Using the Service Investigator

Download this manual as a PDF file

This section describes how to use the Service Investigator page for a particular business, IT, device service, or custom service model.

Use the following menu options to navigate the SL1 user interface:

  • To view a pop-out list of menu options, click the menu icon ().
  • To view a page containing all of the menu options, click the Advanced menu icon ().

Viewing the Service Investigator

You must be running SL1 version 12.2.0 or later to view the Service Investigator page.

The Sections on the Service Investigator Page

The Service Investigator page contains the following sections:

  • Overview. A summary panel at the top of the page that displays organization and system information such as Contact Organization, Visible Organization, and Owner. This information bar also displays a preview of a sunburst chart, which you can click to see a more detailed breakdown of the Health, Availability, and Risk statuses of your devices.
  • Timeline. A panel that displays swim lanes and bar graphs to show Historical, Change, Health, Availability, Risk, and Skylar Automated RCA events. Swim lanes are visual flowcharts that show a process from start to finish for an event.
  • Events . An interactive pane that displays the Events, Changes, RCA (Root Cause Analysis), and Log Insights related to the service you have selected.

Each of these sections are described in the following sections.

The Overview Panel

The overview panel on the Service Investigator page displays the following information:

  • HAR Calculated. Displays the date and timestamp of the most recent system refresh.
  • Next Calculation. Displays the timestamp of the next system refresh and its frequency.
  • Last Edited. Displays the date and timestamp of the most recent change made to this service and the username of the last user to edit this service.
  • RCA Options. Indicates whether Root Cause Analysis is enabled or disabled for the service.
  • Owner Org. The organization that owns the service.
  • Contact Org. The organization that should be contacted with any questions about the service.
  • Contact User. The user who should be contacted with any questions about the service.

You can click the sunburst chart to see a more detailed breakdown of the Health, Availability, and Risk statuses of your services. Doing so will open a larger modal that provides different ways to view and filter the statuses of your devices on this particular service.

This diagram window consists of the following viewing options for your services:

Each of these viewing options is described in the following sections.

Sunburst View

The overview summary panel displays either a Sunburst chart view or a Map view of your services. Use the drop-down menu in the top left corner of the window to select which view you want to use.

When you select the Sunburst view:

  • The sunburst chart displays the current Health, Availability, and Risk values for the services, as well as for any constituent services or device services that belong to that top-level service. For device services, the sunburst chart includes the device name and health values for any devices that belong to the service. Additionally, this chart indicates the maximum number of constituent services or devices that will be used for computing health, availability, and risk.
  • The right panel includes a list of constituent services or devices. Each service in this panel includes icons that represent that service's Health, Availability, and Risk metrics; devices include icons that represent each device's health value. The right panel also includes a search bar at the top of the panel that enables you to search for specific constituent services or devices.

In the sunburst chart view, the center circle represents the selected service. The selected service drives the context for the page title and Info drawer, as well as all the other panels and widgets in the Overview section. This means that the right panel and other elements on the page will all reflect the metrics for the service in the center circle of the sunburst.

You can navigate through services on the widget in the following ways:

  • On the sunburst chart, you can click any constituent IT services or device services in the sunburst to select that service. To return to the parent IT service or business service, click the center circle or click the breadcrumb links that appear in the top-left corner of the window.
  • In the right panel, you can click the service name of any of the constituent IT services or device services to select that service. To return to the parent IT service or business service, click the breadcrumb links that appear in the top-left corner of the window.

By default, the sunburst displays the health value for the selected service and its constituent services or devices. To view the current availability or risk value for the selected service, click either the Availability or Risk tab above the sunburst chart.

Map View

The overview summary panel displays either a Sunburst chart view or a Map view of your services. Use the drop-down menu in the top left corner of the window to select which view you want to use.

When you select the Map view:

  • The map view displays a map of the service and any constituent services and devices that belong to that top-level service.
  • The right panel includes a list of constituent services or devices. Each service in this panel includes icons that represent that service's Health, Availability, and Risk metrics; devices include icons that represent each device's health value. The right panel also includes a search bar at the top of the panel that enables you to search for specific constituent services or devices.

In the map view, you can click on the top-level service or any of its constituent services or devices. The selected service drives the context for the page title and Info drawer, as well as all the other panels and widgets on the overview summary pane. This means that the right panel, and other elements on the page will all reflect the metrics for the service that you have clicked in the map view.

In the map view, use the following buttons to manipulate the map in the left pane:

: Zoom in on the map.

: Zoom out on the map.

: Fit all elements of a map into the viewing pane.

: Center all selected elements of a map in the viewing pane.

The viewing pane displays the following two types of graphical elements:

  1. Nodes that represent devices, topology elements, and business services defined in SL1. The shape of the node represents its type: Services, such as business services, IT services, or device services, are represented by hexagons, while devices are represented by squares. The color of the outline specifies the current state of the node.
  2. Edges are lines that represent the relationships and hierarchies between nodes.

When you hover over a node, a pop-up Properties pane appears with the metadata for that node. Click the Go to service or Go to device link at the top of the pane to open the Investigator page for that service or device in a new browser window.

The Timeline Panel

The Timeline panel displays a graphic that combines swim lanes and bar graphs to show the health, availability, and risk of your events, including Skylar Automated RCA events. Swim lanes are visual flowcharts that show a process from start to finish for an event. This panel is interactive and allows you to select any time range on the graph to display the Changes, Health, Availability, and Risk information to your device or service in that selected time range.

The Timeline panel consists of the following tabs:

Skylar AI Tab

You can view Skylar Automated RCA suggestions and alerts in the Skylar AI tab of the Timeline panel on the Service Investigator page. To use this feature, you will need to set up the connection between Skylar Automated RCA and SL1. For more information, see Configuring the Skylar Automated RCA Connector for SL1.

The Skylar AI tab contains two fields:

  • Predictions, which shows predicted future events in the form of swim lanes that show event processes from start to finish.
  • Log Insights, which shows Skylar Automated RCA suggestions and alerts. The alerts are either "Confirmed" or "Suggested".

Confirmed Alerts

Confirmed alerts in the Log Insights field of the Skylar AI tab represent log events that Skylar Automated RCA has collected for your service or device. In Skylar Automated RCA, they appear as categorized events under Accepted/Custom. These logs typically contain metadata such as title, description, and so forth and use the Skylar AI to analyze and collect event logs that show abnormalities.

Suggested Alerts

Suggested alerts in the Log Insights field of the Skylar AI tab contains metadata such as tile, description, and so forth; a root cause report, which is a set of correlated log lines that help to explain a problem; and a suggested alert rule consisting of one or two log event types that form the signature for this type of alert.

As logs are ingested, the Skylar AI analyzes your system or device logs for event patterns such as abnormally correlated rare and error events from across all log streams. When it detects one of these "abnormal" clusters, it will generate a suggested alert, which allows you to choose if you want these events to be recorded as event logs in the future.

You can choose to either accept or reject a suggested alert.

  • If you accept a suggested alert, you can edit the metadata and alert rule. You can also decide on the action to take if the same kind of alert occurs again, such as sending a notification to Slack, email, or another communications platform.
  • If you reject a suggested alert, the same kind of alert will not be recorded in the future and it will not offer you the options to either "accept" or "reject" it.

Changes Tab

The Changes tab on the Timeline panel is available to customers who have purchased Configuration and Change Management as part of their SL1 Standard or Premium subscription. This tab displays a list of events that are created when PowerFlow pulls change data from ServiceNow or Restorepoint, including both active and cleared change events.

This Changes tab contains the following fields:

Maintenance

The Maintenance field indicates whether a device is in maintenance mode. Devices in maintenance have start and end times, which are determined by a start event and an end event for each change data. The device's Collection State field will change from Active to Maintenance, and then back to Active once maintenance reaches its end time.

You can see a device's collection state in the Collection State column on the Events page. To see a list of all devices in maintenance mode and their start times, end times, and duration, go to the Schedules tab of the Device Investigator page.

For more information, see lViewing the Schedule Manager.

ServiceNow

The ServiceNow field shows a visual representation of all SL1 events that are synced with ServiceNow incidents in a specific time range.

You can permanently enable or disable ServiceNow swim lane diagrams on the Timeline panel through the nextui.conf file, or temporarily enable or disable them through GraphQL mutations. To do so, follow the instructions outlined in the Configuring and Enabling the Changes Tab section.

For more information on how to monitor a ServiceNow instance with SL1 events, see the section on Using the ServiceNow Base Pack PowerPack.

Restorepoint

The Restorepoint field shows a visual representation of all SL1 events on devices that are synced between SL1 and Restorepoint. The events are created when PowerFlow pulls change data from Restorepoint.

You can permanently enable or disable Restorepoint swim lane diagrams on the Timeline panel through the nextui.conf file, or temporarily enable or disable them through GraphQL mutations. To do so, follow the instructions outlined in the Configuring and Enabling the Changes Tab section.

For more information, see the section on the Restorepoint Syncpack.

Status Tab

The Status tab shows the health, availability, and risk status for your service or device. You can select any time range on the graph in the Timeline panel to open a pop-over modal that displays the Health, Availability, and Risk information specific to your device or service. By default, the status shows the health, availability, and risk statuses of your events in the last 24 hours.

Health

The Health field displays device or service health over a period of time.

This field indicates the current status of a device service—for example, the rate of processing or throughput for the devices in the service. In the case of SL1 Database Servers, the "Rows Behind" value can provide a good measure of how effectively the Database Server is processing data from Data Collectors. Health is represented by a color-coded "severity" icon that corresponds to a numerical value between 0 and 100. For example, the Health value could indicate when a device is intermittently unavailable because of a power problem, thereby falling below the required level of performance. Health uses the following icons:

Image of Health icons

Availability

The Availability field shows the availability status of your device or service over a period of time.

The availability of a device service is derived from the availability rules. This may or may not be linked to device availability. A service or device is considered unavailable if SL1 is not able to collect data from the device or service, or if a device is usable or not usable. A value of 0 means a device or service is unavailable, and a value of 1 means a device is available. Availability uses the following icons:

Image Availability icons

Risk

The Risk field in the Log Insights tab of the Timeline panel displays the risk status of your device or service over a period of time.

This field measures the risk status of your device or service using a percentage value between 0 and 100 that indicates how close a service is to being in an undesirable state. Use risk for data that is known to cause issues if left unchecked, such as critical events, swap usage, or low database logging space. The safest possible risk value is 0%, while the worst risk value is 100%.

These values are computed in this order because SL1 uses Availability values to compute Health, and then uses both Availability and Health values to compute Risk.

Events Tab

The Events tab contains five fields that displays various data points regarding events from your devices or services, depending on the tab you have selected. This tab displays the events that were active in the selected time window. By default, these are active events.

The Events Pane

The Events pane contains the following tabs:

Events Tab

The Events tab displays a list of events for the selected service or device. This tab has much of the same functionality as the Events page.

The Events tab in the Events pane at the bottom of the Service Investigator page displays the number of events of each severity type, after masking, that are currently impacting the service. When opened, the Events tab lists all events impacting the service, including masked events.

You can perform the following action from the Events tab:

  • Use the drop-down menu to choose which type of change events display in the widget: Active or Cleared.
  • If you select Active, SL1 will display all events that are older than 24 hours. If you select Cleared, SL1 will display all events that were created within the last 24 hours.

  • Use the search field to search for specific events.
  • For events that are aligned to devices, click the arrow icon () next to the event to open the Device Summary window, which displays the following panes:
  • Tools. A set of network diagnostic tools or user-initiated actions that you can run on the device associated with the event. Click the search bar to search for a tool or action to run, or click one of the default tools or actions that are available based on the device type and your user permissions.
  • Vitals. A widget displaying the past 24 hours of CPU and memory usage for the device related to the event. You can zoom in on a shorter time frame by clicking and dragging, and you can go back to the original timespan by clicking the Reset zoom button.
  • Logs. A list of the log entries from the device's log file, sorted from newest to oldest by default.
  • View the Organizational Summary page for the organization aligned with the event by clicking the link in the Organization column.
  • View the Service Investigator or Device Investigator page for the service or device aligned with the event by clicking the link in the Name column.
  • View the Event Investigator page for the event by clicking the link in the Message column.
  • View or edit event notes by clicking the Note icon () in the Event Note column or by clicking the Actions button () and selecting Edit Event Note. Event notes contain event definitions, probable causes, and resolutions for the event, along with a text field where you can add more information about the event or the service or device you are monitoring.
  • View more information about masked events by clicking the masked events icon () in the Masked Events column. Masked events are related events that occur in quick succession on a single device or service that are rolled up and posted together under one event description, with only the highest severity event displayed.
  • For more information on masked events, see Viewing Events.

  • Acknowledge the event by clicking the Acknowledge button. When you acknowledge an event, you let other users know that you are aware of that event, and you are working on a response.
  • Clear an event by clicking the Clear button. When you clear an event, you let other users know that the event has been addressed.
  • Create a ticket from the event.
  • View the event policy.
  • View a log of automations that have occurred for the event by clicking the Actions icon () and selecting View Automation Actions.
  • Select multiple events for action using the check boxes next to the events.

For more information about events, see the section on Events.

Changes Tab

The Changes tab displays the number of active change events that are impacting the service. Events on this tab will automatically clear after 30 minutes.

The Changes tab is available if you have purchased Configuration and Change Management as a part of your SL1 Standard or Premium subscription. This tab displays a list of events that are created when PowerFlow pulls change data from ServiceNow or Restorepoint, including both active and cleared change events. For more information on how to configure, enable, or disable the Changes tab on the Events pane, see the section on Configuring and Enabling the Changes Tab.

You can perform the following actions on the Changes tab:

  • Use the drop-down menu to choose which type of change events display in the widget: Active or Cleared.
  • If you select Active, SL1 will display all events that are older than 24 hours. If you select Cleared, SL1 will display all events that were created within the last 24 hours.

  • Filter and search for events by their date; either by 5, 7, 14, 30 days, or more than 30 days.
  • Use the Search field to search for specific change events.
  • For active events that are aligned to devices, click the arrow icon () next to the event to open the Device Summary window, which displays the following panes:
  • Tools. A set of network diagnostic tools or user-initiated actions that you can run on the device associated with the event. Click the search bar to search for a tool or action to run, or click one of the default tools or actions that are available based on the device type and your user permissions.
  • Vitals. A widget displaying the past 24 hours of CPU and memory usage for the device related to the event. You can zoom in on a shorter time frame by clicking and dragging, and you can go back to the original timespan by clicking the Reset zoom button.
  • Logs. A list of the log entries from the device's log file, sorted from newest to oldest by default.
  • View the Organizational Summary page for the organization aligned with an active event by clicking the link in the Organization column.
  • View the Service Investigator or Device Investigator page for the service or device aligned with an active event by clicking the link in the Name column.
  • View the Event Investigator page for an active event by clicking the link in the Message column or the Event ID column.
  • For ServiceNow integrations, view the ServiceNow ticket associated with an active event by clicking the link in the Ticket ID column.
  • For ServiceNow integrations, view the ServiceNow ticket associated with a cleared event by clicking the link in the External Ticket column.
  • Acknowledge an active event by clicking the Acknowledge button. When you acknowledge an event, you let other users know that you are aware of that event, and you are working on a response.
  • Clear an active event by clicking the Clear button. When you clear an event, you let other users know that the event has been addressed.
  • Create a ticket from an active event.
  • Align an event to an existing ticket.
  • View the event policy for an active event.
  • Select multiple active events for action using the check boxes next to the events.

RCA Tab

The RCA tab displays the Root Cause Analysis of a device or service and shows what is causing either one to be unhealthy based on the Status Policy.

For more information about enabling Root Cause Analysis for a service, see the section on Using the Root Cause Analysis Feature.

The following columns appear on the RCA tab:

  • Service/Device Name. The name of the service or device that contributed to the health, availability, or risk status for the selected time period.
  • Current State. The current Health, Availability, or Risk status for the service or device.
  • Condition. The equation that is used to determine the Health, Availability, or Risk status for the service or device.
  • Current Value. The current Health, Availability, or Risk value for the service or device, as determined by the value of the equation used in the Condition column.
  • Historical Value. The historical Health, Availability, or Risk value for the service or device for the selected time period, as determined by the value of the equation used in the Condition column.
  • Timestamp. The date and time the root cause analysis was collected from the service or device.

You can click on any of the column heading labels to sort the RCA tab by the values in that column.

Log Insights Tab

The Log Insights tab displays a list of Skylar Automated RCA events.

You can view Skylar Automated RCA suggestions and alerts in the Log Insights tab of the Events pane on the Service Investigator page. To use this feature, you will need to set up the connection between Skylar Automated RCA and SL1. For more information, see Configuring the Skylar Automated RCA Connector for SL1.

You can perform the following actions on the Log Insights tab:

  • Use the drop-down menu to choose which type of change events display in the tab: Active Events or Cleared Events.
  • If you select Active, SL1 will display all events that are older than 24 hours. If you select Cleared, SL1 will display all events that were created within the last 24 hours.

  • Filter and search for Skylar Automated RCA events by their date: either by 5, 7, 14, 30, or more than 30 days.
  • Use the Search field to search for specific change events.
  • For active events that are aligned to devices, click the arrow icon () next to the event to open the Device Summary window, which displays the following panes:
  • Tools. A set of network diagnostic tools or user-initiated actions that you can run on the device associated with the event. Click the search bar to search for a tool or action to run, or click one of the default tools or actions that are available based on the device type and your user permissions.
  • Vitals. A widget displaying the past 24 hours of CPU and memory usage for the device related to the event. You can zoom in on a shorter time frame by clicking and dragging, and you can go back to the original timespan by clicking the Reset zoom button.
  • Logs. A list of the log entries from the device's log file, sorted from newest to oldest by default.
  • View the Organizational Summary page for the organization aligned with an active Skylar Automated RCA event by clicking the link in the Organization column.
  • View the Service Investigator or Device Investigator page for the service or device aligned with an active Skylar Automated RCA event by clicking the link in the Name column.
  • View the Event Investigator page for an active Skylar Automated RCA event by clicking the link in the Message column.
  • For ServiceNow integrations, view the ServiceNow ticket associated with an active event by clicking the link in the Ticket External Reference column.
  • For ServiceNow integrations, view the ServiceNow ticket associated with a cleared event by clicking the link in the External Ticket column.
  • Acknowledge an active event by clicking the Acknowledge button. When you acknowledge a Skylar Automated RCA event, you let other users know that you are aware of that event, and you are working on a response.
  • Clear an active Skylar Automated RCA event by clicking the Clear button. When you clear a Skylar Automated RCA event, you let other users know that the event has been addressed.
  • Create a ticket from an active Skylar Automated RCA event.
  • View the event policy for an active Skylar Automated RCA event.
  • Select multiple active Skylar Automated RCA events for action using the check boxes next to the events.

Metric Anomalies Tab

The Metric Anomalies tab displays a list all devices within the selected services that have anomaly detection enabled. If one or more devices within a business, IT, or device service has anomaly detection enabled, the Metric Anomalies tab will appear in the Events pane of the Service Investigator page.

The Metric Anomalies tab appears only if you have at least one device in the selected service that has anomaly detection enabled. For more information about enabling anomaly detection, see the section on Machine Learning and Anomaly Detection.

Machine learning and anomaly detection are available only in SL1 Premium solutions. To upgrade, contact ScienceLogic Customer Support.

You can filter the items on this inventory page by typing filter text or selecting filter options in one or more of the filters found above the columns on the page. For more information, see Filtering Inventory Pages.

On the Metric Anomalies tab of the Device Investigator, you can view a list of devices that are enabled for anomaly detection. Each device has a set of graphs that tracks the anomaly detection data for that device.

You can view these graphs by clicking the Expand icon () next to the device or the metric for the device. The Anomaly Chart modal appears, displaying the "Anomaly Index" chart above the chart for the specified metric you are monitoring.

The "Anomaly Index" chart displays a graph of values from 0 to 100 that represent how far the real data for a metric diverges from its normal patterns. The lines in the chart are color-coded by the level of event that gets triggered as the data diverges further and further. You can define the thresholds for the Anomaly Index, and whether those values generate alerts, on the Machine Learning Thresholds page (Machine Learning > Thresholds). For more information, see Enabling Alerts and Thresholds for the Anomaly Index.

In the second graph, the blue shape represents the expected value range for the selected device metric over the given time period, the green line indicates the actual values that SL1 collected over that time period, and the small red dots at top left represent the anomalies where the actual value fell outside of the expected range.

You can hover over a value in one of the charts to see a pop-up box with the Expected Range and the metric value. The Anomaly Index value also displays in the pop-up box, with the severity in parentheses: Normal, Low, Medium, High, or Very High.

The second graph displays the following data:

  • A blue band representing the range of probable values that SL1 expected for the device metric.
  • A green line representing the actual value for the device metric.
  • A red dot indicating anomalies where the actual value appears outside of the expected value range.

You can use the time span filter on the Metric Anomalies tab to adjust the time span of anomalies that appears in the graph. The default filter is Last 24 hours, but you can select a time span ranging from Last Hour up to Last 2 Years. You can also zoom in on a shorter time frame by clicking and dragging your mouse over the part of the chart representing that time frame, and you can return to the original time span by clicking the Reset zoom button.

Using the Root Cause Analysis Feature

SL1 users can use the Root Cause Analysis feature to determine what is causing a service to be unhealthy, troubleshoot that service, and refine their policies.

NOTE: When you enable Root Cause Analysis on a business service or IT service, it will also implicitly enable Root Cause Analysis on any child IT services or device services.

Enabling Root Cause Analysis

To enable Root Cause Analysis:

  1. Click on the Business Services icon () to go to the Business Services page.
  2. Click the Name of an existing service. The Service Investigator page for that service displays.
  3. On the Service Investigator page, click Edit.
  4. Select one of the following options from the RCA Options drop-down field:
  • Disabled. The Root Cause Analysis feature is disabled.
  • Enabled (contributors only). The Root Cause Analysis feature is continuously enabled only for contributing rules and devices. When you select this option, a full analysis will be generated and saved in the time series chart, but it will exclude results from non-contributing rules and devices.
  • Enabled (next run only). The Root Cause Analysis feature is enabled only for the next data collection.
  • Enabled. The Root Cause Analysis feature is continuously enabled for all rules and devices. When you select this option, a full analysis will be generated and saved in the time series chart, and it will include results from non-contributing rules and devices.

NOTE: You might experience performance slowdown if Root Cause Analysis is continuously enabled.

  1. Click Save.

You can click on any of the column heading labels to sort the Root Cause Analysis pane by the values in that column.

Configuring and Enabling the Changes Tab

To use the Changes tab on the Events pane, you must first configure and enable the tab. To do so:

  1. Ensure that you are running SL1 version 12.1.0 or later and have Business Services Base Pack PowerPack version 2.2.0 or later installed in SL1. For more information, see the section on Installing a PowerPack.
  2. Ensure that you are running SL1 PowerFlow Platform version 2.2.2 or greater and one or more of the following PowerPacks, depending on your integration:
  • For a ServiceNow integration:
  • ServiceNow CMDBSyncPack version 3.2.0 or later installed in PowerFlow. For more information, see the section on the ServiceNow CMDB SyncPack.
  • ServiceNow Change ManagementSyncPack version 3.2.1 or later installed in PowerFlow. For more information, see the section on the ServiceNow Change Management SyncPack.
  • For a Restorepoint integration:
  • Restorepoint SyncPack version 1.2.0 or later installed in PowerFlow.
  • Restorepoint PowerPack version 102 or later installed in SL1.
  • Restorepoint Automation PowerPack version 102 or later installed in SL1. For more information, see the section on Restorepoint Integrations.
  1. In SL1, create a SOAP/XML credential to connect with PowerFlow and make note of its credential ID.

  2. For a ServiceNow integration:  

    1. In PowerFlow, sync SL1 devices with ServiceNow and make note of the Configuration field value in the Sync Devices from SL1 to ServiceNow application.
    2. In SL1, open the "ServiceNow: Send Change Request Event to PowerFlow" Run Book Action (which is included in the Business Services Base Pack PowerPack v2.1 and greater) and edit the input parameters to include the credential ID from step 3 and the Configuration field value from step 4.
  3. For a Restorepoint integration, follow the steps in sync SL1 devices with Restorepoint in PowerFlow.

  4. Do one of the following:

Creating a SOAP/XML Credential for PowerFlow

To create a SOAP/XML credential to connect SL1 with PowerFlow:

  1. Follow the steps in the section Creating a SOAP/XML Credential for PowerFlow.
  2. After saving the credential, make note of the credential ID. This number can be found at the top of the Edit SOAP/XML Credential modal or in the ID column on the Credentials page (Manage > Credentials) or Credential Management page (System > Manage > Credentials).

Syncing SL1 Devices with ServiceNow

To sync SL1 devices with ServiceNow:

  1. Follow the steps in the section Running a Device Sync.
  2. In the Configuration pane of the "Sync Devices from SL1 to ServiceNow" application, make note of the value in the Configuration field.

Editing the Run Book Action

To edit the input parameters in the "ServiceNow: Send Change Request Event to PowerFlow" Run Book Action:

  1. Go to the PowerPack Manager page (System > Manage > PowerPacks).
  2. Locate the Business Services Base Pack PowerPack and click its wrench icon (). The Editing PowerPack modal appears.
  3. In the Editing PowerPack modal, click Run Book Actions in the left Navbar. The Embedded Run Book Actions page appears in the modal.
  4. Click the wrench icon () for the "ServiceNow: Send Change Request Event to PowerFlow" Run Book Action. The Policy Editor modal appears.
  5. In the Policy Editor modal, make the following edits to the Input Parameters field:
  1. Click Save, then exit the Policy Editor modal.
  2. Exit the Editing PowerPack modal.

Syncing SL1 Devices with Restorepoint

To sync SL1 devices with Restorepoint:

  1. Follow the steps in the section Running a Device Sync.
  2. In PowerFlow, open the Configuration pane for the "Restorepoint: Sync Devices" application and select Enable for the restorepoint_config field to allow device change detection.
  3. Make a note of the restorepoint_id value on the Configuration pane for the "Restorepoint: Sync Devices" application.
  4. In SL1, make sure that the same restorepoint_id value was added to the Values column on the Attributes tab on the Device Investigator page for the devices synced from Restorepoint.

Permanently Enabling the Changes Tab

To permanently enable the Changes tab using the NextUI configuration file, run the following steps on all appliances, including the Administration Portal, the Database Server, the Data Engine, and the All-In-One Appliance.

To permanently enable the Changes tab:

  1. Start an SSH session into one of the SL1 appliances.

  2. Using vi or another text editor, edit the /opt/em7/nextui/nextui.conf file. To do so, enter the following at the shell prompt: 

    sudo vi /opt/em7/nextui/nextui.conf

  3. Add the following line at the bottom of the NextUI configuration file: 

    BUSINESS_SERVICES_CHANGE_EVENTS_TAB=enabled

  4. Save your changes, and then restart the NextUI service by running the following command:

    sudo systemctl restart nextui

  5. Repeat steps 1-4 for the remaining SL1 appliances.

Temporarily Enabling the Changes Tab

To temporarily enable the Changes tab using GraphQL:

  1. To access the GraphiQL interface, type the URL or IP address for SL1 in a browser, add /gql to the end of the URL or IP address, and press Enter. The GraphiQL interface appears.

  2. In the main query pane, type the following mutation:

    mutation updateChangeEventsTab {
    	updateFeatureToggle(
    		id: "system:BUSINESS_SERVICES_CHANGE_EVENTS_TAB"
    		value: "enabled"
    	) {
    		id
    		value
    	}
    }

    Click the Prettify button to format the mutation and to add syntax highlighting to make the mutation easier to read. Note that the Prettify process removes the query syntax if only one query is present in the main query pane.

  3. Click the Execute Query (Play) button. The mutation executes, and the results appear in the pane on the right side.

    If the Changes tab does not appear in SL1 after executing the mutation, refresh the page using the F5 key or by clicking the refresh button in your web browser.

    For more information about GraphQL, see the GraphQL documentation. For more information about the GraphiQL user interface, see the GraphiQL user interface documentation.