I have an alarm generated with a field (named FIELD_YYYYY) containing a string (for example XXXXXXX:ID151)

I have created a correlated alarm to capture all the occurrences of this alarm based upon that field (so all occurrences of all alarms with the FIELD_YYYYY and the  contents of that field = XXXXXXX:ID151). It triggers when it receives 10 alarms in 15 minutes. This works well and the value field in the new alarm describes this event.

The value of the FIELD_YYYYY can change so for example, you may get a correlated alarm based on all the alarms with XXXXXXX:ID68

What I would like to do is incorporate the value of that common field into the new alarms ‘Value’ message (so something like ‘There has been a number of alarms for XXXXXXX:ID68’). The correlation rule is grouped on this field.

Similar to a script action such as count(*) >= 2 where you can insert a count of the number of alarms triggering the correlation rule into the new correlated alarm’s Value field (by also selecting the ‘Evaluate value’ option). Is there a similar syntax where you can use to capture the common contents of the field FIELD_YYYYY ??

So, for example, the Value message would say ’There are a number of alarms for XXXXXXX:ID68 (or any other value such as XXXXXXX:ID151)

So possiblbly use the following??

property([alarm].[FIELD_YYYYY])

Many Thanks