Context

Tool mentors explain how a tool can perform tasks, which are part of ITUP processes and activities. The tasks are listed as Related Elements in the Relationships section.

You can see the details of how processes and activities are supported by this tool mentor, by clicking the links next to the icons:

•   Event Management
  •   Resolve Event

Details

The IBM® Tivoli® Netcool/OMNIbus Application provides the capability of running external actions supporting event resolution that may be executed by automations or by Operator interaction at the desktop.

The use of automations in event management is described in the tool TNO - Correlate Events and Select Response. Manual resolution is achieved through the Desktop Event List that provides a filtered view of active events in tabular form that together with context sensitive tools allows an operator to take many actions on a select event or range of events. Actions include Acknowledge, Take Ownership, Prioritize, Resolve, and view detailed Event information and Journals. The basic Filters and associated View content provided with OMNIbus can be configured by the Administrator, and if desired by the individual Operator to control the event and content for each context sensitive Event List.

The following snapshot shows the Monitor console that is the entry point to OMNIbus for the Network Operator or Supervisor. The console shows events grouped into configurable categories such as:

• Technology - for example, all routers
• Business - for example, a department or region
• Service - for example, a Virtual Private Network, end-to-end application, or customer

The Monitor console provides a visual representation of the Events that match each filter. The example here shows the number and Severity range of Events in several filters, for example, showing only Events that have occurred in the past 10 minutes, Escalated Events, Events flagged as coming from devices under maintenance, and Netcool System status events indicating the health of the connected Netcool ObjectServers, Probes, and Gateways.

The Filter or Association panels show the following:

• A label - Identifies the filter associated with a panel. If you select the Label button, the SQL definition behind the panel is displayed in the Filter Builder.
• Notes - optional information that can show the total events for the panel, the highest and lowest severities, and a metric defined by operators and administrators - showing for example the sum of all repeated events for the panel.
• The lava lamp - proportionally shows the different severities of events. This changes dynamically as new events are received or correlated by the system. Netcool supports the ISO Standard severity levels: Critical, Major, Minor, Warning, Undefined, and Clear, and these are represented by the colors displayed. The lava lamp style may be replaced by a histogram representation.
• View button - Launches the event list associated with the panel
• View name - A pull-down menu defining the event view launched by the View button

Each Monitor filter is linked to a View of related events that can be displayed by the Operator to see the Event detail. Multiple views may be launched concurrently allowing the Operator to monitor and manage a range of Event situations.

A single event consists of 26 standard fields including, for example, affected Node or Device, repeating event count and Problem description or Summary:

The underlying ObjectServer schema can be modified to provide additional information as required. The event may be structured to common standard forms for example x733. All fields of the event can be shown, but it is more likely to show only those fields which are important to an operator at first glance. A pull-down list is available to display all fields in a selected event.

The event list provides the operator with a personalized view of the active events, together with a range of customizable tools supporting alarm management.

Events can be ordered and re-sorted by operator interaction. Events can be selected, acknowledged, assigned to, re-prioritized, and deleted (if the user has the correct authorization privileges).

The scroll bars allow full event information to be viewed. You can scroll down through all the alarms in the system. If you use the horizontal scroll bar at the base of the event list, you can see the complete set of information available for each alarm.

The Summary bar, located below the horizontal scroll bar, shows the total number of events by severity that match the filter for this view. Clicking on a severity causes a temporary additional filter to be applied to limit the view to the events of the selected severity. An All Events button is activated on the bar, enabling a return to the 'All events for this filter view.

An alerts menu provides a context-sensitive set of functions that may be further customized by the administrator.

The default menu options are summarized below:

• Acknowledge or De-acknowledge - If you acknowledge an event, the text changes to white. Since this is a multi-user system working in real-time, every other use will see this happen instantly.
• Prioritize - Events can be re-prioritized to different states based on the ISO severity levels: Critical, Major, Minor, Warning, Indeterminate, and Clear.
• Take Ownership - You can automatically assign and event to yourself.
• User Assign - Events can be assigned to different operators.
• Group Assign - Events can be assigned to different groups of operators.
• Delete - Events can be deleted.
• Resolve - Events can be automatically closed with predefined resolution details.

All these functions are automatically 'journalized' in the system, with the date, time, and operator who changed the function. This provides an audit trail of what happens to an event, automatically. In addition, each of the menu functions is user access controlled.

The following snapshot shows an example of an Event List illustrating the use of a "point and click" menu item linking to a Telnet tool which will attempt to connect to the device identified by the selected event.

The Operator is then able to take corrective action via the Telnet session before Clearing or Escalating the problem as appropriate. Netcool/OMNIbus tools can be configured to give operational staff a wide range of context sensitive right-click tools including integration with a knowledge base typically by URL and shows details of how to resolve a specific problem based on an alert received in Netcool.

Successful corrective action will frequently result in the generation of a resolution event which will "Clear" the problem through the automation system. The Operator may also manually "Resolve" the Event by use of the Change Severity tool setting the Event status to "Clear" as illustrated in the snapshot below.

Resolution of an event may require the generation of a Problem Ticket. Netcool bi-directional gateways enable the ObjectServer to seamlessly integrate with all major Help Desk and Service Center applications that leading companies use to resolve faults and ensure service availability.

The Netcool/OMNIbus application can automatically open a trouble ticket in the corporate help desk system and populate it with the enriched event messages, as well as obtaining ongoing status reports on each trouble ticket. "Point and Click" Desktop tools also allow the Operator to initiate the Ticket process where manual intervention is necessary or preferred.

The Netcool solution can provide inserts into the target system and also send subsequent updates, journal entries or closures. Netcool provides the ability to open, update, and notify the trouble ticket system to close the ticket. Similarly, Netcool can receive updates and notification to clear the event from the trouble ticket system. Severity, priority, assigned to, and others are typical data elements exchanged between Netcool and the trouble ticket system.

For More Information

For more information about this tool, click on the link for this tool at the top of this page.