Events

The Events tab displays the event messages of the Assets monitored by WOCU for the selected Realm. This option allows the display of logs for a multitude of elements from a single point.

../../_images/2_056_aggregator_realm_events-general-view_0-58.jpg

List of Monitoring Events

The events of the various WOCU Assets are stored and presented in this list. The most recent events will be displayed first.

Through this option the user can consult the events generated by WOCU in relation to the Assets managed by the tool.

../../_images/2_057_aggregator_realm_events-monitoring-view_0-58.jpg

Monitoring Event List Fields

The information for each of the events is recorded in a series of fields described below:

../../_images/2_057b_aggregator_realm_events-monitoring-columns-detail_0-58.jpg

Time


This field indicates how long ago the event was received (days and hours since the event occurred).

By placing the cursor over each row of this field, the user will be able to consult the details of the field, and a pop-up text will show the date and time of the event.

Date


This field indicates the exact date and time at which the event was generated, and consequently, a relevant event occurred in the functioning and operation of the monitored assets.

Event


This field describes the type of event. The existing event types are listed below:

ALERT Event Type: This Event reports an event that causes a change in the calculation of the Status in WOCU, for example the change from a normal operating status (Up/OK) to a total loss of availability (Down, Critical). The types of messages that the Event field can host to typify this type of Alerts are the following:

  • HOST ALERT: message relating to an Alert on a Host when a change in the Host Status takes place.

  • SERVICE ALERT: message relating to an Alert on a Service when a change in the Service Status occurs.

  • HOST FLAPPING ALERT: message relating to an Alert on a Host when a rapid alternation of States (Flapping) takes place.

  • SERVICE FLAPPING ALERT: : message relating to an Alert in a Service when a rapid alternation of States (Flapping) takes place.

NOTIFICATION Event: This Event informs of the sending of a warning message for a change of Status in an Asset to the persons listed in the Contacts field for that Asset, i.e., it is a purely informative Event of the sending of a warning (email, sms), which in turn has its origin in an Alert Event. That is to say, it is a merely informative Event of the sending of a warning (email, sms), which in turn has its origin in a Status change Event (Alert). The types of messages that the Event field can host to typify this type of Notification are the following:

  • HOST NOTIFICATION: message concerning a Notification related to a Host when a change in the Host Status takes place.

  • SERVICE NOTIFICATION: message concerning a Notification related to a Service when there is a change in the Status of the Service.

EXTERNAL COMMAND Event: This event reports the execution by a WOCU user of any of the actions performed through the Actions on the monitored Assets (Hosts and Services) that originate the sending and execution of commands and instructions in WOCU. In this way, the actions performed by WOCU users are also recorded. Thus, for example, the application of the Acknowledgement of an Alarm will give rise to an event that will be identified with this label “EXTERNAL COMMAND”.

Status


This field reports the Status that WOCU calculated for the Asset at the time of receipt of the Event.

For this purpose, the impact of each Event on the State determined by WOCU is reported via an icon. The following icons are available:

  • Normal operating state (Up/OK), identified by the green tick icon:

../../_images/2_057c_aggregator_realm_events-monitoring-up-icon_0-36.jpg
  • Down/Critical status, identified by the red down arrow icon:

../../_images/2_057d_aggregator_realm_events-monitoring-down-icon_0-36.jpg
  • Warning status in the operation of a Service (Warning), identified by the yellow exclamation icon:

../../_images/2_057e_aggregator_realm_events-monitoring-warning-icon_0-36.jpg
  • Loss of contact status (Unreach/Unknown), identified by the grey question mark icon:

../../_images/2_057h_aggregator_realm_events-monitoring-unknown-icon_0-36.jpg
  • Flapping state, identified by the blue rotating arrows icon:

../../_images/2_057f_aggregator_realm_events-monitoring-flapping-icon_0-36.jpg
  • Notification of the sending of a message due to a change in the status of an Asset (Notification), identified by the envelope icon:

../../_images/2_057g_aggregator_realm_events-monitoring-notification-icon_0-36.jpg
  • Notice of execution of Actions on the monitored Assets by a WOCU user (Commands), identified by the gear icon:

../../_images/2_057i_aggregator_realm_events-monitoring-commands-icon_0-36.jpg

Note

Additionally, the Status is also displayed on the background colour of each row of the event list, indicating to the user the change in Status that each event causes.

Host


This field includes the name of the Host that generated the event (by clicking on the name you can access the Detail View of that Host).

Service


This field indicates to which Service of the Host the event corresponds.

User


This field contains the name of the contact person in the event of an incident.

Message


This field contains a descriptive text of the event.

By placing the cursor over each row of this field, the user will be able to consult the full content of the field, and a pop-up text will appear with all the text with the information of the Event message. This is very useful in those occasions in which the text exceeds the available space and appears truncated. This is indicated by placing an ellipsis at the end of the cell (…). In these cases this is the easiest way to consult all the information about the event.

../../_images/2_057j_aggregator_realm_events-monitoring-message_0-58.jpg

Filtering of the list of Monitoring Events

The filters in the Monitoring Event List allow the user to select which of the stored events will be displayed. For this purpose, WOCU provides the user with tools that allow the selection of events either according to time criteria or according to criteria of the type of events themselves.

../../_images/2_058_aggregator_realm_events-monitoring-filters_0-58.jpg

Filtering by date range of the Monitoring Events

First, the Monitoring Events can be filtered according to the dates on which they were generated. For this purpose, the time filter described below is used.

../../_images/2_058a_aggregator_realm_events-monitoring-date-range_0-36.jpg

There are several time criteria already set for Event filtering:

Today: filters and displays only the events generated during the time period elapsed during the current day.

Yesterday: generated yesterday.

Last 24 hours: generated in the last 24 hours.

Last 48 hours: generated in the last 48 hours.

Last 7 Days: generated in the last seven days.

This Week: generated during the period of time elapsed in the current week (from the start day of the week to the current day).

Previous Week: generated in the previous full week (Monday-Sunday).

In case you want to set a specific period of time there is the option Custom Range. To configure the time frame it is necessary to set a start date and an end date. By clicking on one of the days, this date will be set as a selection, being marked with a blue background. In addition to the day, a specific time can be set for that day, using the drop-down menus in the hour, minute and second boxes, until the desired time is set. The selected date and time can be seen both in the upper boxes and in the lower part of the view.

../../_images/2_058b_aggregator_realm_events-monitoring-date-range-custom_0-36.jpg

Once the programming has been carried out, click on the Apply button to apply the programming.

Attention

It is of course not possible to choose start and end dates after the current date, nor to set an end date before the start date.

Filtering by type of Monitoring Events

The other filtering system for Monitoring Events is based on the types of Events recorded by WOCU. This filtering makes it easy to choose events that fall into certain categories.

For this purpose, WOCU offers the buttons shown on the right:

../../_images/2_058c_aggregator_realm_events-monitoring-filters-buttons_0-36.jpg

Once one of the filters has been selected, the box preceding each of the titles will be marked with a tick. After clicking the Filter button, the selected filters will be applied to the displayed events. The filters applied in the list of Monitoring Events will be marked in blue to distinguish them from the inactive filters (in white background).

The following filters are available:

Hosts.


Selecting this filter will display the events referring to the Hosts monitored in WOCU.

Services


Selecting this filter will display the events related to the Services belonging to the Hosts monitored in WOCU.

Notifications


Selecting this filter will display events of type Notifications.

Commands


Selecting this filter will display events of type Commands.

Flapping (Fast alternation of states)


Selecting this filter will display events of the type Rapid State Flapping.

Include Soft Changes


Checking this box will include in the list all SOFT events registered and stored in WOCU. By default, this option is unchecked, excluding SOFT events and displaying only HARD events.

Remember

  • SOFT: is assigned when the service status obtained is not definitive, as it may or may not be reverted in the next check attempt. In the case of exceeding the predefined number of attempts obtaining negative statuses, the error severity level shall be raised to HARD type. The objective is to avoid false alarms due to transient problems.

  • HARD: is assigned when the status of the service obtained is continuously erroneous, without being corrected. That is, when the service returns a negative status in the first attempt and also in the subsequent checks, exceeding the predefined number of attempts. This new situation is notified to the contact user.

Important

Logically, one of the different filters must be selected to be able to execute the Event filtering, otherwise no event would match the set criteria and nothing could be displayed. In case you click the Filter button without any filter selected, WOCU will launch this error message:

../../_images/2_058d_aggregator_realm_events-monitoring-filters-error_0-36.jpg

Filtered by Hostgroup

This action performs a filtering showing only the elements belonging to the chosen Hostgroup. To select a specific group, select the name of the group you wish to select from the drop-down list. To cancel the filter and show all the hosts, just select the first option in the drop-down list (-No HG filter-).

../../_images/2_058e_aggregator_realm_events-monitoring-filter-hostgroup_0-36.jpg

Important

The different navigation, search and sorting options available on this screen are explained in detail in the section: Common navigation, filtering and sorting options in WOCU.

Filter button

To consolidate the desired filter configuration, it will be necessary to first activate the Filter action to reload the inventory with the new data request launched.

../../_images/2_049u_aggregator_realm_assets_services-inventory-filter-button_0-55.png

Button for clearing applied filters (Clear Filter)

When the intention is to clear the applied filters, you can click the Clear filter button, and the configuration will be reset immediately, except for the search performed in the Search bar.

../../_images/2_107_aggregator_realm_assets_services-inventory-clear_filter-button_0-55.png

Export of the list of Monitoring Events

Next to the search bar there are two options for downloading files in CSV and JSON format, useful for data processing and management in tools external to WOCU or for later use in the system itself.

../../_images/2_049k_aggregator_realm_assets_hosts-inventory-export-buttons_0-36.png

Clicking on one of the buttons starts the download of files in the format:

CSV (Comma Separated Value)

Simple format that separates columns by a separator (semicolon “;”) and rows by a line break.

JSON (JavaScript Object Notation)

Lightweight data interchange format capable of being read by any programming language and therefore being used to exchange information between different technologies…

By default the filename will be: events_[realm name]_00h-00min_dd-mm-yyyy and the extension .csv or .json depending on the option chosen.

Important

If a filter is enabled, only the Events corresponding to the filter criteria shall be included in the export file, i.e. the same filter applied on screen shall be applied in the export.

List of other Log Events (Logs)

Thanks to the listing of Other Log Events (Logs) WOCU is able to query and display other external event messages, independent of WOCU events, but which may be useful in daily monitoring and operation tasks.

../../_images/2_059_aggregator_realm_events-logs-view_0-55.jpg

Note

As indicated in the text: Only the first 10000 entries can be shown, only the first 10000 entries will be shown, to ease and ease the query computation capacity.

Log Event Graph

The purpose of this graph is to show the progression of event receipts between two dates for a particular realm. Various filters can be configured that will affect the data displayed in the graph, these are explained in more detail in Filtering of the Log Events list.

../../_images/2_059a_aggregator_realm_events-logs-graphic_0-36.jpg

Regardless of the length of the date range, the interval is divided into 40 slices or bars to identify valleys or peaks of events in a very visual way. On the left side of the graph the oldest logs will be shown and on the right side the most recent logs will be shown.

As can be seen in the following image, placing the cursor over a specific bar displays a summary view, which specifies a specific time range (From/To) and the logs that have been recorded in that period. It allows to know when there is more or less activity in a specific time range.

../../_images/2_059b_aggregator_realm_events-logs-graphic-detail_0-36.jpg

In this way, it is easy to graphically analyse the log input, since it is common that in the event of an incident in the monitored infrastructure, the volume of logs sent by the different Assets increases.

A function that integrates the graph, is to filter logs by clicking on one or more time bars. For this purpose, the Date Range filter will be updated according to the time period covered by the highlighted bar (now highlighted in dark colour). In case two or more consecutive bars are selected, the filter shall nest and record the time period between the bars, i.e. the range starts with the time and time of the first bar and ends with the time and time of the last bar.

../../_images/2_059l_aggregator_realm_events-filter-graph_0-54.jpg

Attention

It shall not be possible to deselect intermediate bars, as this would “break” the selected time range. In such a situation, the system shall notify the following message:

../../_images/2_059n_aggregator_realm_events-filter-error_0-54.jpg

It shall also be possible to reset the selection applied to the graph by using the Reset Bars Graph button. In addition, the Filter Date Range will revert to the default Last 24 hours. This button will only be enabled when there are marked bars.

../../_images/2_059o_aggregator_realm_events-reset-button_0-54.jpg

Log Event List Fields

The log event list allows the consultation of all these messages sent by the different monitored elements. The information is shown structured in two fields:

Date


This field indicates how long ago the event was received (hours, minutes and seconds since the event was sent).

../../_images/2_059c_aggregator_realm_events-logs-date_0-36.jpg

By placing the cursor over each row of this field, the user will be able to consult the details of the field, and a pop-up text will show the date and time of the event.

Event


This field stores the full text of the logs.

../../_images/2_059d_aggregator_realm_events-logs-entry_0-36.jpg

This text is displayed in JSON format (JavaScript Object Notation), defining a series of fields or variables and their respective values. To facilitate the reading of these fields, WOCU offers a detailed and ordered entry of each log, to do so, click on the text of the entry and the following data table will expand:

../../_images/2_059e_aggregator_realm_events-logs-entry-expand_0-42.jpg

To collapse the information displayed, click on the button identified with a minus sign (-), located to the right of each cell.

At the bottom of each entry in the Event field there are three fields in which WOCU provides information about each of the logs:

  • Host: name of the Host to which the log message belongs. Clicking on this Host name takes you to the Asset Detail View.

  • Data source: name of the source, element or host from which each log message has been extracted.

  • Type: category to which the log message belongs according to its type.

Attention

In the process of configuring the log data sources, it is possible to assign a colour to each of them. This colour then appears in each of the entries, on the left-hand side, preceding the Date field. Therefore, the colour associated with each data source is completely configurable and will depend on the criteria of your Administrator.

Available Fields Filter

The Available fields filter allows you to select the information displayed in the Log List. Thanks to this filter it is possible to select which of the information collected in the Event field will be displayed to the user.

For this purpose, the filter allows you to select from a number of fields commonly found in log messages stored in WOCU. Once the fields to be displayed have been chosen and the selection has been applied.

../../_images/2_059f_aggregator_realm_events-logs-available-fields_0-36.jpg

To choose the fields to be displayed, simply click on them. These will be marked with a tick and their names will appear at the bottom of the Selected fields list:

../../_images/2_059g_aggregator_realm_events-logs-available-fields-selection_0-36.jpg

The Clear option will deselect all the fields that have been selected. To execute the selection, click on the blue Apply button:

../../_images/2_059h_aggregator_realm_events-logs-available-fields-selection-example_0-36.jpg

Once the Available Fields filter has been applied, the log information will be displayed showing in a column each of the selected fields.

Note

For events with nested objects, the system allows filtering by all the keys that make up these objects.

See the following event as an example:

{
    "event": {
    "message": "WOCU-Monitoring",
    "request": {
        "method": "GET",
        "url": "https://wocu-monitoring.com"
    }
    }
}

You will be able to filter by your keys as shown in the image:

  • event.message

  • event.request.method

  • event.request.url

../../_images/2_059m_aggregator_realm_events-fields-selection-example_0-49.jpg

Filtering of the Log Events list

By clicking on the “Show Filters” option located at the top right of the screen, the hiding of the Event filters will be reversed and the Event filters will be visible.

../../_images/2_059i_aggregator_realm_events-logs-filter_0-36.jpg

Filtering by Data Sources

By selecting one of the options in this menu, Logger resources or Logger resources types, it is possible to filter the list of logs that come from the selected source or type of source.

../../_images/2_059j_aggregator_realm_events-logs-filter-data-sources_0-36.jpg

Once you have selected the Logger resources option or the Logger resources types option, you will have to select one or more of the sources or types of sources listed under the buttons (the options selected by default will be highlighted with a grey background and those selected by the user with a blue background). To select multiple options, hold down the CTRL key while clicking on the name of the options you wish to select.

Filtering Log Events by date range

Log Events can be filtered according to the dates on which they were generated. The time filter described below is used for this purpose.

../../_images/2_059k_aggregator_realm_events-logs-filter-date-range_0-36.jpg

There are several time criteria already set for log filtering:

Today: Filters and displays only log events generated during the time period elapsed in today’s day.

Yesterday: generated yesterday.

Last 24 hours: generated in the last 24 hours.

Last 48 hours: generated in the last 48 hours.

Last 7 Days: generated in the last seven days.

This Week: generated during the period of time elapsed in the current week (from the start day of the week to the current day).

Previous Week: generated in the previous full week (Monday-Sunday).

In case you want to set a specific period of time there is the option Custom Range. To configure the time frame it is necessary to set a start date and an end date. By clicking on one of the days, this date will be set as a selection, being marked with a blue background. In addition to the day, a specific time can be set for that day, using the drop-down menus in the hour, minute and second boxes, until the desired time is set. The selected date and time can be seen both in the upper boxes and in the lower part of the view.

../../_images/2_059l_aggregator_realm_events-logs-filter-date-range-custom_0-36.jpg

Once the programming has been carried out, click on the Apply button to apply the programming.

Attention

In order to facilitate and alleviate the query computation capacity, the filtering of events by date range is limited to a maximum of seven days, i.e. the defined range may not exceed this interval (seven days).

It is of course not possible to choose start and end dates after the current date, nor to set an end date before the start date.

Filtered by Hostgroup

This action performs a filtering showing only the logs of the elements belonging to the chosen HostGroup. To select a specific group, choose the name of the group you wish to select from the drop-down list. To cancel the filter and show all the hosts, just select the first option in the drop-down list (-No HG filter-).

../../_images/2_058e_aggregator_realm_events-monitoring-filter-hostgroup_0-36.jpg

Important

The different navigation, search and sorting options available on this screen are explained in detail in the section: Common navigation, filtering and sorting options in WOCU.

Audit View

In this section you can view all the actions and operations carried out on a specific Realm, i.e. the information that is audited at Realm level is provided, with the purpose of making a subsequent audit of the processed information feasible.

Important

This space will only be operational in standard Realms.

../../_images/2_106_aggregator_events-audit_0-54.png

Note

As indicated in the text: Only the first 10000 entries can be shown, only the first 10000 entries will be shown, to ease and ease the query computation capacity.

Table Columns/ Fields


The fields that head the table are described below:

../../_images/2_106a_aggregator_events-audit-detail_0-54.png

✓ Date: date and exact time when the action was registered in the system, and consequently, a relevant event in the internal functioning and operation of the Realm took place.

✓ Realm(s): entity or set of entities where the action has been registered.

✓ User: user profile that has executed the action registered in the infrastructure.

Note

There is a user called System, author of automatic and periodic tasks managed in the application (launching of Import Tasks (Tasks), Scheduled Report Generation, etc.). It is assigned when there is no user behind the action performed.

✓ Method: indicates the method used according to the origin or nature of the audited action. It is categorised as follows:

  • Changes that occur at the database level, i.e. operations performed on a particular Realm from its Configuration Module.

    These are:

    • CREATE

    • UPDATE

    • DELETE

  • Audited requests based on HTTP protocol.

    • GET

    • POST

  • Relating to automatically executed processes (such as Reports and Import Tasks (Tasks)). Possible options include:

    • SCHEDULED <Name> REPORT: Scheduled Availability Report, Scheduled Multimetrics Report, Top Hosts Report, etc.

    • <Name> REPORT: Availability Report, Multimetrics Report, Top Hosts Report, etc.

    • SNMP IMPORT

    • CSV IMPORT

    • SNMP IMPORT INVENTORY

Note

There is a Filter by Method filter to limit the table by HTTP requests (Requests), database requests by configuration changes (Changes in configuration) or automatic processes (Automatic Process).

✓ Description: contains a general description of the registered operation.

✓ Affected Item(s): type of asset involved in the action performed. There are many types of items stored in the database (HOST, SERVICES, REPORTS, etc.).

✓ Actions: allows to know in detail the characteristics of the action performed on an object.

../../_images/2_104b_aggregator_audit-requests-realms-conf-table-action-detail_0-54.png

Note

It may happen that the text displayed in any of the columns exceeds the available space, in which case the text will be cut off at the limit of each column, followed by an ellipsis (…) to indicate that the text continues but has been cut off. However, you can view the full information by placing the cursor over the text.

Available data filters


Filtering of objects in the table is possible from the following drop-downs:

✓ Filter by Method: this selector gathers all possible methods categorised according to the origin or nature of the action:

../../_images/2_104e_aggregator_audit-requests-realms-conf-method-filter_0-55.png

Changes in configuration: encompasses changes that occur at the database level, i.e. operations performed on a particular Realm from its Configuration Module.

These are:

  • CREATE

  • UPDATE

  • DELETE

Request: encompasses audited requests based on the HTTP protocol.

  • GET

  • POST

Automatic Process: relating to automatic processes executed (such as Reports and Import Tasks (Tasks)). Some of the possible options are:

  • SCHEDULED <Name> REPORT: Scheduled Availability Report, Scheduled Multimetrics Report, Top Hosts Report, etc.

  • <Name> REPORT: Availability Report, Multimetrics Report, Top Hosts Report, etc.

  • SNMP IMPORT

  • CSV IMPORT

  • SNMP IMPORT INVENTORY

✓ Date range: audited actions can be filtered according to the dates on which they have been registered. A time filter is used for this purpose.

../../_images/2_104f_aggregator_audit-requests-realms-conf-date-range_0-54.png

There are several time criteria already set for the filtering of actions:

Today: filters and displays only the audited actions generated during the time period elapsed in today’s day.

Yesterday: shares registered yesterday.

Last 24 hours: actions registered in the last 24 hours.

Last 48 hours: actions registered in the last 48 hours.

Last 7 Days: actions registered in the last seven days.

This Week: actions recorded during the period of time elapsed in the current week (from the start day of the week to the current day).

Previous Week: actions registered in the previous full week (Monday-Sunday).

In case you want to set a specific period of time there is the option Custom Range. To configure the time frame it is necessary to set a start date and an end date. By clicking on one of the days, this date will be set as a selection and will be marked with a blue background. In addition to the day, you can set a specific time for that day. To do so, use the drop-down menus in the hour, minute and second boxes to set the desired time.

Attention

In order to facilitate and alleviate the query computation capacity, the filtering of items by date range is limited to a maximum of seven days, i.e. the defined range cannot be longer than this interval (seven days).

It is of course not possible to choose start and end dates after the current date, nor to set an end date before the start date.

Export of the list of items


The two buttons next to the Search bar, CSV and JSON, facilitate the export of data in both formats for further processing or use.

../../_images/2_049k_aggregator_realm_assets_hosts-inventory-export-buttons_0-36.png

CSV

Clicking on the corresponding button will open a new modal for the selection and marking of parameters to be exported at the user’s discretion. The available options are:

  • Dates (Obligatory)

  • User (Required)

  • Method

  • Description

  • Affected Item (Obligatorio)

  • Details

Once the selection is confirmed, a file is downloaded in CSV (Comma Separated Value) format, a very simple format that organises the columns by a separator (semicolon “;”) and the rows by a line break.

JSON

This other option follows the same operation as the previous case, but initiates the download of a file in JSON (JavaScript Object Notation) format, a lightweight data exchange format capable of being read by any programming language and, therefore, used to exchange information between different technologies.

In both options, the system will offer the option to select the directory where to download and store the generated inventory file and to assign an alternative name to it.