Working with the alert timeline

Click any alert to display a timeline for that alert in the sidebar. The timeline includes journal entries for the alert, and comments added by operators, in chronological order.

Procedure

  1. Click an alert of interest in the table on the Alerts page..
    A side panel that contains multiple information sections opens in the table.The first section is called the Actions section and displays a set of actions that can be performed on the selected alert.
  2. Close the Actions section by clicking the upward-pointing chevron Upward-pointing chevron icon in the Actions section header.
  3. Open the Information section by clicking the downward-pointing chevron Downward-pointing chevron icon in the Information section header.
    Information for the selected alert is shown in the following tabs:
    Fields
    This tab displays the complete set of column data for the selected alert, including familiar fields, such as Summary, Node, Severity, and LastOccurrence. Other less familiar fields are also displayed in this tab. For a description of each of these fields, see the related link at the end of this topic.
    The policy name is also listed for temporal grouping and temporal pattern policies in the CEACorrelationDetails field. To enable policy name insertion and populate the timeline of a parent event with the policy name, complete the following steps:
    1. Edit the NOI custom resource (CR) with the following values:
      helmValuesNOI:
      global.actions.policyNamePropogation: true
    2. Run the following code:
      -- ENABLE JOURNAL FOR CEA PARENTS --
      UPDATE master.cea_properties SET IntValue = 1 WHERE Name IN ('CEAJournalToCKeyParent');
      go
      
      -- ENABLE parent journaling --
      UPDATE master.cea_properties SET IntValue = 1 WHERE Name IN ('CEAJournalToSuperParent');
      go
      
      -- ENABLE ADD CEACORRELATIONDETAILS TO JOURNAL --
      UPDATE master.cea_properties SET IntValue = 1 WHERE Name IN  ('CEAJournalCorDetails');
      go
    Note: The policy ID is displayed in the CEACorrelationDetails field for all grouped alerts (both parents and children), whether or not the policy name is propagated.
    Details
    This tab displays extra data that is associated with the selected alert. If there is no data to display, then a No Data message is shown in the tab area. For a description of this extra data, see the related link at the end of the topic.
    Timeline
    This tab displays the timeline for the selected alert. The timeline includes journal entries for the event, and comments added by operators, in chronological order.
  4. Click Timeline.
    The timeline presents a vertical display of journal entries for, and comments on the selected alert, in chronological order.
  5. Optional: Type a comment and click Add comment at any time to add a comment on this alert.
    Your comment is stored in the timeline in chronological order with the other entries.