Troubleshooting alerts
You can troubleshoot alerts by running predefined actions on an alert, including administrative actions such as acknowledging an alert and creating a ticket based on an alert, and information retrieval actions, such as running ping or traceroute commands against the resource on which the alert occurred.
Procedure
-
Click an alert of interest in the table on the Alerts
page.. A side panel that contains multiple information sections opens in the table. The first section is called the Actions section and displays a set of actions that can be performed on the selected alert.If you to perform actions on multiple alerts in one go, then select multiple alerts using Shift-Click.
- In the Actions section, select the action to perform on the
alert. The actions available are as follows. For more information on each of these troubleshooting actions, see the links at the end of the topic.
- Acknowledge
- Acknowledge an alert when you want to work on that alert. You must be the alert owner to perform this action.
- De-acknowledge
- De-acknowledge an alert if you are no longer working on it. You must be the alert owner to perform this action.
- Create new incident
- If you believe that multiple alerts form part of a single real-life incident, then you can create a new Netcool® Operations Insight® incident based on those alerts. For more information, see the Creating incidents link at the end of the topic.
- Add to incident
- If you believe that one or more alerts belong together with an existing Netcool Operations Insight incident, then you can add those alerts to that incident. For more information, see the Creating incidents link at the end of the topic.
- Prioritize
- Use this command to change the severity of an alert. You must be the alert owner to perform this action.
- Suppress/Escalate
- Suppress an alert to remove it from all operator alert lists. Escalate an alert to promote it to the Escalated alert list filter, where it can get attention from a wider range of support people. You must be the alert owner, in order to perform these actions.
- Take ownership
- Take ownership of an alert if you want to work on resolving that alert. Once you have ownership of an alert, you can perform other actions on it such as Acknowledge, Prioritize, Suppress, Escalate, and Delete.
- User Assign
- Use this command to assign an alert to another user. That user then becomes the alert owner.
- Group Assign
- Use this command to assign an alert to a group.
- Delete
- Delete an alert to remove it from the alerts list. You must be the alert owner to perform this action.
- Ping
- Use this command to run the ping command against the network resource
specified in the
Node
field of the alert. - Event Search
- Use this command to perform a historical alert search against the selected alert.
- Create ticket
- Use this command to create a ticket for the selected alert.
- Search Humio
- Run this command to retrieve Humio data for this alert.Note: This alert is only available if the Humio integration has been set up. For more information, see the Adding the Search Humio action link at the end of this topic.