Getting started with event groups
Only Solution Administrators and Tenant Administrators can create and manage event groups. The following diagram describes the basic workflow of setting up and using event groups.
Sample use case
The following use case illustrates how you might implement event groups.
Scenario
An IT organization has separate teams of IT operators to manage servers based on their locations. The IT operators have defined responsibilities to handle certain types of events.
Current process: The IT administrator assigns the event monitoring and management tasks to the IT operators. The operators use custom, quick, and time filters on the events to get the list that they need to work on.
Problems with current process: Because of access to all events, each IT operator needs to filter the events to get their specific list. The administrator has a lot of manual tasks and wants to streamline the event monitoring and management process.
Solution: The administrator can define event groups to classify events depending on the responsibilities of the IT operators.
Prerequisites
Assume that the following user groups, users, and authorization profiles are already created. For more information about how to create them, see Managing users and user groups and Managing authorization profiles. The roles exist by default.
User | User group | Role | Authorization profile | Role description |
|---|---|---|---|---|
Sam | Administrator | Super Admin | Solution Administrator | Administrator who manages and monitors the IT infrastructure |
Tom | Houston_Win | Operator | IT Operations Users-HoustonWin | Operator who manages all events from Windows servers that are located in Houston |
Tina | Houston_UNIX | Operator | IT Operations Users-HoustonUnix | Operator who manages all events from UNIX servers that are located in Houston |
Thomas | Pune_Win | Operator | IT Operations Users-PuneWin | Operator who manages all events from Windows servers that are located in Pune |
Tony | Pune_UNIX | Operator | IT Operations Users-PuneUnix | Operator who manages all events from UNIX servers that are located in Pune |
Implementation steps
Click a tab to view the step details.
Sam performs the following steps:
- Log on to the TrueSight console.
- Select Monitoring > Events.
- Click View event groups icon
. - In the Event Groups page, from the main action menu, select Create Event Group.
- In the Name field, type By_location.
- Click Select Parent Group and select Event Groups, which is the root or the topmost event group.
- Select Associated Table View as Table view by location.
- Specify the event group criteria:
a. In Class, select Event.
b. In Slots, select the condition: Severity >= Unknown. By using this condition, the event group will include all events, irrespective of their severity. The child event groups can then filter the events based on specific locations.
- Click OK.
The By_location event group is created and displayed in the Event Groups page. Similarly, create the following event groups, one by one, according to the following hierarchy:
By_location #Note: You have already created this event group.
Houston
Win_servers
Critical
Major
UNIX_servers
Critical
Major
Pune
Win_servers
Critical
Major
UNIX_servers
Critical
MajorThe following figure shows the page after all the event groups are created.
- To view the event group hierarchy, from the View action menu, select Table View.
The event group hierarchy is displayed.
Click a tab to view the next step
Sam updates the authorization profiles of the IT operator users to grant them access to the event groups that they need to work on. As a user with Super Admin role, Sam has access to all event groups by default.
The following steps show how to update the authorization profile that Tom belongs to - IT Operations Users-HoustonWin.
- On the TrueSight console, click Administration > Authorization Profiles.
- Click the action menu for the IT Operations Users-HoustonWin profile and select Edit.
On the Profile Details page, in the Objects tab, select values according to the following table:
Selection order
Section
Value or action
1
Categories
TrueSight Presentation
2
Types
Event Groups
3
Source
Select the server that hosts the Presentation Server
4
Objects
Click the action menu, and select Edit as shown in the following figure.
The Edit Objects page is displayed.- Click Add.
- Select Win_servers because Tom manages all events from Windows servers that are located in Houston.
The child event groups Critical and Major are automatically selected.
Note: The Out-of-the-Box event groups are not considered in this example.
The Edit Objects page displays the selected object - Win_servers.
Click Save. The selected object is displayed in the Profile Details page.
Similarly, update the authorization profiles for the other operator users as per the following table:Authorization profile
User group
Role
Accessible event groups
IT Operations
Users-HoustonUnixHouston_UNIX
Operator
Houston
UNIX_servers
Critical
MajorIT Operations Users-PuneWin
Pune_Win
Operator
Houston Win_servers
Critical
MajorIT Operations Users-PuneUnix
Pune_UNIX
Operator
Houston
UNIX_servers
Critical
Major
Click a tab to view the next step
Tom, Tina, Thomas, and Tony can now view and work with their event groups.
Tom performs the following steps:
- Log on to the TrueSight console.
- Click Monitoring > Events.
- Click the View Event Groups icon.
- View the event groups. The Event Groups page is displayed with the default settings.
Total assigned event groups are three but only two event groups are displayed because of the default filtering.
- To view all event groups, from the main action menu, select Show All Event Groups.
Static event groups are displayed irrespective of whether you have matching events. However, dynamic event groups are not displayed unless there are matching events.
All event groups are displayed.
Tina, Thomas, and Tony can perform these steps to view the event groups assigned to them.
Where to go from here
After you understand the event groups workflow, you can perform any of the following procedures: