Reports for Events

Download this manual as a PDF file

SL1 provides the following types of reports on events:

  • Event Statistics report from the Event Console page in the classic SL1 user interface. This report displays information about all active events on all devices in SL1.
  • Event Statistics report from the Device Reports panel, in Viewing Events page. This report displays information about all events, both active and cleared, that have occurred on the selected device.
  • Reports in Reports > Quick Reports. These reports are customizable and display detailed information about events.
  • Event Overview from the System tab. This report provides a graphical overview of all events in SL1.
  • Event Statistics from the System tab. This report displays a graph of the number of events processed by a selected All-In-One appliance, Database Server, Data Collection Server, or Message Collection Server.

Use the following menu options to navigate the SL1 user interface:

  • To view a pop-out list of menu options, click the menu icon ().
  • To view a page containing all of the menu options, click the Advanced menu icon ().

Event Statistics in the Event Console Page in the Classic SL1 User Interface

The Event Statistics modal page in the classic user interface displays a report on all events you are allowed to view. Users of type "Administrator" can view all events. Users of type "User" can view events that are aligned with the same organizations as their user account. For example, a user who is a member of the "Network" organization and the "NOC" organization can view events associated with those two organizations.

You can drill down to get more information about a specific event or about events on a specific element.

To access and view the Event Statistics report:

  1. Go to the Events tab.

  1. In the Event Console page, in the Actions drop-down list, select Event Statistics. The Event Statistics report appears.
  2. The Event Statistics report is displayed.

  1. Initially, the Event Statistics page displays the bar graph "All Event Types for All Elements" for the past day.

  1. The "All Event Types for All Elements" graph displays:
  • All events that have occurred on all elements (that you are allowed to view) for the past day. You can select the 7 Days button or the 30 Days button to change the time period.
  • Each event, represented by a colored bar. Mousing over a bar displays the name of the event and the number of occurrences.
  • The event name on the x-axis.
  • The number of occurrences on the y-axis.
  • A table, listing each event and the number of occurrences.

  1. Clicking on a bar displays the "Single Event Type on All Elements" bar graph.

  1. The "Single Event Type on All Elements" graph displays:
  • Each occurrence of the selected event on all elements (that you are allowed to view) during the selected time period.
  • Each element is represented by a colored bar. Mousing over a bar displays the name of the element and the number of occurrences.
  • The element name on the x-axis.
  • The number of occurrences on the y-axis.
  • The graph also includes a table of each element where the event occurred and the number of occurrences.

  1. Clicking on a bar displays the "Single Event Type For Selected Device" bar graph.

  1. The "Single Event Type For Selected Device" graph displays:
  • The number of times the selected event occurred on the selected device during the selected time period.

  • Each occurrence of the selected event on the selected element during the selected time period.
  • Mousing over a bar displays the name of the element and the number of occurrences.
  • The date on the x-axis.
  • The number of occurrences on the y-axis.
  • The graph also includes a table, listing the device, the events, and the number of occurrences.
  1. Clicking on the bar displays the Events page for the device.

Event Statistics for a Single Device

You can view an Event Statistics report for a single device. This report displays information about all events, both active and cleared, that have occurred on the selected device.

To view and access the Event Statistics report for a single device:

  1. Go to the Device Manager page (Devices > Device Manager).
  2. On the Device Manager page, select the bar graph icon () for the device for which you want to view Event Statistics.
  1. SL1 displays the Device Reports panel for the device. In the Device Reports panel for the device, click the Events tab.
  2. On the Viewing Events page, click the Stats button. The Event Statistics modal page appears.

  1. By default, the Event Statistics page displays the graph "All Event Types for the Last Month." This graph displays all events that have occurred on the device this month. This graph displays:
  • All events that have occurred on the device in the last month. You can select the 7 Days button to change the time period.
  • Each event, represented by a colored bar. Mousing over a bar displays the name of the event and the number of occurrences.
  • The event name on the x-axis.
  • The number of occurrences on the y-axis.
  • A table, listing each event and the number of occurrences.
  • Additionally, clicking on a button displays all events that have occurred on the device during the selected time period.

  1. Clicking on a bar displays the "Event Type" graph. This graph displays:
  • Each occurrence of the selected event on the element during the time period.
  • The name of the event, total number of occurrences, and date of the selected occurrence (when mousing over a bar).
  • The element name on the x-axis.
  • The number of occurrences on the y-axis.
  • A table, listing each occurrence of the event on the device, the date of the occurrence, and number of total occurrences.

Event Reports in the Reports Tab

The Reports page (Reports > Reports) allows you to create custom reports as well as view predefined reports. SL1 includes many predefined reports under Run Report > Events on the NavBar that are ready to be generated and viewed. Three such reports are the Event Clear Map report, the Event Detections report, and the Unique Event Detections report.

  • The Event Clear Map report displays a list of events that are defined to auto-clear. For each event defined to auto-clear, the report displays the correlating event that will cause the auto-clear. Auto-clear means that when a specific event occurs, SL1 automatically removes the current event from the Events page. For example, suppose you have an event "Device not responding to ping." You could define the event as auto-clear when the event "Device now responding normally to ping" occurs. During the next polling session, if the event "Device now responding normally to ping" occurs, the auto-clear feature could automatically clear the original event "Device not responding to ping" from the Events page.
  • The Event Detections report displays the number of occurrences of one or more events during the selected time period. The report can display either the total number of occurrences for each selected event or can display the occurrences per device. Users can choose to group events by organization and device.
  • The Unique Event Detections report displays the number of unique occurrences of one or more events during the selected time period. The report contains two "sheets": Data and Control. The Data sheet contains information for each event detection such as the date and number of events, device, and event type. The Control sheet displays information such as a description, report version, date of report generation, organizations, devices, and duration.

NOTE: For details on these event reports and event-related reports in the Reports page (Reports > Reports), see the section on default reports for events.

NOTE: You can open the root cause report for all Skylar Automated RCA events by clicking the View Full Root Cause Report in Skylar Automated RCA button at the top of the Reports page.

Input and Output for Quick Reports complies with multi-tenancy. That is, only users of type Administrator can view options, devices, and policies for all devices. Users of type User can view options, devices, and policies for their own organization(s) only, both when selecting options and in the generated report.

Event Clear Map Report

To generate and view the Event Clear Map report:

  1. Go to the Run Quick Report page for the Event Clear Map report (Reports > Run Report > Events > Event Clear Map).

  1. Supply values in the following fields:
  • Sort By. Specifies how the report will be organized. Choices are:
  • Severity. Events will be grouped by severity.
  • Event Name. Events will be listed alphabetically by event name. The secondary sort will be by severity.
  • Event ID. Events will be listed by event policy ID. Event ID is a unique numerical ID assigned by SL1 to each event policy.

  • Show At or Above. Filter the events to include in the report. Only events of the selected severity or of a greater severity will be included in the report. Choices are:
  • Critical. Has a value of "4" (four). When you select this severity, only events with the severity "4" are included in the report.
  • Major. Has a value of "3" (three). When you select this severity, events with severities 3-4 are included in the report.
  • Minor. Has a value of "2" (two). When you select this severity, events with severities 2-4 are included in the report.
  • Notice. Has a value of "1" (one). When you select this severity, events with severities 1-4 are included in the report.
  • Healthy. Has a value of "0" (zero). So when you select this severity, events of all severities are included in the report.
  • Show Events. Specifies whether to include only events that are defined as auto-clear or to include both events that are defined as auto-clear and events that are not defined as auto-clear. Choices are:
  • That are cleared. The generated report will include only events that are defined as auto-clear.
  • Including non-cleared. The generated report will include both events that are defined as auto-clear and events that are not defined as auto-clear.
  • Optional Columns. Specifies optional columns of event information to include in the report. If you do not select any additional columns in this field, the report includes the following default columns: Cleared Event, Severity, Direction, Clearing Event.
  • Output Format. Select the format in which SL1 will save the generated report. Choices are:
  • ODF Speadsheet. Displays the output in the OpenOffice spreadsheet application.
  • Microsoft Excel. Displays the output in an .xlsx file.
  • Web page. Displays the output in an .html file.
  • Adobe Acrobat. Displays the output in a .pdf file.
  • Generate. This button generates the report, using the parameters you specified in this page.

For each event that has been defined to auto-clear and that meets the selection criteria, the report can include the following columns:

NOTE: If you do not select any Optional Columns in the Optional Columns field, the report will contain only the default columns: Cleared Event, Severity, Direction, and Clearing Event.

  • Cleared Event. The name of the event.
  • Severity. The severity of the event. Choices are Healthy, Notice, Minor, Major, and Critical.
  • Source. Specifies the source for the event. Choices are:
  • Syslog. Standard log format supported by most networking and UNIX-based devices and applications. Windows log files can be converted to syslog format using conversion tools.
  • Internal. Message generated by SL1.
  • Trap. SNMP trap. SNMP traps can be sent by devices and proxy devices like MoMs. An SNMP trap is an unsolicited message from a device to SL1. A trap indicates that an emergency condition or a condition that merits immediate attention has occurred on the device.
  • Dynamic. Message generated by SL1's Dynamic Application tool. This tool allows SL1 to monitor applications and devices that are not monitored by SNMP or other agents.
  • Email. Message was generated by an email from an external agent, for example, Microsoft Operations Manager (MOM).
  • API. Message was generated by another application and forwarded to SL1 with an integration API.
  • Dynamic Application Name. If applicable, the Dynamic Application that contains the alert that triggered the original event.
  • Cleared Source Text. Event messages from the event that was cleared.
  • Expires. The time in which the active event will be cleared automatically if there is no reoccurrence of the event.
  • Direction. Specifies whether the two events clear each other (<==0==>) or whether the event to the right clears the event to the left (0==>).
  • Clearing Event . Name of the event defined to auto-clear the event in Cleared Event.

Event Detections Report

To generate and view the Event Detections report:

  • Go to the Run Quick Report page for the Event Detections report (Reports > Run Report > Events > Event Detections).

  • Supply a value in each of the following fields:
  • All Organizations. All events associated with all organizations will be included in the report.
  • Organizations. This list contains an entry for each organization in SL1. Events associated with each selected organization will be included in the report.
  • To select all organizations, select the All Organizations checkbox.
  • To select individual organizations, unselect the All Organizations checkbox, then expand the organization and select each organization's checkbox.
  • All Events. All events will be included in this report.
  • Events. This list contains an entry for each event in SL1.
  • To select all events, select the All Events checkbox.
  • To select an event, unselect the All Events checkbox, then highlight an entry in the list.
  • To select multiple events, unselect the All Events checkbox, then hold down the CTRL key while clicking on each event that you want to select.
  • Report Options. Specifies the amount of information to include in the report.
  • Show Details. Displays both the summary report and a detailed report, grouped by event name or by organization and device.

  • Separated By. If you selected Show Details in the Report Options field, specifies how the report will be organized. Choices are:
  • Event Name. Events will be listed alphabetically by event name.
  • Org/Device. Events will be grouped first by organization and secondly by device.

  • Optional Columns. Specifies optional columns of event information to include in the report. If you do not select any additional columns in this field, the report includes the following default columns: Event Name, Detection Count.
  • Report Span. Specifies the time interval to use to select data for this report. The Duration field will use this interval. The choices are:
  • Daily
  • Weekly
  • Monthly
  • Starting. Specifies the relative start date for the report. Data from that relative start date through the date determined by the Duration field will be included in the report.
  • From Date. Specifies the absolute start date for the report. Data from that absolute start date through the date determined by the Duration field will be included in the report.
  • Duration. Specifies the number of days, weeks, or months to include in the report. The increment displayed in this field depends upon the value selected in the Report Span field.
  • Output Format. Select the format in which SL1 will save the generated report. Choices are:
  • ODF Speadsheet. Displays the output in the OpenOffice spreadsheet application.
  • Microsoft Excel. Displays the output in an .xlsx file.
  • Web page. Displays the output in an .html file.
  • Adobe Acrobat. Displays the output in a .pdf file.
  • Generate. This button generates the report, using the parameters you specified in this page.

For each event that has been selected to include in the report, the following is displayed:

  • Event Name. Name of the event.
  • Detection Count. Number of times the event occured.
  • Device ID. The Device ID where the event occurred.
  • Organization. Organization associated with the event.
  • Device Name. The Device Name where the event occurred.
  • IP Address. The IP address of the device where the event occurred.
  • Severity. The severity (Healthy, Notice, Minor, Major, or Critical) of the event.
  • Detection Count. The total number of occurrences of the event during the selected time span.
  • First Occurrence. The date on which the event first occurred during the selected time span.
  • Last Detected. The date on which the event last occurred during the selected time span.

Unique Event Detections Report

This report contains two "sheets": Data and Control. The Data sheet contains information for each event detection such as the date and number of events, device, and event type. The Control sheet displays information such as a description, report version, date of report generation, organizations, devices, and duration.

To generate and view the Unique Event Detections report:

  • Go to the Run Quick Report page for the Unique Event Detections report (Reports > Run Report > Events > Unique Event Detections).

  • Supply a value in each of the following fields:

  • Device Selection: Select the devices that will appear in the report. The choices are:
  • All devices. Select this checkbox if you want all devices in the system to be included in this report.

  • Organizations. If the All devices checkbox is unselected, select one or more Organizations. The report will contain only the devices in the organizations you select. You can further filter the list of devices to include in the report by selecting devices in the Devices by Organization field.
  • Select individual devices. If the All devices checkbox is unselected, the Select individual devices checkbox is available. Select this checkbox if you would like to use the Devices by Organization field to select the individual devices to include in the report.
  • Devices by Organization. This field displays a list of all devices in the organizations selected in the Organizations field. If the Select individual devices checkbox is selected, you can select one or more devices to include in the report.
  • Device Group Selector: Select the device groups that will appear in the report. The choices are:
  • All Device Groups. Select this checkbox if you want to include all device groups in the report.
  • Device Groups. If the All Device Groups checkbox is unselected, select one or more device groups. The report will contain only the devices in the device groups you select.

  • Separated By. Group devices by Organization, Device Group, or Device.
  • Sort by. Select the checkboxes to sort the report by Organization or Device.
  • Event Types. Select the types of events that will appear in the report. The choices are:
  • All events. Select this checkbox to include all event types.
  • Events. If the All events checkbox is unselected, select one or more event types. The report will contain only the event types that you select.

    Report Span. Specifies the time interval to use to select data for this report. The Duration field will use this interval. The choices are:
  • Daily
  • Weekly
  • Monthly
  • Starting. Specifies the relative start date for the report. Data from that relative start date through the date determined by the Duration field will be included in the report.
  • From Date. Specifies the absolute start date for the report. Data from that absolute start date through the date determined by the Duration field will be included in the report.
  • Duration. Specifies the number of days, weeks, or months to include in the report. The increment displayed in this field depends upon the value selected in the Report Span field.
  • Timezone. Specifies the timezone conversion for the dates and times that display in the report.
  • Report Sections. Specify how the report will be arranged. Select whether you want the report to display Details Only, Totals Only, or Both.
  • Output Format. Select the format in which SL1 will save the generated report. Choices are:
  • ODF Speadsheet. Displays the output in the OpenOffice spreadsheet application.
  • Microsoft Excel. Displays the output in an .xlsx file.
  • Web page. Displays the output in an .html file.
  • Adobe Acrobat. Displays the output in a .pdf file.
  • Generate. This button generates the report, using the parameters you specified in this page.

For each unique instance of an event, the report displays:

  • Device. Specifies the device name where the event occurred.
  • Event Type. Specifies the event description of the event.
  • Time Period. Specifies the number of times the event occurred during the time period.
  • Total. Specifies the total number of time the event occured on the specified Device.
  • Sum for Organization. Displays total number of unique events that occurred during the time period for each organization.
  • Sum for Device Group. Display total number of unique events that occurred during the time period for each device group.
  • Sum for Device. Display total number of unique events that occurred during the time period for each device.

Event Overview Report

The Event Overview page (System > Monitor > Event Overview) provides a graphical overview of all events in SL1. The Event Overview page displays the number of events by severity, the most common event types, and the mean time-to-resolution.

Setting the Date for Reports

The Event Overview page includes a Select Date drop-down list in the upper right of the page. This drop-down allows you to define the date for the reports on this page.

  • Select Date. Allows you to select a date. SL1 will generate the reports on this page using the selected date as the current date. If you do not select a value in this field, the default date is today's current date.

    • NOTE: When you select a date, SL1 uses that date as "today's date" to generate reports. So results for "24 hours" are for the 24-hours of the selected date. Results for "7 Days" are for the selected date and the six days preceding it, etc.

Event Statistics

The Event Statistics page (System > Monitor > Event Statistics) displays a graph of the number of events processed by a selected All-In-One Appliance, Database Server, Data Collector, or Message Collector. To generate the report, you select from a list of ScienceLogic servers and then select an event type from a list of event types.

Defining the Date Range

  • Presets. Allows you to select from a list of pre-defined time spans for the report.

Fields

To generate the report, supply values in the following fields:

  1. EM7 Server. This field does not appear on All-In-One Appliances. Select from the list of all Database Servers, Data Collectors, and Message Collectors.
  2. Event Type. Select from the list of event types. The choices are:
  • Syslog. Event was generated from a system log generated by a monitored device.
  • Internal. Event was generated by SL1.
  • Trap. Event was generated by an SNMP trap.
  • Dynamic. Event was generated by a Dynamic Application alert.
  • API. The event was generated by an external API.
  • Email. The event was generated by an incoming email.

The Graph

The graph displays the average number of events processed by the selected ScienceLogic server, for the selected duration.

  • The y-axis displays the average number of events.
  • The x-axis displays time. The increments vary, depending upon the selected date range (from the Preset buttons).
  • Mousing over any point in any line displays the high, low, and average value at that time-point in the Data Table pane.
  • You can use your mouse to scroll the report to the left and right.