Using Topology Search
After the topology search capability is configured, you can have Operations Analytics - Log Analysis show you the events that occurred within a specific time period on routes between two devices in the network topology. This capability is useful to pinpoint problems on the network, for example, in response to a denial of service attack on a PE device.
The custom apps of the Network Manager Insight® Pack can be run from the Operations Analytics - Log Analysis and, depending on your configuration, from the Network Views in Network Manager IP Edition and the event lists in the Web GUI. The custom apps support searches on Layer 2 and Layer 3 of the topology. The custom apps use the network-enriched event data and the topology data from the Network Manager IP Edition NCIM database. They plot the lowest-cost routes across the network between two nodes (that is, network entities) and count the events that occurred on the nodes along the routes. You can specify different time periods for the route and events. The algorithm uses the speed of the interfaces along the routes to calculate the routes that are lowest-cost. That is, the fastest routes from start to end along which a packet can be sent. The network topology is based on the most recent discovery. Historical routes are not accounted for. If your network topology is changeable, the routes between the nodes can change over time. If the network is stable, the routes stay current.
Before you begin
- Knowledge of the events in your topology is required to obtain meaningful results from the topology search, for example, how devices are named in your environment, or with what information devices are enriched. Device names are usually indicative of their functions. This level of understanding helps you run searches in Operations Analytics - Log Analysis.
- Configure the products to enable the topology search capability. See Configuring topology search.
- To avoid reentering user credentials when launching between products, configure SSO. See Configuring single sign-on for the topology search capability.
- Create the network views that visualize the parts of the network that you are responsible for and want to search. See https://www.ibm.com/docs/en/SSSHRK_4.2.0/admin/task/adm_crtnwview.html.
- Reconfigure your views in the Web GUI to display the NmosObjInst column. The tools that launch the custom apps of the Network Manager Insight Pack work only against events that have a value in this column. See https://www.ibm.com/docs/en/SSSHTQ_8.1.0/webtop/wip/task/web_cust_settingupviews.html.
Procedure
The flow of this procedure is to select the two nodes, select the tool and a time period over which the tool searches the historical event data. Then, in the Operations Analytics - Log Analysis UI, select the route that you are interested in and view the events. You can run searches on the events to refine the results.
Example
An example of how to run the custom apps from the Operations Analytics - Log Analysis UI. This example searches between 2 IP addresses: 172.20.1.3 and 172.20.1.5.- To run a new search, click Add search and type NodeAlias:"172.20.1.3" OR NodeAlias:"172.20.1.5". Operations Analytics - Log Analysis returns all events that have the NodeAlias 172.20.1.3, or the NodeAlias 172.20.1.5.
- In the results display, switch to grid view. Scroll across until you see the NmosObjInst column. Identify 2 rows that have different NmosObjInst values.
- For these rows, select the cells in the NmosObjInst column.
- In the Search Dashboards section of the UI, click or Find events between two nodes on layer 3 topology, depending which network layer you want to view.