Getting started with event groups

Only Solution Administrators and Tenant Administrators can create and manage event groups. The following diagram describes the basic workflow of setting up and using event groups.

Sample use case

The following use case illustrates how you might implement event groups.

Scenario
Prerequisites
Implementation steps

Scenario

An IT organization has separate teams of IT operators to manage servers based on their locations. The IT operators have defined responsibilities to handle certain types of events.

Current process: The IT administrator assigns the event monitoring and management tasks to the IT operators. The operators use custom, quick, and time filters on the events to get the list that they need to work on.

Problems with current process: Because of access to all events, each IT operator needs to filter the events to get their specific list. The administrator has a lot of manual tasks and wants to streamline the event monitoring and management process.

Solution: The administrator can define event groups to classify events depending on the responsibilities of the IT operators.

Prerequisites

Assume that the following user groups, users, and authorization profiles are already created. For more information about how to create them, see Managing-users-and-user-groups and Managing-authorization-profiles. The roles exist by default.

User	User group	Role	Authorization profile	Role description
Sam	Administrator	Super Admin	Solution Administrator	Administrator who manages and monitors the IT infrastructure
Tom	Houston_Win	Operator	IT Operations Users-HoustonWin	Operator who manages all events from Windows servers that are located in Houston
Tina	Houston_UNIX	Operator	IT Operations Users-HoustonUnix	Operator who manages all events from UNIX servers that are located in Houston
Thomas	Pune_Win	Operator	IT Operations Users-PuneWin	Operator who manages all events from Windows servers that are located in Pune
Tony	Pune_UNIX	Operator	IT Operations Users-PuneUnix	Operator who manages all events from UNIX servers that are located in Pune

Note

Users with the Operator role must belong to different user groups to implement access control. They will be authorized to access specific event groups.

Implementation steps

Click a tab to view the step details.

Sam performs the following steps:

Log on to the TrueSight console.
Select Monitoring > Events.
Click View event groups icon .
In the Event Groups page, from the main action menu, select Create Event Group.
In the Name field, type By_location.
Click Select Parent Group and select Event Groups, which is the root or the topmost event group.
Specify the event group criteria:
a. In Class, select Event.
b. In Slots, select the condition: Severity >= Unknown. By using this condition, the event group will include all events, irrespective of their severity. The child event groups can then filter the events based on specific locations.
Click OK.
The By_location event group is created and displayed in the Event Groups page.
Similarly, create the following event groups, one by one, according to the following hierarchy:
By_location #Note: You have already created this event group.
Houston
Win_servers
        Critical
            Major
UNIX_servers
        Critical
            Major
Pune
    Win_servers
        Critical
            Major
UNIX_servers
        Critical
            Major
The following figure shows the page after all the event groups are created.
To view the event group hierarchy, from the View action menu, select Table View.

The event group hierarchy is displayed.

Click a tab to view the next step

Sam updates the authorization profiles of the IT operator users to grant them access to the event groups that they need to work on. As a user with Super Admin role, Sam has access to all event groups by default.

The following steps show how to update the authorization profile that Tom belongs to - IT Operations Users-HoustonWin.

On the TrueSight console, click Administration > Authorization Profiles.
Click the action menu for the IT Operations Users-HoustonWin profile and select Edit.

On the Profile Details page, in the Objects tab, select values according to the following table:

Selection order	Section	Value or action
1	Categories	TrueSight Presentation
2	Types	Event Groups
3	Source	Select the server that hosts the Presentation Server
4	Objects	Click the action menu, and select Edit as shown in the following figure.

The Edit Objects page is displayed.

Click Add.
Select Win_servers because Tom manages all events from Windows servers that are located in Houston.
The child event groups Critical and Major are automatically selected.

The Edit Objects page displays the selected object - Win_servers.

Click Save. The selected object is displayed in the Profile Details page.

Similarly, update the authorization profiles for the other operator users as per the following table:

Authorization profile	User group	Role	Accessible event groups
IT Operations Users-HoustonUnix	Houston_UNIX	Operator	Houston UNIX_servers Critical Major
IT Operations Users-PuneWin	Pune_Win	Operator	Houston Win_servers Critical Major
IT Operations Users-PuneUnix	Pune_UNIX	Operator	Houston UNIX_servers Critical Major

Click a tab to view the next step

Tom, Tina, Thomas, and Tony can now view and work with their event groups.
Tom performs the following steps:

Log on to the TrueSight console.
Click Monitoring > Events.
Click the View Event Groups icon.
View the event groups. The Event Groups page is displayed with the default settings.
Total assigned event groups are three but only two event groups are displayed because of the default filtering.
To view all event groups, from the main action menu, select Show All Event Groups.

All event groups are displayed.

Tina, Thomas, and Tony can perform these steps to view the event groups assigned to them.

Where to go from here

After you understand the event groups workflow, you can perform any of the following procedures: