Understanding event groups
Event groups are sets of events that meet certain criteria or conditions. These conditions act as filters on events. The conditions are defined by using types of events that are called event classes and attributes of the event types that are called slots. For more information, see How event classes are structured.
Event groups are of two types: static event groups and dynamic event groups.
When you view all the events groups (Event Groups > Show All Event Groups), static event groups are displayed irrespective of whether you have matching events.
Dynamic event groups will not be displayed if there are no events that meet the criteria specified while creating a dynamic group. They will appear when you have matching events.
The color of the header indicates the highest severity of the open events from the event group.
The Event Groups page displays the count of open events and total events for the event group. When you click the Open Events or Total Events count, the Events page that shows the open events or total events of that event group is displayed.
Advantages
Event groups can simplify management of events. As an administrative user, you can use event groups for better event monitoring and manageability and for simplifying the allocation of event monitoring jobs. As an operations user, event groups enable you to view only those events that you need to work on, thereby improving your focus and productivity.
Event groups are organized in a hierarchical structure. You can nest event groups within an existing event group; that is, you create an event group and then add one or more event groups as its children. A child event group inherits all conditions that are defined for the parent and must have additional conditions applied to it. Using hierarchical event groups enables you to further narrow down the resulting event list in an event group. For example, you can create the following hierarchy of event groups:
Event Groups
By Location
USA
Redmond
Chicago
UK
London
BirminghamOnly Solution Administrators and Tenant Administrators can create, modify, and delete event groups. The Solution Administrator has access to all the event groups, irrespective of who created them. The Tenant Administrators have access to event groups that are specific to their business. By using authorization profiles, administrators can authorize user groups to access event groups.
The dynamic event group enables you to create multiple event groups based on the unique values of the selected event slot. You need not create separate event groups based on individual unique values of the selected event slot. For example, if the dynamic event group is created based on the Status slot, then the multiple dynamic event groups created are: Open, Acknowledged, Assigned, and Blackout. Note that events with the status, Closed are not considered for displaying event groups. Also, closed events are not included while displaying the total event count.
Note
The event groups feature is available only if you have selected All TrueSight Infrastructure Management Servers as the event source. Event groups are not supported on events from remote cells.
Use cases
You can use event groups in the following scenarios:
- An IT administrator wants to restrict an IT operator from accessing events from a specific server. In such a scenario, the IT administrator can create an event group by specifying the condition to exclude events from the server and assign the IT operator to this event group.
- Two operators in an organization are responsible for monitoring and managing events from Windows servers. Each of them needs to create a custom filter to only show events from the Windows server. With the event groups feature, the administrator can create an event group for all events from Windows servers and provide the operators access to that group. The operators do not need to create individual filters to get an auto-filtered event list.
- An IT administrator wants IT operators to monitor specific events. The administrator can create event groups by defining the criteria to show specific events and then authorize the IT operators to access the event groups that they need to monitor.
- An IT department has two operator users. One operator is a Windows expert while the other one is a Linux expert. The IT administrator can create an event group for events from each of these operating systems and authorize the respective expert operators to access them. This way, the operators concentrate only on the events from their area of expertise.
- An IT administrator wants IT operators to monitor specific events assigned to them. The administrator can create dynamic event group by defining the slot name as Owner. The multiple event groups are created for owners who have events assigned to them. The event groups are not created or removed for owners who do not have any events assigned.
Associating with table views
The events table view on the Events page provides an overview of events. A different table views can be created with the customized slots. You can associate a particular table view with the event group while creating or editing the event group. The events of that event group are displayed according to the associated table view. For more information, see Accessing the event table views from the TrueSight console.
Where to go from here
After you understand event groups, you can perform any of the following procedures:
Comments
Log in or register to comment.