IBM Support

How can I extend Netcool Operations Insight to get more information on events?

Technical Blog Post


Abstract

How can I extend Netcool Operations Insight to get more information on events?

Body

I am going to explore extending Netcool Operations Insight 1.3.0 (NOI) to search multiple data sources. I will demonstrate using the Smart Cloud Log Analysis 1.3.0 (LA) launch-in-context capability and creating javascript based tools in WebGUI. I will use this to search logs for information related to an item in the EventList. I will then go through worked example using this to analyse the cause of a problem.

How to create a right-click EventList tool to search multiple data-sources.

Click on the Administration-> tools configuration menu .  (This requires the user has appropriate privileges)

You should then see a Tools Configuration dialog like the following:

WebGUI tools configuration menuCreate a name for the tool (I called it 'scalaFindEventsAllDatasources' in this example) and  choose  'script' (javascript) type for the tool.

We can put some javascript in the 'Script Commands' box to use the 'FirstOcurrence' field of the event to generate a URL which issues a launch-in-context search for all log entries which occurred within 15s of the specified event. The LA launch-in-context feature allow you to issue searches and run invoke custom applications from approved IBM products using a URL API. (See links at the end of this article)

Here is some example javascript to issue a search:

var firstocc = parseInt({@FirstOccurrence});

var starttm = new Date(firstocc*1000 -15000);

var endtm = new Date(firstocc*1000 +1000);

var starttmstr = starttm.getDate()+'/'+(starttm.getMonth()+1)+'/'+starttm.getFullYear()+' '+starttm.getHours()+':'+starttm.getMinutes()+':'+starttm.getSeconds()+'.'+starttm.getMilliseconds();

var endtmstr = endtm.getDate()+'/'+(endtm.getMonth()+1)+'/'+endtm.getFullYear()+' '+endtm.getHours()+':'+endtm.getMinutes()+':'+endtm.getSeconds()+'.'+endtm.getMilliseconds();

window.open("https://<SCALASERVER>:9987/Unity/SearchUI?queryString=*&timefilters={%22type%22:%22absolute%22,%20%22startTime%22:%22"+starttmstr+"%22,%20%22endTime%22:%22"+endtmstr+"%20%2B0000%22}");

'SCALASERVER' is the address of the server running LA and is running on the default port of 9987. I set the time range of the search to between 15s before and 1s after the first occurrence of the event. I chose 1s after to make sure the clicked on event is in the search results. The parts of the script which control time settings are in bold type above. In practice you might want a longer time period than 15 seconds. It is straightforward to modify the javascript to change the time period.

Adding the tool to the right click menus

The next thing to do is to add the tool to the right-click menus. To add the tool to same place as the existing EventSearch tools: click on 'Administration->Menu configuration', select the 'SCALA' menu group, then add the 'scalaFindEventsAllDatasources' to the group using the menu editor.

image
image

We now have the tool in-place and are ready to try it out.

Example Scenario

IBM SmartCloud Log Analytics is configured to ingest data from both NetCool OMNIbus events and WebSphere log files, using the NOI pack v1.3.0 and the WebSphere Insight pack. (Tare more insight packs available on a variety of data sources. See links at the end of the article for details on other insight packs available. )

In our example, an operator or SME sees an authentication error and decides it needs more investigation.image

They want to get more information so they right click on the event, and select the tool we developed earlier, to search all data sources.image

This produces warning popup saying all data sources will be searched, because none was specified in the query. We ignore this because we actually want to search all sources. In practice it might be preferable to explicitly define which data sources the tool searches. This can be done by modifying the query URL generated by the javascript developed earlier.

The results also show an error generated by the WebSphere Liberty server just prior to the OMNIbus event. The errors indicates that OMNIbus is being used to authenticate passwords and this is failing because connection to OMNIbus is not available.

image

This is useful info, now we want to more log entries, in order to see if there could be an entry related to the ObjectServer connection error. Switching to a list view enables us to have more entires on a page.  LA appends all columns from all the data sources together when listing results from multiple sources. We don't want to need to keep scrolling back and forth across the columns when reasing data, so let's reduce the number of columns, to avoid having to scroll back and forth across the data displayed.

image

 

Paging down our list view we see a connection Link Down error occurring shortly before the authentication event. It could be the cause of our error!

image

Final thoughts

This scenario used a manufactured situation rather than real world data, and the eagle eyed might have spotted inconsistencies in the event data.  However this has been used to demonstrate how you can create custom tools in WebGUI and how combining data from multiple sources within LA might help a SME resolve problems more quickly.

NOTE: It goes without saying you should check your licensing agreement before ingesting additional data sources into your LA server.

See the following URLs for more information on topics touched on in this blog.

SMC Connect: Smart Cloud Log Analytics Insight Packs

Netcool Operations Insight 1.3.0 Knowledge Center

Launch-in-context configuration

Creating event management tools

 

[{"Business Unit":{"code":"BU004","label":"Hybrid Cloud"},"Product":{"code":"","label":""},"Component":"","Platform":[{"code":"","label":""}],"Version":"","Edition":""}]

UID

ibm11082253