Using incident notifications

In addition to monitoring incidents on dashboards and on the Incidents page, you can monitor incidents by using email notifications and SNMP traps.

Before you begin

Configure an incident detection rule and set up email notifications for the rule.

To use SNMP traps, configure the SNMP.

To perform this procedure, you must have Operator-level access, or higher.

Using email notifications

When the system detects an incident that matches a rule, it sends an email with incident details to recipients specified in the Notification tab of the incident detection rule.

Typical incident email notification contains the following information:

  • Date and time when the incident occurred
  • Device that detected the incident
  • The type of incident detection rule that triggered the incident (Availability, Performance, or Volume)
  • The Watchpoint associated with the incident
  • Incident's urgency rating
  • Incident description
  • Hyperlinks for viewing the incident on the Incidents page or in the Session Browser
  • Incident detection rule that detected the incident
  • A list of traffic property values that changed significantly during the incident.
Example

Date: 2012-07-03 14:27:21 -0400

Source: Real User Analyzer [10.160.0.12|TS12-CS-CS-C-0069] Incident type: Availability Incident detection rule: Availability incidents for All-Pages (ID=3)

Watchpoint: All-Pages

Urgency rating: 13

Sessions: 1

Description: On 2012-07-03 14:15:00 -0400 for about 5 minutes, this Watchpoint had an availability error ratio of 57.2%. This exceeds the incident declaration threshold configured at that time. This affected 1 session(s).

View details about this incident:

View affected sessions:

View Incident detection rules: https://10.160.0.12/admin/incidentdetection/viewRules.jsf

List of significant changes:

Browser name:
 1. Internet Explor*: +100.00

URI stem:
 1. /developer-api-standards/index.htm: +8.33
 2. /success/index.htm: +8.33
 3. /services/index.htm: +8.33
 4. /countries/index.htm: +8.33
 5. /products/index.htm: +8.33

Error code:
 1. 30: +99.17
 2. 7: +0.83

URI host:
 1. www.example.com: +91.67
 2. counter.example1.com: +8.33

Collector feed name:
 1. collector20: +100.00

Server ID:
 1. 16.183.213.80: +91.67
 2. 16.161.46.23: +8.33

Session ID:
 1. 210045963: +100.00

Note

List of significant changes displays the deviation percentage for the traffic properties that changed significantly during the incident.

Using SNMP traps

The system supports SNMPv1, SNMPv2c, and SNMPv3. It uses TRAP protocol operations to send information to your managing system.

For more information about setting up the SNMP traps, refer to the Enabling-the-SNMP-service-for-end-user-experience-monitoring section.

When the system detects an incident that matches a rule, it sends an SNMP trap with incident details to the server that receives all traps generated by the system.

SNMP trap example

trap.png

Related topics

Configuring-incident-notifications-on-the-Analyzer

Defining-an-email-notification-group-for-system-alerts

Enabling-the-SNMP-service-for-end-user-experience-monitoring

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*