</span></strong></p><p><br></p><p>You can add multiple lines to this table but all criteria must be met for the rule to be matched. </p><p><br></p><p><strong><span style="font-size: 12pt;">Rule Outcome</span></strong></p><p>Set the rule outcome in the 'Ticket Creation' tab. </p><p><br></p><p>Here you can toggle the 'Ticket Creation Type' of the rule between Ticket Type and Template. </p><p><br></p><p><strong>Ticket Type</strong> - Will let you choose a ticket type to determine what type the ticket created will be when this event occurs and this rule matches.</p><p><strong>Template</strong> - Will let you choose a ticket template to be applied to the ticket that is created when the event occurs and this rule matches. </p><p><br></p><p>Once this is set you can set some field mappings, this allows you to populate ticket fields with data from the variables. </p><p><br></p><p>To do this, add to the field mapping table, choose the Halo field that you would like to be populated then choose the variable you would like the data to come from.</p><p><br></p><p>The following fields are currently supported:</p><p><br></p><ul><li>Custom Fields</li><li>Summary</li><li>Details (New Alerts only)</li><li>Status</li><li>Action Note (Updates only)</li><li>Start Date</li><li>Target Date</li><li>Priority</li><li>Urgency</li><li>Categories 1 to 4</li></ul><p><br></p><p>In the <strong>Fig 8 </strong>example I have mapped the event summary to appear in the ticket summary and the event ID to be in a custom field 'Event ID'.</p><p><img src="https://halo.haloservicedesk.com/api/attachment/image?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6ImYyNTQ1NjZkLTE0MTAtNDFjYy1hZGUyLTNkNzk5MDk2OGY4ZiJ9.5yGmEz0X9qUqNVO5zF8LXQVgSDaxsCLOVQfPN6P1riQ" class="fr-fic fr-fil fr-dib" width="973" style="width: 975px; height: 386.446px;" height="386"></p><p><strong><span style="font-size: 10pt;">Fig 8. Field mapping example</span></strong></p><p><br></p><p>On versions prior to v2.186 events with the same ID will always match and update the existing ticket. That is if the same event is triggered again, rather than a new ticket being created the existing ticket in Halo will be updated. On v2.186+ you can set rules to determine when events will create a new ticket and when they will update an existing ticket. </p><p><br></p><p><strong><span style="font-size: 11pt;">Determine if an event updates or creates a ticket</span></strong></p><p>If you would like events to always create new tickets, and not update a ticket that exists relating to this same event, enable 'Always create new Tickets'. </p><p><img src="https://halo.haloservicedesk.com/api/attachment/image?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjQwZjIyZGMyLWU4ZWMtNDhlZS1hMTI0LTEyNDY0MTlhNjE0OSJ9.LWtnSp5xHRmkgDL5XVoFO15ER3Mz9Wr9s5A2RGtIqQM" class="fr-fic fr-fil fr-dib" width="823" style="width: 825px; height: 380.479px;" height="380"></p><p><strong><span style="font-size: 10pt;">Fig 9. Have events always create new tickets</span></strong></p><p><br></p><p>Otherwise, rules can be created in the 'New Ticket creation rules' table to determine when new tickets are created. If a ticket meets all the criteria set here, a new ticket will be created, otherwise the event (webhook) will update the matched ticket. In the figure 10 example, I have created a rule in which if the ticket has a closed status the ticket will not be updated when the same event (event with same ID) triggers again. Instead if the ticket is closed a new ticket will be created. </p><p><img src="https://halo.haloservicedesk.com/api/attachment/image?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6ImRjZjAzZDVlLTBmY2QtNDE3Ni1iOTY3LWM0MTA5ZGE4NGJiMCJ9.nlD8VZwWG1BSNtJ3DIYSKJSjNLSCwa8C4Zm66T6KyZU" class="fr-fic fr-fil fr-dib" width="937" style="width: 939px; height: 205.069px;" height="205"></p><p><strong><span style="font-size: 10pt;">Fig 10. Ticket creation rules</span></strong></p><p><br></p><p><strong>Customer, site, user and asset matching </strong></p><p>Events can be matched to a customer, site, user and asset, so the correct customer/site/user/asset is associated with the ticket. This is configured under the 'Ticket Creation' tab of the event rule. </p><p><br></p><p>To do so, values must be obtained to gain a 'Customer/Site/User/Asset Matching Value' which can be compared against the 'Customer/Site/User/Asset' Matching Field where that data is stored. </p><p><br></p><p><img data-fr-image-pasted="true" src="https://halo.haloservicedesk.com/api/attachment/image?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjhjYWM4OWZiLWM3N2EtNDBhMi05NDQyLTkxYTY4YmVlZWRjMCJ9.7018aFxYDRz1VibqnQ6-YGAAJqNNjplevm3-1igf9Y4" width="961" style="box-sizing: inherit; border-style: none; cursor: pointer; padding: 0px 1px; user-select: none; text-align: left; color: rgb(0, 0, 0); font-family: sans-serif; font-size: 14px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; white-space: normal; background-color: rgb(255, 255, 255); text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial; width: 963px; height: 156.675px; max-width: none !important;" data-pasted="true" class="fr-fil fr-dib" height="157"></p><p><br></p><p><strong data-pasted="true"><span style="font-size: 10pt;">Fig 11. Customer matching value and field</span></strong></p><p><br></p><p>There are two ways to obtain this data; Query Parameters and Input Variables as described below. </p><p><br></p><ul><li>Query Params = Parameter in the webhook URL that stores the value.<ul><li data-pasted="true">For example, an Event sent to <a data-fr-linked="true" href="https://HALOURL.halopsa.com/api/IncomingEvent/Process" data-pasted="true">https://HALOURL.halopsa.com/api/IncomingEvent/Process?Client_ID=123</a> where 'Client_ID' represents the relevant Halo Client's ID.</li><li>Your Matching Value would be 'Client_ID' (the value of which would be 123)</li><li>Your Customer Matching Field would be 'Client ID'</li><li>So when the Event is processed, Halo would check the URL for the 'Client_ID' parameter, find '123' and then for a Client with the ID of 123</li></ul></li><li>Input Variables = Variables from the payload of the request<ul><li>For Example a payload containing a "Client_ID" with a value of '123' like so </li><li><img src="https://halo.haloservicedesk.com/api/attachment/image?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjQ5NGNhMDc0LWQzOTktNDA5Mi05OGU2LWU5Yzg3NTMyOGRmYyJ9.y4j0z2UpX3AstPMriZJwj_lXAfl0eiDOARkS98V0Uso" class="fr-fic fr-fil fr-dib" width="230" height="74">Your 'Matching Value' would be 'request^Client_ID'as you must use the full path, not the name of the variable in this context</li><li>Your 'Customer Matching Field' would be 'Client ID'</li><li data-pasted="true">So when the Event is processed, Halo would check the payload for the 'Client_ID' field, find '123' and then for a Client with the ID of 123</li></ul></li></ul><p><img src="https://halo.haloservicedesk.com/api/attachment/image?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6ImM0MTEwNDJmLTJiMDUtNGMxYi1hY2Q2LWJhNGEwMjJjMzRjNiJ9.HOyDd0bYFKcluTMQRj8a4CnjYxQxCpXf13genssSiuM" class="fr-fic fr-fil fr-dib" width="951" style="width: 953px; height: 154.777px;" height="155"></p><p><strong><span style="font-size: 10pt;">Fig 12. Example Query Parameter matching configuration using the example above</span></strong></p><p><br></p><p><strong><span style="font-size: 10pt;"><img src="https://halo.haloservicedesk.com/api/attachment/image?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjE3MDlhYzE1LTQwMzgtNDEzNi1hYTdjLTFiMWRmMDFjNmRiYSJ9.1jFgkiNhfeF_c0aFLZ_CEfxz2csesrN0I_RJSgM3Uc4" class="fr-fic fr-fil fr-dib" width="958" style="width: 960px; height: 301.217px;" height="301"></span></strong></p><p><strong><br></strong></p><p><strong><strong data-pasted="true"><span style="font-size: 10pt;">Fig 13. Example Input Variable matching configuration using the example above</span></strong></strong></p><p><br></p><p>Once you have setup customer, site, user or asset matching values, you will need to set a default customer and site for new tickets. The default set here will be the customer/site used if the event/webhook cannot be matched to a customer/site/user/asset based on the matching information given. If '*Use Global Setting*' is selected the customer/site global default for new tickets will be used.</p><p><img src="https://halo.haloservicedesk.com/api/attachment/image?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6ImIzOTJkZTkxLTM1MGMtNDhhNS1iOTEzLWVjMzdjMzE5OTViMiJ9.cfTdYfjCo2JbepNLz1CPjOHZJhtHorgNMLKIqLEREck" class="fr-fic fr-fil fr-dib" width="411" style="width: 413px; height: 77.6485px;" height="78"></p><p><strong><span style="font-size: 10pt;">Fig 14. Default customer/site for users</span></strong></p><p><br></p><p><br></p><p><strong><span style="font-size: 14pt;">Overseeing Events</span></strong></p><p>Now a rule is setup each event that meets this criteria will log a ticket with the specified values in the event rule. Any events that do not meet any criteria of an event rule will not create a ticket. </p><p><br></p><p>Tickets created as a result of event management will have an event management tab, showing a log of the event and the rule they have matched with request/response info. </p><p><br></p><p><img src="https://halo.haloservicedesk.com/api/attachment/image?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjY0ZWYwZmU0LWRmYzQtNGU0OC1iNTUxLTJlNTE1NDRmMmYyOSJ9.3_LDZf_XqsHN7nuVCfcQ9TRTZS9eUIhOP5Fy_WLc6F0" class="fr-fic fr-fil fr-dib" width="965" style="width: 967px; height: 226.234px;" height="226"></p><p><strong><span style="font-size: 10pt;">Fig 15. Event management tab against ticket</span></strong></p><p><br></p><p>If a log is selected it will open a new window showing the request and response information. </p><p><br></p><p>Events can also be viewed under the Event Management module, upon opening the module you will see a list of events that have occurred, regardless if they have matched a rule and created a ticket or not. Allowing you to bulk update tickets with multiple events as explained below. The use case of this is to store the history of certain assets within one area of Halo, and </p><p><br></p><p>By default these are sorted chronologically but results can be sorted/filtered by selecting the column headers. </p><p><br></p><p><img src="https://halo.haloservicedesk.com/api/attachment/image?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6ImUzNGY0MGZhLWMzODctNDg3ZC04YTQ0LTVjY2ZiMmZkMDY3YSJ9.TFsf039u6M_1O5aE4cQsvZnca95VWihi8oTz4eoLLjA" class="fr-fic fr-fil fr-dib" width="957" style="width: 959px; height: 475.586px;" height="476"></p><p><strong><span style="font-size: 10pt;">Fig 16. Event Management logs </span></strong></p><p><br></p><p>Selecting a log here will also display the request and response. </p><p><br></p><p id="isPasted">If an event has not matched a rule, an agent with event edit permissions can process the event manually, they will have 3 options:</p><p><br></p><p><strong>Re-evaluate</strong> - This will run the rule matching for that event again. This allows events to be processed if the rules have been updated since the time the event was received. Similar to how a manual ticket rule works (Guide: <a href="https://usehalo.com/haloitsm/guides/1923/" target="_blank" rel="noopener noreferrer"><strong>Ticket Rules</strong></a>)</p><p><strong>Create Ticket</strong> - This lets you select a rule, the outcomes of this rule will be used to create a ticket, regardless of if the event matches the criteria</p><p><strong>Link to Ticket</strong> - This allows you to choose a ticket to manually link the event to a ticket. None of the values will be applied from the event to the ticket, but the event will show in the ticket's event management tab.</p><p><br></p><p>To process, select some events, hover over 'edit' and these options will appear. </p><p><br></p><p><img src="https://halo.haloservicedesk.com/api/attachment/image?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjE0MDUyNTcwLTM0NzgtNDk3Ni1iZGNmLWRhZDNmZWYyMTQ0MSJ9.wcQIz0KkF_nOrXYFaXskE4xMEXAQl_gmeOzRHUE0nSg" class="fr-fic fr-fil fr-dib" width="182" style="width: 184px; height: 194.036px;" height="194"></p><p><strong><span style="font-size: 10pt;">Fig 17. Manual event processing options</span></strong></p><p><br></p><p><strong><span style="font-size: 12pt;">General settings</span></strong></p><p>Under Configuration > Event Management > General Settings, there are two settings:</p><p><br></p><ul><li>Number of days to retain matched event logs for - Determines how long event logs are stored for events that match a rule.</li><li>Number of days to retain unmatched event logs for - Determines how long event logs are stored for events that do not match a rule.</li></ul><p><br></p><p><img src="https://halo.haloservicedesk.com/api/attachment/image?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6ImJlMzA4YTcyLTliZWUtNDQ4YS1iNGE4LWE2YTRhYWFiODIxZiJ9.me953frhcq3qSVX7HO_YBHpkuHEznBbgKo0vBbcJMdc" class="fr-fic fr-fil fr-dib" width="440" style="width: 442px; height: 273.726px;" height="274"></p><p><strong><span style="font-size: 10pt;">Fig 18. Event Management General settings</span></strong></p><p><br></p>
