Management-zone rules

Management zones comprise one or more rules that define and limit the entities or dimensional data (such as metrics) that can be accessed within the management zone.

When you select a management zone in Settings > Preferences > Management zones, all configured rules are displayed. You can Disable/Enable individual rules.

Management zone rules

Rule types

Management zones offer UI-based rule definition for:

  • Monitored entities
  • Dimensional data

You can select from predefined options for entity types, entity properties, rule conditions, and their operators.

When creating rules for some entities, you can propagate access to related topological entities without creating an extra rule. See How management-zone rules are applied below.

For UI-based rules for dimensional metric data, you can define conditions based on metric keys and dimension keys and values. Built-in, calculated, and ingested metrics are supported.

Note that users automatically get access to metrics associated with entities that are included within their assigned management zone.

Text-based rules leverage the powerful entity selector for v2 Environment APIs to define entities. Text-based rules enable you to define entities based on all the entity types, properties, values, and relationships exposed by the Monitored entities API v2.

There are several advantages of text-based rules:

  • You can provide granular and focused entity definitions without having to review the subset of choices available in the UI.
  • While UI-based rules allow for some relationship-based propagation of entity access, with text-based rules, you can explicitly use relationships to filter your entity selection. You have the flexibility to decide exactly which relationships you want to use to filter entities.
  • You can define text-based rules for including your own custom entity types, attributes, and relationships in management zones.

Important

Per monitoring environment, you can add:

  • Any number of management zones.
  • 150 UI-based management-zone rules for entities.
  • 150 UI-based management-zone rules for dimensional data (for metrics).
  • 150 text-based entity selector rules for management zones.
  • 100,000 conditions for all management-zone rules taken together (see Add a UI-based rule; does not apply to entity selector rules).
  • Any individual entity to a maximum of 200 management zones (run the GET an entity API call to see an entity's management zones).

Check our documentation on how to optimize management-zone rule performance at scale.

Add a UI-based rule

  1. Select/create a management zone and then select Add a new rule.

  2. Select the entity to which the rule should apply (Rule applies to).

    • For UI-based entity definitions, select Web applications for example.

    Select an entity

    • For a UI-based rule for a built-in, calculated, or ingested metric, select Dimensional data > METRIC.

    Note that the ability to access dimensional log data within a management zone will be available in a future release.

    See Examples for different rule types and implementations.

  3. Where available, select properties to filter the entity. For example, you can select Services (entity) matching a specific process group, host group, service type, technology, and service topology (properties).

    Management-zone rule for services

  4. Each entity can be defined and limited by several different conditions. Choose the Conditions, for example, you can specify that the Web application name begins with a specified string. Rule conditions

  5. Specify a value for the condition—enter a text string and specify whether it is Case sensitive. You can enter up to 80 characters; wildcard characters are not allowed; regular expressions are allowed in the contains regex and does not contain regex condition operators.

  6. Select Add condition to add another condition (or Remove condition to remove a condition) as required.

    Notes

    • You need to define at least one condition or property for the selected entity.
    • Conditions are applied using the AND logic—all conditions need to be met in order for the rule to apply to an entity.
    • There's no limit on the number of conditions per rule. However, there is a limit of 100,000 conditions for all rules taken together.
  7. For some entities, you can propagate access to related topological entities without creating an extra rule. For example, select the appropriate check boxes to include underlying hosts and process groups when defining a management-zone rule for Services.

    Include related entities

  8. Select Preview to see matching entities that were active and online in the last 72 hours. (Of course, when you actually apply the management zone, all entities matching the rules for the given timeframe will be displayed.)

    Preview is not available for dimensional data rules.

    Rule preview

  9. Create rule and then Save changes.

Add a text-based entity selector rule

  1. Select/create a management zone and then select Add a new rule.

  2. Select the entity to which the rule should apply. In Rule applies to, select Entity selector. See Examples for different rule types and implementations.

  3. To fill out the Entity Selector text string, you might need to run API calls to fetch entity types, properties, values, and relationships. Consult entity selector documentation for details on how to construct an entity definition.

    Key parts of the entity selector string:

    • type(<entityType>) defines the type of entity that is subject to the rule. For example, the entity type for hosts is host and for process groups is process_group. The entity type is not case sensitive. You can only provide a single entry in <entityType>.

      Run the GET all entity types API call for a list of all entity types in your environment (including custom entities) and their properties.

      Alternatively, you can specify multiple individual entity IDs with the entityId criterion. You can run the GET entities list API call for a list of actual entities in your environment and their properties.

    • Entity properties and values filter the entity list that your rule applies to. For example, entityName.startsWith("Book") filters for entities whose name starts with Book. serviceType(WEB_REQUEST_SERVICE) filters for web request services.

      You can run the GET entity type API call for any entity type (for example, service) to get a list of all its properties (for example, serviceType). You can also run the GET entities list API call for a list of actual entities in your environment with their property values (for example, WEB_REQUEST_SERVICE).

    • Relationships further refine entity selection by defining an entity in terms of its relationship to another. Relationships are of two kinds.

      • A fromRelationsip implies that the direction of the relationship is from the given entity (that is, the entity being queried) to the related entity. When you query all the services that service A calls, this is a relationship “from (service A)” to other services.
      • A toRelationship implies that the direction of the relationship is from the related entity to the given entity (that is, the entity being queried). When you query all the services that call service A, this relationship is “to (service A)”.

      You can run the GET entity type API call on any entity type to get a list of the entity's from/to relationships and the related entity types. You can also run the GET entities list API call to get a list of the actual entities in your environment along with their relationship values (for example, a service entity type can have a calls from relationship to another service).

  4. Select Preview to see matching entities that were active and online in the last 72 hours. (Of course, when you actually apply the management zone, all entities matching the rules for the given timeframe will be displayed.)

    Entity selector rule preview

  5. Create rule and then Save changes.

How management-zone rules are applied

  • Rules are applied using the OR logic—any rule must apply for an entity to be included in a management zone.

  • When creating rules for some entities, you can propagate access to related topological entities without creating an extra rule. For example, when creating a rule for services, you can opt to add underlying hosts and process groups. The rule preview below shows included hosts and processes when you select the respective options.

    Management-zone rule for services

    In other cases, the propagation of access to related topological entities is implicit. For example, when you grant access to a host in a management zone, any custom metrics ingested via that host are also accessible within the management zone. Note that this doesn’t automatically include all measurements of those custom metrics but only those measurements that were sent in for your host.

    In cases where such propagation is not available, you need to explicitly create rules for the entities you wish to add to a management zone. For example, a management-zone rule that applies to Host groups does not automatically grant access to the hosts within those groups; you need to explicitly add rules for the Hosts you wish to include in the management zone, as shown in Examples below.

Examples