.. _arb-main-interface: Arbitrator main interface ----------------------------- .. _23.1|EKB-15145: Overview .......... The Arbitrator GUI has two sections. The main interface displays on first log in, while the **System Configuration** GUI, accessed via the **Wrench** icon on the main interface toolbar, is accessible only to admin users. .. image:: /src/images/arb-main-interface-asset-explorer.png You can select the following functionality via the toolbar icons on Arbitrator's main interface: * Admin menu * :ref:`arb-asset-explorer` * :ref:`arb-alert-analyzer` * :ref:`arb-search` * :ref:`arb-call-path-monitor` * :ref:`arb-call-details-explorer` .. rubric:: Related topics * :ref:`arb-system-configuration` Admin menu .............. Access the **admin** menu via the Arbitrator main interface. Here you can: * Edit your profile, including your email address and password * Update user settings, which allows you to override themes, and set tab titles for the product * Configure system global settings (applies to all Arbitrator users) to enable/disable product usage event tracking (enabled by default). .. note:: When enabled, the system securely tracks and measures anonymized product usage events, such as login/logout, UI operations, and permission groups. This data helps VOSS gain insights into product usage and improve user experience. * View system version and license details * Sign out .. image:: /src/images/arb-admin-menu-toolbar.png .. _arb-asset-explorer: Asset Explorer ............... The **Asset Explorer** tab lists devices created as assets in Arbitrator, displaying up to 100 assets per page. On this page you can also view the alert severity status of each asset, and click on an asset to view further details. .. note:: If you have more than 100 assets, use the toolbar paging icons to display the next increment of assets. .. image:: /src/images/arb-main-interface-asset-explorer.png Asset Alert Severity Status '''''''''''''''''''''''''''''' Assets display the color of the current highest-level alert for that asset in the system. Color coding is used to indicate the alert severity status of each asset: .. image:: /src/images/arb-asset-alert-severity-status.png * Critical (Red) * Major (Orange) * Minor (Yellow) * Informational (Blue) * Normal (Green) * Maintenance (Black) * None (Gray) Assets Search Filter '''''''''''''''''''''' You can apply a search filter in the Asset Explorer to display only relevant assets (assets matching specified filters). You can filter assets by: * Alert severity level, including maintenance mode * Asset type * Asset groups * Keyword .. image:: /src/images/assurance-correlation-image91.png .. _arb-asset-details: Asset Details '''''''''''''''' Click on an asset in the Asset Explorer to open a summary of that asset's alarm statistics on the **Asset Details** page. You can select the following tabs on the **Asset Details** page: * Alerts * Probes * Search .. _arb-asset-details-alerts: Asset Details - Alerts Tab ''''''''''''''''''''''''''''' The **Alerts** tab displays all alerts associated with the asset and allows you to disposition, add alert journal entries for the alert, and see a report of the alert and events. See Alert Disposition, Alert Journal and View Report within the :ref:`arb-alert-analyzer` section. .. image:: /src/images/assurance-correlation-image82.png .. _arb-asset-details-probes: Asset Details - Probes Tab ''''''''''''''''''''''''''' The **Probes** tab displays all probes associated with the asset. Clicking on each probe displays the probes output. If output is a numerical value, such as CPU usage, then a graph will be displayed of that value over time. If the probe output is non-numerical then just the last probe output displays. .. image:: /src/images/assurance-correlation-image81.png .. _arb-asset-details-search: Asset Details - Search Tab ''''''''''''''''''''''''''''' The **Search** tab contains an event search bar tied to the data associated only with this asset. This allows you to search all logs/events by this asset versus the entire index data store. (See Event Search for more details) .. image:: /src/images/assurance-correlation-image84.png .. _arb-alert-analyzer: Alert Analyzer ............... Overview '''''''''' On the **Alert Analyzer** page you can view all alerts coming into the system based on a first in/last out presentation. You can view older, existing alerts, as well as viewing alerts as they occur. You can disposition alerts based on activity, and view a report details associated with a specific alert. Several filter and sort options can also be applied. .. image:: /src/images/assurance-correlation-image83.png .. _arb-alert-analyzer-disposition: Disposition '''''''''''' Disposition allows you to set the status of each alert, either one at a time, or in bulk. The table describes the options for alert dispositions: .. tabularcolumns:: |p{4cm}|p{11cm}| +-------------------+-----------------------------------------------------------------------------+ | Option | Description | +===================+=============================================================================+ | Open | Default status for a new alert. | +-------------------+-----------------------------------------------------------------------------+ | Under Review | The assigned owner is working on the alert. | +-------------------+-----------------------------------------------------------------------------+ | Acknowledge | Alert has been seen, but is not currently being worked on. | +-------------------+-----------------------------------------------------------------------------+ | Release | The assigned owner has released the alert to be worked on by others. | +-------------------+-----------------------------------------------------------------------------+ | Close | The alert has been resolved, but the alert journal can still be edited. | +-------------------+-----------------------------------------------------------------------------+ | Disregard | The alert is deleted from the system. | +-------------------+-----------------------------------------------------------------------------+ | Close + Lock | Alert has moved to a Closed state and the alert journal cannot be edited. | +-------------------+-----------------------------------------------------------------------------+ .. rubric:: Disposition a Single Alert 1. Expand the alert to open it (click the up/down arrows to the far right of the alert). 2. From the **Status** drop-down, select the disposition state. .. image:: /src/images/assurance-correlation-image86.png .. rubric:: Bulk Disposition Multiple Alerts This procedure dispositions a group of alerts at once. 1. Apply the required filter to the alerts - use the Filter Manager (see Alert Filters). 2. Once you have the group of alerts filtered, choose the required disposition state from the **Bulk Disposition** drop-down. .. rubric:: Filter by Disposition 1. Click the down-arrow at the **Status** drop-down. 2. Select a disposition status. 3. Click **Update** to apply the filter to see only those alerts with the disposition status you've selected. 4. View alerts, filtered by the selected disposition status. .. image:: /src/images/assurance-correlation-image85.png .. _arb-alert-analyzer-filter-manager: Filter Manager '''''''''''''''' You can apply filters to alerts to view only a subset of alerts. You can filter by keywords, severity, and by date and time. 1. On the **Alert Analyzer** page, click the **Wrench** icon in the **Filters** pane to open the **Filter Manager**. 2. Click the Plus icon (+) to add a new filter. 3. Fill out filter criteria across the tabs: Keywords, Severity, Date & Time: * On the **Keywords** tab, fill out a name and description for the filter, then fill out filter criteria, which can be any or all of the following: correlation policy, correlation rule, group name, customer name, site, node, owner, or message .. image:: /src/images/assurance-correlation-image98.png * On the **Severity** tab, select one or more severity states: * Active: Alert is currently in one of the active states * Escalated: Alert has been escalated based on the timer in the correlation rule * Acknowledged: Alert is in an acknowledged disposition state * Expired: Alert has expired based on the timer set in the correlation rule .. image:: /src/images/assurance-correlation-image96.png * On the **Date & Time** tab, set a date range for the filter, either "All Day", a specific start and end time, a day of the week, or any combination. .. image:: /src/images/assurance-correlation-image97.png Alert Journal '''''''''''''''' The Alert Journal displays the alert history as well as system and user actions. Users can add journal entries to update status or actions. .. rubric:: Add an Alert Journal 1. On the **Alert Analyzer** page, click the **Pause** button to stop the automatic refresh. 2. Expand the alert where you want to add an entry. 3. Click **Journals**, then fill out a journal entry in the field displaying the text, **NEW JOURNAL ENTRY**. 4. Click **Add**. 5. Click the **Play** button to resume refresh on the Alert Analyzer. .. image:: /src/images/assurance-correlation-image94.png Alert Sort '''''''''''' Alerts in the Alert Analyzer can be sorted based on the following categories: * Time to Expire/Escalate * Alert Severity * Alert Date & Time The sort order for each category can be toggled between ascending and descending. Additionally, the order of each sort category will be the first to last in priority. To change this, click the down arrow or the up arrow adjacent to each category. .. image:: /src/images/assurance-correlation-image95.png .. _arb-search: Search .......... Overview '''''''''' Arbitrator's main interface provides the following search options: * :ref:`arb-search-event` * :ref:`arb-search-simple` * :ref:`arb-search-keyword` * :ref:`arb-search-conjunctions` * :ref:`arb-search-date-range` .. _arb-search-event: Event Search '''''''''''''' The Event search view provides access to all raw data coming in to Arbitrator and provides a simple interface to search for and display results. Arbitrator builds a dictionary of all words from all received logs, enabling rapid search across large volumes of data, making an otherwise complex amount of data quickly searchable and more useable. .. _arb-search-simple: Simple Search '''''''''''''' To perform a simple search across all logs based on the default time of "Last 24 Hours", use the "*" wildcard character. 1. In the search text input field type ``*`` 2. Press **Enter**, or click the magnifier icon. 3. View search results, which displays all log data received in the last 24 hours. The default number of logs per page is 10, but can be increased via the drop-down below the time bar. .. image:: /src/images/assurance-correlation-image92.png .. _arb-search-keyword: Keyword Search '''''''''''''''' To perform a keyword search across all logs based on the default time of "Last 24 Hours": 1. Fill out a word or part of a word that you know is present in your data, such as "Cisco". The event search auto suggests a keyword as you type, based on data the Arbitrator has collected. 2. Press **Enter** to select the auto-suggested word, or click the Magnifier icon to run the search. 3. View search results, which displays all log data from the past 24 hours that contains the specified criteria. The default number of logs per page is 10. To increase the number of logs per page, select the required number from the drop-down below the time bar. .. image:: /src/images/assurance-correlation-image93.png .. _arb-search-conjunctions: Use Operators with Search '''''''''''''''''''''''''''' The Event Search allows the use of operators (``AND``, ``OR``, ``NOT``) to combine keywords that you know are present in your data for a more granular search. A search with operators searches across all logs based on the default time of "Last 24 Hours". 1. Fill out a word or part of a word that you know is present in your data, such as "Cisco", followed by the relevant operator (``AND``, ``OR``, ``NOT``). .. note:: When using operators, the logic must match in order to retrieve data. 2. Select a keyword from the auto-suggest, or press **Enter** to run the search. 3. View search results, which displays all log data from the past 24 hours that contains the specified criteria. The default number of logs per page is 10. To increase the number of logs per page, select the required number from the drop-down below the time bar. .. image:: /src/images/assurance-correlation-image101.png .. _arb-search-date-range: Date Range Search '''''''''''''''''''' You can search for and apply a date to any of the possible search types discussed in this section. The default is the last 24 hours, or choose an option from the drop-down: * Last 24 Hours: The default * Last 1 Hour * Last 30 Minutes * Last 5 Minutes * Custom date range showing from and to. Clicking in the "From" box opens up a calendar from where you can select a specific "From" date. Clicking in the "To" box will do the same. .. image:: /src/images/assurance-correlation-image102.png Search Result Metadata '''''''''''''''''''''''' The event search engine uses Arbitrator's core processes to store, tag, and manage data. Click on the blue text ("XML") that displays with each log entry to open up an XML representation of the data along with additional important elements, specifically, the entity ID's, which make every event unique and formulates the "Reference ID" seen on the Alert Analyzer page. For compliance purposes, a hash of the raw log is also available, if required. To return to the main search page, click **Raw**. .. image:: /src/images/assurance-correlation-image100.png .. _arb-call-path-monitor: Call Path Monitor ..................... Arbitrator's **Call Path Monitor** allows you to manage unified communications, and the particular call path that a Voice over IP call (VoIP) takes. It displays the paths or routes that a call takes from source to destination. Each path contains the IP Addresses, number of hops, delay, and latency during the call. .. image:: /src/images/assurance-correlation-image12.png Sorting Call Paths '''''''''''''''''''' The Call Path Monitor provides three options for sorting data on the page and for represented call paths: ================ =============================================================== Total Delay The total latency on the call. Average Delay The average latency on the call. Total Hops The total number of layer-3 hops the call took. ================ =============================================================== For each sort option, you can also choose to view the data in ascending or descending order. .. image:: /src/images/assurance-correlation-image13.png Call Path Time Range '''''''''''''''''''''' The Call Path Monitor time range setting allows you to define the time range for which you wish to view collected call paths. The **Range** drop-down provides the following options: * All * 1 Hour * 1 Day * 2 Days * 3 Days * 4 Days * 5 Days .. image:: /src/images/assurance-correlation-image89.png Expanded Call Path View '''''''''''''''''''''''''' Expanding a call path allows you to see the path by hop or by IP Address. In addition, it provides an option to view it by the total per hop or cumulative delay, latency, and Jitter. The expanded view also shows you whether the call was ON Network or OFF Network. The expanded view can be toggled to show in graph or table views. To expand a call path and toggle between graph and table views, click the arrow adjacent to the relevant call path. By default, the view is in graph mode. To switch to the table view, choose the table view icon in the upper left corner of the now expanded call path. .. image:: /src/images/assurance-correlation-image11.png Searching Call Paths '''''''''''''''''''''' Each call path has several fields you can use to search and filter for a relevant call (one or more). * Source * Destination * Method * Hops .. image:: /src/images/assurance-correlation-image23.png View Call Details from the Call Path '''''''''''''''''''''''''''''''''''''' In the Call Path Monitor you can drill into the specific call details directly from the chart. Click the blue Phone icon in the path row to open the Call Details Explorer view for that call path. .. _arb-call-details-explorer: Call Details Explorer ......................... The Call Details Explorer is the main page for managing unified communications and the details of a particular call path that a Voice over IP (VoIP) call takes. This page displays the time, source destination, vendor, latency, and hops (at the top of the page). The bottom pane displays the call path with each hop, along with the call metrics, such as packets lost, jitter, R-Factor, and MOS. .. image:: /src/images/assurance-correlation-image10.png .. rubric:: Call Details Explorer Toolbar The table describes the functional elements on the Call Details Explorer toolbar: .. image:: /src/images/arb-call-details-explorer-toolbar.png .. tabularcolumns:: |p{4cm}|p{11cm}| +--------------------------------------+------------------------------------------------------------------------+ | Element | Description | +======================================+========================================================================+ | Filter by date and time | The date and time calendar allows you to search call details for | | | a specified date and time range. You can select a date and time from | | | the calendar, or select from a range of predefined options, from Last | | | 5 Minutes, to Last 12 Months, or for the previous hour, day, or week. | +--------------------------------------+------------------------------------------------------------------------+ | Filter by call quality | The Phone icons allow you to filter your data to view only good calls, | | | only bad calls, or view both good and bad calls. | | | | | | * Bad Calls (Red) | | | * Good Calls (Green) | | | * Bad and Good Calls (Blue) | | | | | | .. image:: /src/images/assurance-correlation-image90.png | +--------------------------------------+------------------------------------------------------------------------+ | Clear Filters | Removes all applied filters and displays call details in the default | | | display mode. | +--------------------------------------+------------------------------------------------------------------------+ | Update | Applies a predefined refresh timer to the page. Click **Update** to | | | request new data, on demand. | +--------------------------------------+------------------------------------------------------------------------+ | Delete Selected Calls | Deletes any call selected on the page. | +--------------------------------------+------------------------------------------------------------------------+ | Refresh, Play, or Pause Data | Click the Pause/Play icon to pause or restart the data refresh cycle. | | | This is useful when reviewing a specific call. | +--------------------------------------+------------------------------------------------------------------------+ | Sort | Provides the following sort options for call details. You can sort by: | | | | | | * The time the call was placed | | | * The source that placed the call | | | * The call destination | | | * The vendor, which identifies the method that created the call. The | | | only options are LX1 (the VOSS Raptor Call Path generator) and RTCP | | | (Avaya-specific RTCP and call path data) | | | * Latency - the aggregate latency recorded on the call | | | * The total number of hops the call took | | | | | | You can sort each option in ascending or descending order. | +--------------------------------------+------------------------------------------------------------------------+ | Search | A free text search field that also has options to use predefined | | | criteria, either of the following: | | | | | | * Search by the source IP that made the call | | | * Search by the destination IP that received the call | | | * Search by vendor, which identifies the method that created the call. | | | Options are LX1 (the VOSS Raptor Call Path generator) and RTCP | | | (Avaya-specific RTCP and call path data) | +--------------------------------------+------------------------------------------------------------------------+ .. tabularcolumns:: |p{4cm}|p{11cm}| +--------------------------------------+------------------------------------------------------------------------+ | Element | Description | +======================================+========================================================================+ | Call Management Configuration | Click the **File** icon adjacent to the Search bar to open the | | | **Call Management Configuration** dialog, where you can configure | | | settings to manage the call table on the Call Details Explorer page. | | | | | | In very busy or large environments it is imperative that you manage | | | the data being collected in the Call Detail Explorer. Having | | | potentially thousands of calls can lead to the data becoming difficult | | | to manage. These settings provide optional time and methods for which | | | call data can be archived. Options are daily, weekly, monthly, or | | | quarterly. Ensure that you toggle on **Alert on Archive Failure**, | | | and **Alert on Archive Success**. Available archival methods are SCP, | | | SFTP, or SMB. Each requires a host, path, and credential. Multiple | | | methods may be added. | +--------------------------------------+------------------------------------------------------------------------+ The image shows the Call Management Configuration dialog: .. image:: /src/images/arb-call-details-explorer-call-management.png