Using event groups to filter events
Event groups are sets of events that meet certain conditions. These conditions act as filters on events. You can use event groups only after they are defined. Only Solution Administrators and Tenant Administrators can create, modify, and delete event groups. Several out-of-the-box event groups are included with the TrueSight console that enable you to process events quickly.
This topic covers the following information:
To understand fields and options on the Event Groups page
The following figure highlights the various fields and options that are available on the Event Groups page.
Main action menu
Displays the following options:
|Quick severity filter||Displays color-coded severity levels as separate buttons. Each button displays the total count of event groups that include at least one event that matches the severity level.|
|View action menu|
Displays the Tile View and Table View options. You can toggle between the two views.
The Table View option displays the event group hierarchy and shows the parent-child relationships between the event groups. The dynamic event group is marked with a star and includes the dynamic event group definition name in a bracket.
The Tile View option displays the event groups as an independent element or tile. The dynamic event groups are marked with a star on the header. The tooltip includes the dynamic event group definition name in a bracket.
|Sort by action menu|
Displays the Sort By Severity, Sort By Name (Ascending), and Sort By Name (Descending) options. You can change the order of the event groups by sorting them based on the descending order of the severity of events. You can also sort the event groups based on their names in either ascending or descending order.
By default, event groups are sorted by Severity. If the event severity in two event groups is the same, they are sorted based on the ascending order of their names.
|Event group tile header|
Displays the name of the event group. The dynamic event groups are marked with a star on the header.
The color of the header indicates the highest severity of the open events from the event group. For example, if the header of an event group is in Red color, at least one of the open events is in critical severity.
Displays the count of open events and total events in the event group. When you click the Open Events or Total Events count, the Events page that shows the open events or total events of that event group is displayed. If you do not have access to an event group, the counts for that event group are not clickable and displayed in gray color. You can use the View preferences option to define which events are open. For more information, see Customizing the display of event groups.
The total events count includes events with Open, Acknowledged, Assigned, and Blackout status. Events with Closed status are not included in the Total Events count.
|Event group search|
Enables you to find event groups by performing a search on their names. The search is not case sensitive and is performed on all event groups, irrespective of any severity filter that you might have applied. To search, click the search iconand enter the search text. Click the search icon again or press Enter.
|Refresh page||Enables you to manually refresh the page. You can customize the page settings to automatically refresh the page every one to ten minutes.|
|Collapse or expand quick filters or preferences|
Enables you to collapse or expand the quick filters area to give you more display area for event groups. You can toggle between displaying and hiding the quick filters area using this option.
|View preferences||Enables you to customize the page. For more information, see Customizing the display of event groups.|
Launches context-sensitive help.
The online version of the documentation is displayed. For working offline, you can download an Adobe Acrobat PDF of this documentation from PDFs and Videos.
To view event group details
In the Tile view, click the event group tile headeror in the Table view, click the event group name.
The Event Group Details page is displayed that shows the information about the event group.
To view event group hierarchy
To see the parent-child relationships of all the event groups, you must view the event groups in the Table view. The selected view name is displayed next to the View action menu. By default, event groups are displayed in Tile view in which an event group is displayed as a separate, independent tile.
To change the view, use the View action menu. The following figure shows an example of event group hierarchy:
To manage events from an event group
Click the count of open events or total events for the event group as shown.
In Table view:
The Events page is displayed that shows events from the selected event group. You can now work on this filtered list of events by performing tasks such as review the event summary, filter the events, perform remote actions, and so on. For more information, see Monitoring and managing events.
To view event groups by severity
You can sort or filter event groups based on the severity of the events that belong to that group. The severity is indicated by different colors and icons.
To sort event groups by severity: In the Sort by action menu, select Sort By Severity to view the event group with Critical events first followed by those with descending order of severity.
To filter event groups based on severity: In the quick severity filter, click a severity button to view or hide event groups of that severity. For example, if you click only the Critical severity button, event groups that have at least one critical event in open state are displayed and the other event groups are filtered out.
You can select more than one severity button.
To display specific event groups
You can filter out event groups and view only specific event groups. To do so, use the quick severity filterand event group search features.
Where to go from here
After you use the event groups filter, you can perform any of the following procedures on the filtered set of events: