Table of Contents (Start)
- Topics
- Introducing SevOne
- Login
- Startup Wizard
- Dashboard
- Global Search - Advanced Search
- Report Manager
- Report Attachment Wizard
- Report Properties
- Report Interactions
- Instant Graphs
- TopN Reports
- Alerts
- Alert Archives
- Alert Summary
- Instant Status
- Status Map Manager
- Edit Maps
- View Maps
- FlowFalcon Reports
- NBAR Reports
- Logged Traps
- Unknown Traps
- Trap Event Editor
- Trap Destinations
- Trap Destination Associations
- Policy Browser
- Create and Edit Policies
- Webhook Definition Manager
- Threshold Browser
- Create and Edit Thresholds
- Probe Manager
- Discovery Manager
- Device Manager
- New Device
- Edit Device
- Object Manager
- High Frequency Poller
- Device Summary
- Device Mover
- Device Groups
- Object Groups
- Object Summary
- Object Rules
- VMware Browser
- AWS Plugin
- Azure Plugin (Public Preview)
- Calculation Plugin
- Database Manager
- Deferred Data Plugin
- DNS Plugin
- HTTP Plugin
- ICMP Plugin
- IP SLA Plugin
- JMX Plugin
- NAM
- NBAR Plugin
- Portshaker Plugin
- Process Plugin
- Proxy Ping Plugin
- SDWAN Plugin
- SNMP Plugin
- VMware Plugin
- Web Status Plugin
- WMI Plugin
- xStats Plugin
- Indicator Type Maps
- Device Types
- Object Types
- Object Subtype Manager
- Calculation Editor
- xStats Source Manager
- User Role Manager
- User Manager
- Session Manager
- Authentication Settings
- Preferences
- Cluster Manager
- Maintenance Windows
- Processes and Logs
- Metadata Schema
- Baseline Manager
- FlowFalcon View Editor
- Map Flow Objects
- FlowFalcon Views
- Flow Rules
- Flow Interface Manager
- MPLS Flow Mapping
- Network Segment Manager
- Flow Protocols and Services
- xStats Log Viewer
- SNMP Walk
- SNMP OID Browser
- MIB Manager
- Work Hours
- Administrative Messages
- Enable Flow Technologies
- Enable JMX
- Enable NBAR
- Enable SNMP
- Enable Web Status
- Enable WMI
- IP SLA
- SNMP
- SevOne Data Publisher
- Quality of Service
- Perl Regular Expressions
- Trap Revisions
- Integrate SevOne NMS With Other Applications
- Email Tips and Tricks
- SevOne NMS PHP Statistics
- SevOne NMS Usage Statistics
- Glossary and Concepts
- Map Flow Devices
- Trap v3 Receiver
- Guides
- Quick Start Guides
- AWS Quick Start Guide
- Azure Quick Start Guide (Public Preview)
- Data Miner Quick Start Guide
- Flow Quick Start Guide
- Group Aggregated Indicators Quick Start Guide
- IP SLA Quick Start Guide
- JMX Quick Start Guide
- Metadata Quick Start Guide
- RESTful API Quick Start Guide
- Self-monitoring Quick Start Guide
- SevOne NMS Admin Notifications Quick Start Guide
- SNMP Quick Start Guide
- Synthetic Indicator Types Quick Start Guide
- Topology Quick Start Guide
- VMware Quick Start Guide
- Web Status Quick Start Guide
- WMI Quick Start Guide
- xStats Quick Start Guide
- xStats Adapter - Accedian Vision EMS (TM) Quick Start Guide
- Deployment Guides
- Automated Build / Rebuild (Customer) Instructions
- Generate a Self-Signed Certificate or a Certificate Signing Request
- SevOne Best Practices Guide - Cluster, Peer, and HSA
- SevOne Data Platform Security Guide
- SevOne NMS Implementation Guide
- SevOne NMS Installation Guide - Virtual Appliance
- SevOne NMS Advanced Network Configuration Guide
- SevOne NMS Installation Guide
- SevOne NMS Port Number Requirements Guide
- SevOne NMS Upgrade Process Guide
- SevOne Physical Appliance Pre-Build BIOS and RAID Configuration Guide
- SevOne SAML Single Sign-On Setup Guide
- Cloud Platforms
- Other Guides
- Quick Start Guides
Alert Archives
The Alert Archives enables you to view acknowledged and cleared alerts. You acknowledge alerts on the Alerts page and you define clear conditions for thresholds and policies to clear alerts. Alerts are messages such as threshold violations, trap notifications, or web site errors you define on the Policy Browser and the Threshold Browser.
To access to the Alert Archives from the navigation bar, click the Events menu, select Archives, and then select Alert Archive.
SevOne recommends the alert archives are less than 2 million alerts. To trim, modify Administration > Cluster Manager > Cluster Settings tab > Alerts subtab > Alert Duration field or please contact SevOne Support for help.
A maximum of 50,000 active alerts making it to be 2 million archived alerts + 50,000 active alerts is recommended by SevOne.
To display different levels of Alert granularity, alerts can be grouped. Events > Alerts > Grouping drop-down enables you to manage the alerts and alert details that appear in the list.
Alert Archives Default Display
The following appears by default when the Alert Archives initially appears.
-
The title bar displays the number of archived alerts that appear on the page and the total number of archived alerts.
-
The title bar contains the following icons to enable you to export the archived alerts you select in the list. A message appears to indicate how many archived alerts are selected when you select the check box next to each archived alert.
When you select the check box in the header row, the archived alerts on the current page display a check mark in the check box but archived alerts on other pages are not selected.
- Select the check box for the alerts to include in a .csv file and click to export the alerts you select to a .csv format.
-Select the check box for each archived alert to include in a .pdf file and click to export the archived alerts you select to a .pdf format.
- Click to add the alert archives report as an attachment in a report on a new browser tab. You can detach the entire alert archives list or you can select the check box for each archived alert to include in the report. You can modify reports to add other attachments and you can save reports to the Report Manager. Report workflows enable you to designate reports to be your favorite reports and to define one report to appear as your custom dashboard.
-
The Grouping drop-down is set to Alerts and the alert archives list is sorted by severity. Please refer to Group Archived Alerts section below.
-
The Filter section is hidden. Please refer to Alert Archives List Filters section below.
-
Click Show Comments button to display the Comments column in the table. To hide the comments, click Hide Comments button.
-
The Time Span is set to Today and displays the time span as a blue font link. The drop-down and the link enable you to define a time span.
Alert Archives List Filters
Filters enable you to focus the alert archives list. Filters are optional and cumulative.
Click Show Filter to display the Filter section that contains four tabs. After you define the alert archives list filters, the following controls enable you to apply the filters.
-
Click Hide Filter to close the filter section.
-
Click Apply Filter to apply the filters. When you apply filters, a red message appears next to the Clear Filter button.
-
Click Clear Filter to return the alert archives list to the default filter settings.
General Filters
The following filters appear on the General tab.
-
Clear/select the check box for each Severity level to limit the alert archives list to the severities you specify.
-
Click the Technology Type drop-down.
-
Select All to display both flow technology type and metric technology type alerts.
-
Select Flow to display only flow technology type alerts.
-
Select Metric to display only metric technology type alerts.
-
-
In the Message field, enter message text on which to filter archived alerts.
-
Click the Assigned drop-down and select the user id to display archived alerts assigned to it.
-
In the Search ID field, enter an alert identifier and select Alert ID, enter a threshold identifier and select Threshold ID, or enter a policy identifier and select Policy ID to search for an alert by ID. You must enter the full ID and wild cards are not allowed.
-
The Show drop-down is irrelevant.
Devices Filters
The Devices tab enables you to filter the alert archives for specific devices. Archived alerts for the devices select display in the alert archives list. Leave clear to display archived alerts for all devices.
Objects Filters
The Objects tab enables you to filter alerts for specific objects.
-
Click the Device drop-down and select the device that contains the objects that triggered the alerts.
-
Alerts fort the objects you move to the field on the right appear in the alerts list. Leave the right side field clear to display archived alerts for all objects.
Device Groups Filters
The Device Groups tab enables you to filter the alert archives for specific device groups/device types. Click the Device Groups drop-down and select the check box for each device group/device type for which to display archived alerts. Leave all check boxes clear to include all device groups/device types.
Object Groups Filters
The Object Groups tab enables you to filter the alert archives for specific object groups. Archived alerts for the object groups you move to the field on the right appear in the alert archives list. Leave the right side field clear to display archived alerts for all object groups.
Group Archived Alerts
You can group archived alerts to display different levels of archived alert granularity.
Grouping - Alerts
Click the Grouping drop-down and select Alerts. Alerts is the default grouping setting when the Alert Archives initially appears. The Alerts grouping level is the most granular archived alerts display.
-
ID - Displays the internal tracking number for each archived alert.
-
- The archived alert is unassigned. -
- The archived alert is assigned.
-
-
Device - Displays the name of the device that triggered the archived alert.
-
First - Displays the date and time that the archived alert was first reported.
-
Last - Displays the date and time that the archived alert was last modified.
-
Clear - Displays the date and time that the archived alert was cleared / acknowledged.
-
Assigned To - Displays the user id to whom the alert is assigned.
-
Severity - Displays the archived alert severity level.
-
Message - Displays the message the threshold generates.
-
Comments - Displays the comment provided by the customer. To display the Comments column, click the Show Comments button. To hide the comments, click the Hide Comments button.
Click on an archived alert row to display the following information.
-
Device - Displays the name of the device that triggered the archived alert. Click the device name to display a link to the Device Summary and links to the report templates that are applicable for the device.
-
Object - Displays the name of the object or interface that triggered the archived alert. Click the object name: For flow technology alerts, the FlowFalcon Reports page appears and for metric technology alerts, a link to the Object Summary and links to the report templates that are applicable for the object appear.
-
Threshold - Displays the name of the threshold that triggered the archived alert. Click the threshold name to display the Threshold Editor.
-
Severity - Displays the archived alert severity level.
-
Clear Message - Displays the message that appears when an alert is acknowledged. For example, Acknowledged by admin.
-
Message - Displays the message the threshold generates.
-
First - Displays the date and time that the archived alert was first reported.
-
Last - Displays the date and time that the archived alert was last modified.
-
Clear - Displays the date and time that the archived alert was cleared / acknowledged.
-
Assigned To - Displays the user id to whom the alert is assigned.
-
Occurrences - Displays the total number of times the archived alert triggered in the time frame between First and Last.
Grouping - Devices
Click the Grouping drop-down and select Devices.
-
Device - Displays the name of the device that triggered the archived alerts.
-
First - Displays the date and time that the first archived alert for the device was first reported.
-
Last - Displays the date and time that the last archived alert for the device was last modified.
-
Clear - Displays the date and time that the archived alert was cleared / acknowledged.
-
Highest Severity – Displays the highest severity level of the archived alerts on the device.
-
Message - Displays the total number of archived alerts the device triggered and the highest severity level of the archived alerts on the device.
Click on either a device name or on a message to display the alert archives list with the Alerts grouping setting and filters applied to display archived alerts for only the device you select. Please refer to Grouping - Alerts section above.
Grouping - Device Groups
Click the Grouping drop-down and select Device Groups.
-
Device Group - Displays the name of the device group/device type that triggered the archived alerts.
-
First - Displays the date and time that the first archived alert for the device group/device type was first reported.
-
Last - Displays the date and time that the last archived alert for the device group/device type was last modified.
-
Clear - Displays the date and time that the archived alert was cleared / acknowledged.
-
Highest Severity – Displays the highest severity level of the archived alerts for the device group/device type.
-
Message - Displays the total number of archived alerts the device group/device type triggered and the highest severity level of the archived alerts in the device group/device type.
Click on either a device group/device type name or on a message to display the alert archives list with the Devices grouping setting and filters applied to display archived alerts for only the devices in the device group/device type you select. Please refer to Grouping - Devices section above.
Grouping - Object Groups
Click the Grouping drop-down and select Object Groups.
-
Object Group - Displays the name of the object groups that triggered archived alerts.
-
First - Displays the date and time that the first archived alert for the object group was first reported.
-
Last - Displays the date and time that the last archived alert for the object group was last modified.
-
Clear - Displays the date and time that the archived alert was cleared / acknowledged.
-
Highest Severity – Displays the highest severity level of the archived alerts for the object group.
-
Message - Displays the total number of archived alerts the object group triggered and the highest severity level of the archived alerts for the objects in the object group.
Click on either an object group name or on a message to display the alert archives list with the Devices grouping setting and filters applied to display archived alerts for only the devices in the object group you select. Please refer to Grouping - Devices section above.
Alerts Archive Report
To view an instant Alerts Report, click on 
to detach the report first. In a new tab, you will see the Instant Report for Alerts Report.
-
Alert ID - Displays the internal tracking number for each archived alert.
-
Device Name - Displays the name of the device that triggered the archived alert.
-
First - Displays the date and time that the archived alert was first reported.
-
Last - Displays the date and time that the archived alert was last modified.
-
Clear - Displays the date and time that the archived alert was cleared / acknowledged.
-
Assigned To - Displays the user id to whom the alert is assigned.
-
Severity - Displays the archived alert severity level.
-
Message - Displays the message the threshold generates.
-
Comments - Displays the comment provided by the customer. This column is only displayed if you have Show Comments button selected. Otherwise, the Comments column is hidden.
-
Occurrences - Displays the total number of times the alert triggered in the time frame between First and Last.