Understanding event groups


Event groups are sets of events that meet certain criteria or conditions. These conditions act as filters on events. The conditions are defined by using types of events that are called event classes and attributes of the event types that are called slots. For more information, see How event classes are structured.

Advantages

Event groups can simplify management of events. As an administrative user, you can use event groups for better event monitoring and manageability and for simplifying the allocation of event monitoring jobs. As an operations user, event groups enable you to view only those events that you need to work on, thereby improving your focus and productivity.

Event groups are organized in a hierarchical structure. You can nest event groups within an existing event group; that is, you create an event group and then add one or more event groups as its children. A child event group inherits all conditions that are defined for the parent and must have additional conditions applied to it. Using hierarchical event groups enables you to further narrow down the resulting event list in an event group. For example, you can create the following hierarchy of event groups:

Event Groups
By Location
  USA
    Redmond
    Chicago
  UK
    London
    Birmingham

Only Solution Administrators and Tenant Administrators can create, modify, and delete event groups. The Solution Administrator has access to all the event groups, irrespective of who created them. The Tenant Administrators have access to event groups that are specific to their business. By using authorization profiles, administrators can authorize user groups to access event groups.

Note

The event groups feature is available only if you have selected All TrueSight Infrastructure Management Servers as the event source. Event groups are not supported on events from remote cells.

Use cases

You can use event groups in the following scenarios:

  • An IT administrator wants to restrict an IT operator from accessing events from a specific server. In such a scenario, the IT administrator can create an event group by specifying the condition to exclude events from the server and assign the IT operator to this event group.
  • Two operators in an organization are responsible for monitoring and managing events from Windows servers. Each of them needs to create a custom filter to only show events from the Windows server. With the event groups feature, the administrator can create an event group for all events from Windows servers and provide the operators access to that group. The operators do not need to create individual filters to get an auto-filtered event list.
  • An IT administrator wants IT operators to monitor specific events. The administrator can create event groups by defining the criteria to show specific events and then authorize the IT operators to access the event groups that they need to monitor.
  • An IT department has two operator users. One operator is a Windows expert while the other one is a Linux expert. The IT administrator can create an event group for events from each of these operating systems and authorize the respective expert operators to access them. This way, the operators concentrate only on the events from their area of expertise.

Where to go from here

After you understand event groups, you can perform any of the following procedures:

 

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*