Correlate

Assets

Asset Map Explorer

../../../_images/assurance-correlation-image107.png

This view displays all of the defined assets in the system on a map for visual grouping according to their physical location. The location or address of the assets are input in the asset configuration section within the Configuration interface. This view is integrated with the MapQuest API (Internet access required to display the map).

Note: The system allows the ability to import a .csv file of assets and addresses.

Asset Overview

Each Asset is colored to reflect its current Alert Status. The status colors available and their meanings are below:

  • Red (Critical)

  • Orange (Major)

  • Yellow (Minor)

  • Blue (Informational / Notification)

  • Green (Healthy)

../../../_images/assurance-correlation-image5.png

You can click on any of the assets to display the summarized alarm statistics for that asset. A box will open in the upper right corner of the screen to show the details. To see greater detail about the status of the asset, click on the underlined View Asset Details in the bottom of the box. This will take you to the Asset Details view. (See Asset Details view under the Asset Explorer Section)

Asset Explorer

Asset Explorer gives a view into the current alarm state of the assets monitored by Arbitrator.

Only devices created as Assets in the Arbitrator system will be rendered in the view. Since Correlated events create alarms in the system, asset icon colors will change to reflect the severity level of the alert. Assets display the color of the current highest-level alert for that asset in the system.

Alert Severity Levels:

  • Red (Critical)

  • Orange (Major)

  • Yellow (Minor)

  • Blue (Informational / Notification)

  • Green (Healthy)

../../../_images/assurance-correlation-image80.png

Asset Filtering

../../../_images/assurance-correlation-image91.png

The Assets displayed can be filtered using the filtering pane on the left. This includes:

  • Filtering by Alert Severity levels

  • Asset Type

  • Defined Asset Groups

  • Keyword

Asset Explorer Navigation

../../../_images/assurance-correlation-image35.png

The Asset Explorer will display up to 100 assets per page. Use the navigation button in the top right to grab the next 100 assets or the specific increment you have set.

Asset Details View

The Asset Details View is opened when you double click on any of the assets in the Asset Explorer view. Once open the view contains 3 tabs:

  • Alerts

  • Probes

  • Search

Click Close in the upper right corner of the screen to return to the Asset Explorer view.

Asset Details: Alerts Tab

../../../_images/assurance-correlation-image82.png

This tab displays all alerts associated with the asset and allows the user to disposition, add alert journal entries for the alert and see a report of the alert and events. (See Alert Disposition, Alert Journal and View Report within the Alert Analyzer Section)

Asset Details: Probes

../../../_images/assurance-correlation-image81.png

This tab displays all probes associated with the asset. Clicking on each probe will display the probes output. If output is a numerical value, such as CPU usage, then a graph will be displayed of that value over time. If the probe output is non-numerical then just the last probe output will be displayed.

Alerts

Alert Analyzer

The Alert Analyzer screen displays all of the alerts coming into the system based on a first in / last out presentation. It allows the user to see the alerts as they are happening or ones that have been in existence for a period of time. It also provides the ability to disposition the alerts based on activity as well as view a report with specific details associated with the alert. There are also several filter and sort options available to apply to the view.

../../../_images/assurance-correlation-image83.png

Alert Disposition

The drop-down box allows you to set the status of each alert. The can be set one at a time or by bulk. The available options are:

  • Open: This is a new alert.

  • Under Review: Moved out of the open state and the alert journal can still be edited.

  • Acknowledge: Moved out of the open state and the alert journal can still be edited.

  • Release: Moved out of the open state and the alert journal can still be edited.

  • Close: Moved out of the open state and the alert journal can still be edited.

  • Disregard: The alert is deleted from the system.

  • Close and Locked: Moved to a closed state and the alert journal cannot be edited.

To disposition an alert simply open the alert by expanding it (click the up and down arrows to the far right of the alert). Once open select the drop-down box next to “Status” and select the disposition state.

../../../_images/assurance-correlation-image86.png

Bulk Disposition: This will allow the user to disposition a group of alerts at once. First apply the required filter to the alerts by using the Filter Manager (See Alert Filters). Once you have the group of alerts filtered then select the desired disposition state from the “Bulk Disposition” drop-down box.

Filtering by Disposition

By clicking the drop-down box “Status” you can choose to see only the alerts with a specific disposition status. Once open select your choice(s) by checking the boxes and click update. The screen will show only the ones you have selected.

../../../_images/assurance-correlation-image85.png

Alert Filters

Alert Filters provide the ability to filter all of the alerts by Keywords, Severity and Date & Time. Open the “Filter Manager” by selecting the wrench icon in the top left of the screen next to the word Filters. Click the “Add” button to add a new filter.

  • Keywords: Fill in the detail to filter by. Choose to enter one, many or all of the criteria fields.

    • Name: Sets the name of the filter for your reference

    • Description: Description of the filter

    • Policy: Filter by the name of the correlation policy

    • Rule: Filter by the name of the correlation rule

    • Group: Filter by the name of the group

    • Customer: Filter by the name of the customer

    • Site: Filter by the site

    • Node: Filter by the node

    • Message: Filter by the message

    • Owner: Filter by the owner

../../../_images/assurance-correlation-image98.png
  • Severity: The filter can be set based on the chosen severity or severities. Additionally, the state or states can be chosen with each severity. Click the levels desired.

    • Active: Alert is currently in one of the active states

    • Escalated: Alert has been escalated based on the timer in the correlation rule

    • Acknowledged: Alert is in an acknowledged disposition state.

    • Expired: Alert has expired based on the timer set in the correlation rule

../../../_images/assurance-correlation-image96.png
  • Date & Time: The filter can be set based on a date range, by “All Day”, by a specific start and end time, by the day of the week or any combination.

../../../_images/assurance-correlation-image97.png

Alert Journal

The Alert Journal will show the history of the alert and the actions taken both by the system and by the user. Additionally, a user can add a journal entry to update status or actions taken.

To add an Alert Journal:

  • Click the Pause button to stop the automatic refresh

  • Expand the Alert you want to add an entry to by clicking the expand icon

  • Click the Journals Button

  • Type the journal entry into the text box where it says NEW JOURNAL ENTRY

  • When done Click Add

  • Click the Play button to stop the pause and allow to refresh

../../../_images/assurance-correlation-image94.png

Alert Sorting

The alerts shown on the Alert Analyzer can be sorted based on three categories:

  • Time to Expire / Escalate

  • Alert Severity

  • Alert Date & Time

These three choices determine the sorting of the alerts on the Alert Analyzer screen. Each one can be toggled between ascending and descending order. Additionally, the order of each one will be the first to last in priority. This can be changed by clicking the down or up button next to each category.

../../../_images/assurance-correlation-image95.png

Call Path

Call Path Monitor

The Call Path Monitor serves as one of the base screens for managing Unified Communications and the particular call path that a Voice over IP call takes. It will display the paths or routes that a call took from the source to the destination. Each path contains the IP Addresses, number of hops, delay and latency during the call.

../../../_images/assurance-correlation-image12.png

Sorting Call Paths

The screen and the represented call paths can be sorted by three variables:

  • Total Delay: The total latency on the call.

  • Average Delay: The average latency on the call.

  • Total Hops: The total number of layer-3 hops the call took.

Each selection also has the choice of selecting ascending or descending order.

../../../_images/assurance-correlation-image13.png

Time Range for Call Paths

This provides the option of selecting the time range in which to show the call paths collected. Click the “Range” drop-down button. The available options are:

  • All

  • 1 Day

  • 2 Days

  • 3 Days

  • 4 Days

  • 5 Days

../../../_images/assurance-correlation-image89.png

Expanding Call Paths

Expanding a call path allows you to see the path by hop or by IP Address. In addition, it provides an option to view it by the total per hop or cumulative delay, latency, and Jitter. The expanded view also shows you whether the call was ON Network or OFF Network. The expanded view can be toggled to show in graph or table views.

To expand a call path and toggle between graph and table views:

  • Click arrow icon next to the call path you want to expand

By default, the view will be in graph mode. To switch to the table view, simply choose the table view icon in the upper left corner of the now expanded call path.

../../../_images/assurance-correlation-image11.png

Searching Call Paths

Each Call Path has several fields you can utilize to search and filter for the call(s) that you are interested in. The fields available are:

  • Source

  • Destination

  • Method

  • Hops

../../../_images/assurance-correlation-image23.png

View Call Details from the Call Path

The Call Path screen allows you to drill into the specific call details right on the chart. Simply click the blue telephone icon at the end of the path and it will take you to the Call Details Explorer view for that call path.

Call Details

Call Details Explorer

The Call Details Explores is the main screen for managing Unified Communications and the details of a particular call path that a Voice over IP call takes. It will display the time, source destination, vendor, latency and hops along the top screen. Below will show the Call path with each hop along with the call metrics (packets lost, jitter, R-Factor and MOS).

../../../_images/assurance-correlation-image10.png

Filter by Date and Time

In the upper left corner there is a time bar. You can choose to search the call details by the various options presented. When you click inside the bar several options along with a calendar open up to select.

  • Last 5 Minutes

  • Last 30 Minutes

  • Last Hour

  • Last 12 Hours

  • Last 24 Hours

  • Last 7 Days * This Month

  • Last Month

  • Last 2 Months

  • Last 3 Months

  • Last 6 Months

  • Last Year

  • Specific Date and Time

../../../_images/assurance-correlation-image87.png

Filter by Call Quality

../../../_images/assurance-correlation-image90.png

Just next to the time bar are several icons that allow you to filter the call detail data by Call Quality. There are 3 options:

  • Bad Calls (Red)

  • Good Calls (Green)

  • Bad and Good Calls (Blue)

Clear Filter, Update and Delete Call

../../../_images/assurance-correlation-image99.png

The three icons next to the call quality filters provide the functions below:

  • Clear Filter: This will remove all filters set and the call details will show the default display.

  • Update: The screen is pre-set with a refresh timer. Clicking this icon allows you to request new data on demand.

  • Delete Call: If the check box is selected next to any call then by clicking this icon the system will delete that call.

Refresh Pause

Selecting the pause icon in the top left of the view will stop the refresh cycle. This comes in handy as you are reviewing a specific call.

../../../_images/assurance-correlation-image77.png

Sorting

At the top right of the screen is a drop-down button called “Sort”. Clicking this button will open up several options for which the call details can be sorted.

  • Time: The time the call was placed

  • Source: The source that placed the call

  • Destination: The destination of the call

  • Vendor: Identifies the method that created the call. The only options are LX1 (the VOSS Raptor Call Path generator) and RTCP (Avaya specific RTCP and call path data)

  • Latency: The aggregate latency recorded on the call

  • Hops: The total number of hops the call took

Each option allows for the choice of ascending or descending order.

../../../_images/assurance-correlation-image68.png

Search Call Details

The search bar in the top right of the screen allows the user to search for specific call details. There are three options that can be utilized to search:

  • Source: The source IP that made the call

  • Destination: The destination IP that received the call

  • Vendor: Identifies the method that created the call. The only options are LX1 (the VOSS Raptor Call Path generator) and RTCP (Avaya specific RTCP and call path data)

../../../_images/assurance-correlation-image63.png

Call Management Configuration

In very busy or large environments it is imperative to manage the data that is being collected in the Call Detail Explorer. Have potentially 100’s of thousands of calls can lead to the data becoming difficult to manage. As such there is the option to manage the configuration of the call table within the Call Detail Explorer screen. Click the file cabinet icon next to the search bar and a menu screen will pop up. This provides optional time and methods for which the call data can be archived. The choices are Daily, Weekly, Monthly or Quarterly. Be sure to toggle on “Alert on Archive Failure” and “Alert on Archive Success. The methods available for archival are SCP, SFTP or SMB. Each requires a host, path and credential. Multiple methods may be added.

../../../_images/assurance-correlation-image6.png