An Incident allows you to track ongoing situations in your network, as determined by its associated events. Learn more about Incidents.
To create a custom incident:
Incidents are configured from the Incidents tab of the Event Administration page.
- Navigate to the Event Administration page, and then click the Incidents tab.
- Click Add. This will open the New Incident window, which under the General tab has the following fields:
Field Name Field Description Name incident name displayed in Entuity. enabled when ticked, the incident can be raised in Entuity. Description description of the incident. Opened By Any Of each row shows an event type and its source, which can open the incident.
- click Add to open the Event Type Selection dialog. Select an event Type and its Target. By default, Target is set to 'source', which causes Entuity to raise incidents against the same source as the event. You can define an expression to set a different source, e.g. for a port event raising the incident against its device, enter source.device.
- highlight a row and click Delete to remove from the incident definition.
Updated By each row shows an event type and its source, which can update the incident.
- click Add to open the Event Type Selection dialog. Select an event Type and its Target. By default, Target is set to 'source', which causes Entuity to raise incidents against the same source as the event. You can define an expression to set a different source, e.g. for a port event raising the incident against its device, enter source.device.
- highlight a row and click Delete to remove from the incident definition.
Closed By Any Of each row shows an event type and its source, which can close the incident.
- click Add to open the Event Type Selection dialog. Select an event Type and its Target. By default, Target is set to 'source', which causes Entuity to raise incidents against the same source as the event. You can define an expression to set a different source, e.g. for a port event raising the incident against its device, enter source.device.
- highlight a row and click Delete to remove from the incident definition.
Update incident details control how Entuity updates the incident, either:
- Update severity and details to match the most recent event.
- Use the severity and details of the most severe event.
Age Out time period during which if the incident state is not updated, the incident ages out and is closed. If the issue on the object recurs and Entuity raises another opening event within the set Expiry period, Entuity also reopens the original incident. Expiry time period during which the closed incident state can be reopened if the issue on the object recurs and Entuity raises another opening event. After the expiry period, if the issue on the object recurs and Entuity raises another opening event, then Entuity will open a new incident. - Click OK to save your custom incident, otherwise click Cancel.
Example custom incident:
Incidents are configured from the Incidents tab of the Event Administration page. The following example creates a new SNMP failure incident that:
- Is raised when one of any three specified SNMP events occur.
- Is closed when an SNMP Agent Responding event is raised on the same source as the opening events.
- Ages out after 20 minutes and expires after 60 minutes.
- Includes two triggers:
- A derived event which is generated when the incident is open five minutes after it is raised, i.e. State Precondition is set to five minutes.
- An email which is sent two seconds after the incident is raised.
A trigger is a method for associating an action to a change in the state of an incident. You can control what state causes a trigger to action, if there is any delay to that action, and whether the state of the incident after that delay impacts on the action. E.g., you may want to notify an administrator when an incident has been opened for a specified time, and escalate it if the incident is open even longer.
To create the example incident:
- Click the Main Menu > Administration.
- On the Entuity Administration page, click Event Administration.
- Click the Incidents tab and then Add.
- Define the incident general details. Enter:
- A meaningful name and description of the incident.
- In Opened By Any Of click Add, highlight an event and then click OK to add an opening event type. Repeat this for the three event types.
- In Updated By, you can add events that update the state of the incident. For example, you can select an event that, if raised against the source object, indicates an escalation in the problem.
- In Closed By Any Of click Add, highlight the SNMP Agent Responding event type and then click OK to add the incident closing event.
- A 20 minute Age Out, and 60 minute Expiry times for the incident.
- When you want to use the incident, ensure you have selected enabled.
- A meaningful name and description of the incident.
- Click the Triggers tab and then Add the email notification and derived event triggers.
- Define the email notification trigger details and test condition:
- Enter a meaningful name and description.
- Set Delay to 2 seconds.
- Set Condition to All Tests must succeed. Click Add and define the test by setting Type to Variable Test, selecting the email_boolean_send_control variable, Operations to equals and Value to ’true’.
- In Actions define the email action. Click Add and define the action in:
- Type select Send e-mail.
- Parameters highlight recipients, click Set and then Choose. Set Value Kind to Variable Reference and Variable to the email_network_admin variable.
- Parameters complete the subject and body parameters.
- Click OK to create the trigger.
- Define the derived event trigger details and test condition:
- Enter a meaningful name and description.
- Set Delay to 5 minutes.
- Under the Actions tab, define the create event action. Click Add to open the Add Action window.
- In the Action Steps section, click Add.
- Define the action in:
- Type select Create event.
- Event Type select the event type on which you want to base the new event.
- Attributes click Add and then define the new event attributes, for example select name to rename the event.
- Close and save your changes by clicking OK to the open Event Management System dialogs.
- Your changes are not applied to the Event Management System until you save and deploy the project. Click the Save and Deploy icon , enter a meaningful description of your updates and click OK.
Comments
0 comments
Please sign in to leave a comment.