A brief video describing how to make alert reports through the reporting wizard in SevOne.
In this video we're going to discuss adding an alerts report attachment to one of your reports. Start by clicking "Alerts," then determining whether you want to aggregate the alerts into one of these buckets, or to use no aggregation. You choose "No Aggregation," which is the most common selection, you will actually be able to read the alert messages that are generated. These are more count values that are associated with the number of alerts devices have gotten, or a device group has gotten, or an object group has gotten, or currently active in the system.
We're going to continue on with "No Aggregation" and, again, selecting your device group; the default is "All devices." This is an important step. You can select different types of filters; "Severity" is a very common one, so is "Policy ID." Now, "Policy ID:" Let's say you only wanted to look at up/down alert conditions, for example. What you could do is you could look at the Policy ID and the best way to get a handle on the Policy ID is to navigate to the Policy Browser and just double-check which policy you would like to filter on.
Let's say I wanted to look at all Cisco IOS Memory above 95%, that's an ID of 4 and I would just add that as one of the filters here. Maybe I want the Disk Full, as well; I remember it being 5, and so on and so forth. Again, giving you greater context. The number of results that you want to pull in; the default's going to be 50, that can be toggled up or down as you see fit. The time span you'd like to look at; again, we're only going to be looking at active alerts in the system, in this table, so the default's going to be "All time," but, again, you can define something like "Today" as well.
Then we have a few options and we're probably going to come back to this page in a moment. Now, you can customize your columns; I tend to get rid of the Alert ID and I like to have Severity at the far left of my table. These are just personal preferences and you can define them here; there's small arrows next to here, to find the sort order. If I wanted to first sort by Severity and then by Device Name, I could do that here. The default behavior is to sort by Severity first, but, again, this is the flexibility you have in terms of what the sort order should be: first order and then second order of sorting behavior.
I'm going to hit "Next" and "Finish," and we can see that we have an alert table brought back, with all the active alerts for the Policy IDs that I filtered on. Now, one thing I could do, I could edit this, but I could also make a copy of any item in the dashboard, like I just showed.
I'm going to edit this one, and instead of showing this in a table, I'm not going to go over all the visualizations here that are available to you, but another common one is the "Alert Summary." You have a few options here: The "Detailed Summary" will actually bring you back statistics, percent event-free, mean time to resolution, etc., so I would like to keep that on. The "Display All" option basically will display a bar for a device, whether or not it is currently experiencing an alert. I, in this case, would like to keep that off.
Then we have the depth you want to break things out by: you can do it by groups, devices, or objects. We'll leave it at the default option for now, and hit "Finish." This is going to then bring back an alert summary bar for all of our devices, subject to the policy filters I had previously applied.
We could break this out by device, but by default we're looking at our device groups. Those are the two most common report attachments or ways to use the alert report attachment within SevOne.
In addition to these videos, remember that the Data Appliance NMS User Manual is available through the NMS UI as shown below. Clicking on the question mark at the top right of any page will automatically bring you to the section of the manual that corresponds to the page you are currently on.