An incident tracks an ongoing situation in your network, as determined by its associated events. Events drive the opening, updating and closing of incidents.
- For example, if a certain port utilization threshold is exceeded, Entuity will raise a Port Utilization High Event for that port. This Port Utilization High Event will open a Port Utilization Abnormality Incident. This incident can then be updated or closed by a further associated event or events.
There are three possible states that an incident can be in:
- Closed - can be reopened if a new associated event occurs.
- Expired - can no longer be reopened. Any new events will open a new incident.
Incidents do not have an assigned level, but instead inherit a severity level from their currently raised event.
- For example, if an event has a severity level of Major, then the incident that it raises will have a severity level of Major. If that incident is then updated by an event with a severity level of Critical, that incident then inherits the Critical severity level.
The incident severity levels are as follows:
|Display Severity and Color||Description|
|Green||Information or Cleared|
By default, if an event is raised with a severity level greater than information, and it does not have an associated incident, then Entuity creates an on-the-fly incident using the details of the event and applying the default incident template (which is defined in entuity_home\etc\event-engine-cfg-template.properties). These on-the-fly incidents do not have an incident definition, and therefore you cannot apply incident processing or implement event correlation.
Within the EMS, there is not a distinction between system incidents and custom incidents.
Incident dashboard and dashlet
Please see the following articles for help and information on the system dashboards and dashlets relating to incidents. You can also create your own custom dashboard and add to it incidents dashlets as you wish.