Management

Just recently I wondered how easy it is to count events in a Netcool/OMNIbus probe rules file: just declare a persistent variable %eventcount and increment it each time an event passes by %eventcount = int(%eventcount) + 1.

Well, that is true but not even half of the story.

You declare the counting logic using a separate include or just somewhere in the probe rules file that is used each time an event flows through (so not in a condition branch). A good place would be before the closing of the rules file. 

You may want to create a log entry once a trigger level has passed:

log(WARNING, "Event count: " + %eventcount)

 You may want to generate an event once a trigger level has passed.

First declare where to send events too:

DefaultOS = registertarget( %Server,"", "alerts.status")

This line must be at the start of the rules file after the general comments. 

Some more logic is required to reset the counter on a day change, here  you need to store last and current date information. So you have each day an event with the grand totals. Also it is nice to have the code generic for each probe, for this I included the probe name. For not flooding the ObjectServer with gazillions of additional inserts make the genevent only happen every few thousand events.

 Putting it all together may look like this:

        %eventcount = int(%eventcount) + 1
        $now = getdate
        %current_day = timetodate($now, "dd.MM.YYYY")
        if (match(%eventcount,"1"))
        {
                %probe_start = $now
                %current_day = timetodate($now, "dd.MM.YYYY")
                %last_day = timetodate($now, "dd.MM.YYYY")
        }
        if (NOT(match(%current_day,%last_day)))
        {
                %probe_uptime = int($now) - int(%probe_start)
                log(WARNING, "Event count: " + %eventcount)
                $ge_summary = "Probe " + %Name + " has received at day " + %current_day + " " + %eventcount + " Events."
                $ge_identifier = %Name + %current_day
                $ge_manager = " Eventcount " + %Name
                $ge_alertgroup = "Eventcount"
                $ge_alertkey = %Name

                genevent(DefaultOS,
                        @Identifier, $ge_identifier,
                        @Summary, $ge_summary,
                        @Node, hostname(),
                        @Manager, $ge_manager,
                        @Severity, 3,
                        @FirstOccurrence, %probe_start,
                        @LastOccurrence, $now,
                        @AlertGroup, $ge_alertgroup,

                        @AlertKey, $ge_alertkey
                )
                %last_day = timetodate($now, "dd.MM.YYYY")
                %eventcount = 1
        }

        # Generate an informational log entry every 10.000 events.
        if (regmatch(%eventcount,"0000$"))
        {
                log(WARNING, "Event count: " + %eventcount)
        }
        # Update an informational event every 1.000 events, there is a new event each day
        if (regmatch(%eventcount,"000$"))
        {
                %probe_uptime = int($now) - int(%probe_start)
                #log(WARNING, "probe_uptime: " + %probe_uptime + " $now: " + $now + " %probe_start: " + %probe_start)
                $ge_summary = "Probe " + %Name + " has received at day " + %current_day + " " + %eventcount + " Events."
                $ge_identifier = %Name + %current_day
                $ge_manager = " Eventcount " + %Name
                $ge_alertgroup = "Eventcount"
                $ge_alertkey = %Name

                genevent(DefaultOS,
                        @Identifier, $ge_identifier,
                        @Summary, $ge_summary,
                        @Node, hostname(),
                        @Manager, $ge_manager,
                        @Severity, 3,
                        @FirstOccurrence, %probe_start,
                        @LastOccurrence, $now,
                        @AlertGroup, $ge_alertgroup,
                        @AlertKey, $ge_alertkey
                )
        }