Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

Overview

The SummitAI Event Correlator (ECE- Event Correlation Engine) is used to identify the Alerts or Events that should be processed for raising Incidents from a pool of large number of alerts and events that are triggered from various 3rd party monitoring tools. SummitAI Event Correlator connects with any Monitoring tool (For Example: SolarWinds, Nagios) and collects all the Alerts and Events. These collected Alerts and Events are sent for processing and for logging Incidents with the respective Workgroup and Priority.  Event Console is the list of all the alert / events which are received and processed at the Event Correlation Engine.


Figure: SummitAI Event Correlator Process

Refer the above figure, let us understand what happens in each step:

  1. Monitoring tools: 

    The SummitAI Event Correlator connects with the various Monitoring tools via respective APIs and collects all the active Alerts and Events.

    Note

    Refer Event Correlation API for the APIs for the SummitAI APIs.


  2. Event Correlation Engine:
     
    All the received Alerts and Events are further processed by applying the pre-configured and custom rules to identify the qualified Alerts and Events for logging Incidents. For more information on how the rules are configured, refer Configure Rules.

  3. Auto Resolution:

    Incidents, which are created at ECE will be auto resolved based on the actual event resolution by configuring resolution type at Incident template. 

  4. Modern Incident Management:

    Incidents, which are created at ECE have many modern incident management features such as Stakeholder Notification, Multi-channel, Dashboard & Reporting, Cross function collaboration and On-call, Escalations, Policies.

    Let us understand few scenarios of Event Correlation:

     De-duplication

    There is auto de-duplication available in ECE, events which are considered as duplicate for the same parameter name or metric will be suppressed automatically and the first event is considered original and processed. Remaining events are considered duplicate events.

    Example: ECE received 10 alerts from the monitoring tool which is related to the entity 192.168.100.102 and the parameter name as CPU load. So, the ECE processes the first received alert and it suppresses the remaining alerts/events until the issue gets resolved.

     Parent-Child Suppression

    Topology-based event correlation can exist between parent and child entities. It requires the relationship between the configuration items in SummitAI. So, when the parent and child CIs are down and we receive the alerts from monitoring tool, then the ECE considers only parent CI’s event for processing and creates an Incident, and the child events will be suppressed.

    Example: Network Device (192.168.100.100) is a parent Server and Network device (192.168.50.50) is a child. when we receive device down alerts from monitoring tool on both the entities, then ECE processes the parent device’s (192.168.100.100) alert and generates email or Incident, and child device’s (192.168.50.50) alerts will be suppressed.

     Time based Suppression

    Events will be suppressed based on time and counter-based configuration. Users can configure the time and count of the events while creating rules. So that when there is a flood of events received, ECE will process only those events and suppress based on timer and event count specified in the rule.

     Example: User has configured 50 events in 5 minutes time. f ECE receives more than 50 events in 5 minutes of time then ECE will check this rule and process only the first event and remaining events will be suppressed.

    Event Console report represents summary of all events which are received and processed. It lists down all the events with their status, count of how many events are received.

    To view this report, perform the following steps:
      1.  Navigate to Operations > User> Views > Event Console.
      2.  In the ACTIONS panel, click FILTERS.
      3. Select the Tenant and Device Type and click SUBMIT.


           Figure: Event Console Report

         

FieldDescription

Event ID

Indicates the Event ID also referred as Alert ID. Click the Event ID hyperlink to view the Event details in detail.

 View

Device Type

Indicates type of Device for which the Alert or event is created.

Host Name

 The name of the Entity to which the device belongs to.

 View

IP Address

IP address of the device type.

Event Message


Indicates the event or alert message or its description.

 

Severity

Indicates the intensity of the alert/ event. Example: Critical, High, Medium, Low

Event Occurred

Indicates the time when the event or alert was generated.

Incident No

Incident Number of the Incident created for this specific alert or event.

Event Actions

Indicates the performed action by Rule engine on the event or alert, whether it is suppressed or acknowledged and more.

Remarks

Provides the explanation for the event action.

Parameter Name

Name of the parameter/metric for which the event/alert created.

Source

Name of the source tool, where the event/alert is generated. (Example: Solarwinds, etc...)

ACTIONS

You can perform following actions from the ACTIONS panel of the Allocated Asset Report page.

Icon

Action

Prints the page. 

Exports the displayed records on the page to a Microsoft Excel sheet.

Exports the complete list of report records to a Microsoft Excel sheet.

  • No labels