|   Release Notes   |   ScienceLogic Support   |   Contact Documentation   |   Tips for Using the Online Documentation


Introduction to Escalations

Download this manual as a PDF file

This section provides an overview of SL1 Events and how to use Events with your organization's escalation process.

Navigation tips for the SL1 user interface:

This section covers the following topics:

What is an Event?

One of the quickest ways to monitor the health of your network is to look at events. You can view events on the Events page in SL1.

Events are messages that are triggered when a specific condition is met. For example, an event can signal if a server has gone down, if a device is exceeding CPU or disk-space thresholds, or if communication with a device has failed. Alternately, an event can simply display the status of a managed element.

SL1 generates log messages from incoming trap and syslog data, and also when SL1 executes user-defined policies. SL1 then uses these log messages to generate events. SL1 examines each log message and compares it to each event definition. If a log message matches an event's definition, SL1 generates an event instance and displays the event on the Events page.

Each event includes a description of the problem, where the problem occurred (device, network hardware, software, policy violation), a pre-defined severity, the time of first occurrence, the time of most recent occurrence, and the age of the event.

SL1 includes pre-defined events for the most commonly encountered conditions in the most common environments. You can also create custom events for your specific environment or edit the pre-defined events to better fit your specific environment.

What is Escalation?

Escalation is the process through which an organization identifies issues, manages issues, and takes corrective actions related to those issues.

When an issue is escalated, it is sent to a staff member with greater technical knowledge or a higher level of authority than lower-level staff members. Escalation should occur only when all avenues have been exhausted at the lower levels within the organization.

In SL1, automation policies and automation actions allow you to specify the actions you want the system to execute when specific event conditions are met. For example, if nobody in an organization acknowledges an event within 10 minutes, the system can automatically notify a manager. If nobody acknowledges the same event within 20 minutes, the system can notify a director. If nobody acknowledges the same event within 30 minutes, the system can notify a vice president.

For information on how to create an example escalation policy, see Escalation Processes.


Before using SL1 to manage event escalation, your organization must include certain business process or standard operating procedures. Examples of these supporting processes and event escalation processes are described in Business Processes.