Troubleshooting alerts

You can troubleshoot alerts by running predefined actions on an alert, including administrative actions such as acknowledging an alert and creating a ticket based on an alert, and information retrieval actions, such as running traceroute commands against the resource on which the alert occurred.

1. Click an alert of interest in the table on the Alerts page..
   A side panel that contains multiple information sections opens in the table. The first section is called the Actions section and displays a set of actions that can be performed on the selected alert.
   If you to perform actions on multiple alerts in one go, then select multiple alerts using Shift-Click.
2. In the Actions section, select the action to perform on the alert.
   The actions available are as follows. For more information on each of these troubleshooting actions, see the links at the end of the topic.

   Acknowledge

   Acknowledge an alert when you want to work on that alert. You must be the alert owner to perform this action.

   De-acknowledge

   De-acknowledge an alert if you are no longer working on it. You must be the alert owner to perform this action.

   Create new incident

   If you believe that multiple alerts form part of a single real-life incident, then you can create a new Netcool® Operations Insight® incident based on those alerts. For more information, see the Creating incidents link at the end of the topic.

   Add to incident

   If you believe that one or more alerts belong together with an existing Netcool Operations Insight incident, then you can add those alerts to that incident. For more information, see the Creating incidents link at the end of the topic.

   Prioritize

   Use this command to change the severity of an alert. You must be the alert owner to perform this action.

   Suppress/Escalate

   Suppress an alert to remove it from all operator alert lists. Escalate an alert to promote it to the Escalated alert list filter, where it can get attention from a wider range of support people. You must be the alert owner, in order to perform these actions.

   Take ownership

   Take ownership of an alert if you want to work on resolving that alert. Once you have ownership of an alert, you can perform other actions on it such as Acknowledge, Prioritize, Suppress, Escalate, and Delete.

   User Assign

   Use this command to assign an alert to another user. That user then becomes the alert owner.

   Group Assign

   Use this command to assign an alert to a group.

   Delete

   Delete an alert to remove it from the alerts list. You must be the alert owner to perform this action.

   Event Search

   Use this command to perform a historical alert search against the selected alert.

   Create ticket

   Use this command to create a ticket for the selected alert.

   Search Humio

   Run this command to retrieve Humio data for this alert.

   Note: This alert is only available if the Humio integration has been set up. For more information, see the Adding the Search Humio action link at the end of this topic.