Analyzing events

This topic explains the concept of event analysis and instructions on creating event cluster queries and analyzing event clusters.

Events are notifications that indicate changes in the state of an application or device that you are monitoring. An event can represent an error or warning, it can mean the crossing of a set threshold, or it can mean everything is working as expected, and so on. When the product discovers an issue with a device, the monitor that is set up for that device activates an event with a particular severity. Therefore, analyzing all events is important to understand the health of your environment. However, finding the event that needs immediate attention can be tedious and time-consuming.

BMC Helix Operations Management applies an intelligent algorithm on the event list and groups them into clusters based on event messages. You can analyze a cluster and view its events by device or by severity.

The Monitoring > Analytics page displays clusters of the latest 10,000 events by default. In addition, you can analyze grouped events or events generated for grouped devices searching by the group name. 

To create an event cluster query

On the Monitoring > Analytics page, do the following

  1. Create a query to filter events.

     Creating the query

    When you click in the box, you are prompted to make a selection. Each time you make a selection, you are progressively prompted to make another selection. 

    The query consists of Group Name, followed by Equals, and the group name for which you want to filter.

    Example query: Group Name Equals with_os_lin. When you analyze the query results, all events of the with_OS_lin group are displayed.

    The green tick mark indicates that the query syntax is correct.

  2. From the time filter list, select the time for running the query.
  3. Click Analyze.
    The green tick mark indicates that the query is correct.

To analyze an event cluster

In an event cluster, events with similar messages are grouped together. The event message based on which a cluster is formed is shown as a tooltip when you hover over the cluster. In the tooltip, ellipses represent the part of the message that is different in the clustered events.

The top 20 clusters (based on the number of events in a cluster) are shown as a query result. When you click an event cluster, the Event Summary page is displayed where you can view events by device or by severity. 

  1. Event message that you are analyzing
  2. Events by device or by severity

The following illustration shows events in a cluster by severity.

You can click a device or severity to view the list of events that are clustered for the device or severity.

  1. Breadcrumbs that help you to navigate through the results.
  2. Search box that enables you to search for an event message in the event list.

The following illustration shows the time range based on the option that you select in the time filter. You can change the time range to view results at different times. This time range is not displayed when you select the All option from the time filter.

Was this page helpful? Yes No Submitting... Thank you