Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Historical Event Browser

 
Note

For an event to be displayed in the historical event browser, it must first be cleared in the Live Event Browser.

To display the Historical Event Browser:

  1. Select Fault > Historical Event Browser.
  2. Select Actions > Manage Queries to display events in the historical event browser.

    The Historical Events Query window is displayed.

  3. In the Historical Events Query window, select New. The New Event Query window is displayed.
  4. Select the attributes you want, select a value from the menu in the field, and then click OK.
    Figure 1: Historical Event Queries and New Event Query Window
    Historical
Event Queries and New Event Query Window
  5. From the Select values window, select from the available values and click the arrow. The value is added to the New Event Query window.
  6. Type a name in the Name of the query field and click OK.
  7. In the Historical Event Queries window, click Run Query.

    The results are displayed in the Historical Event Browser window.

    Figure 2: Historical Event Browser Window
    Historical
Event Browser Window

    Events are colored. By default, critical events are red, warnings are yellow, and major events are pink.

    Icons at the top of the window are used to synchronize events with the Event Server, post network events, save events to a file, print events, toggle INFO events, and clear all INFO events.

    Select an event to display event details in the lower pane of the window.

    Table 1 describes the Historical Event Browser table columns.

    Table 1: Historical Event Browser Table Columns

    Column Name

    Description

    Event State

    The state of the event.

    Event ID

    The unique ID of the event. If the row corresponds to an aggregate event, this is the ID of the most recent event in the aggregated events.

    Type

    Supplied by the device sending the event, and is usually a terse description of the information represented by the event For example, linkUp, mplsLspDown. Event types are defined in the /u/wandl/db/config/eventtypes.store file.

    Element Type

    The element associated with the event; for example, Interface, Tunnel, VPN.

    Device ID

    Usually the hostname of the device. These names are derived from files created by a Scheduling Live Network Collection task in the Task Manager.

    Element Name

    The name of the element. For example, if the element type is Interface, the element name might be ge-0/0/3.0.

    Severity

    The severity of the event can be INFO, UP, WARNING, MINOR, MAJOR, CRITICAL, or DOWN. These are automatically set by default for each event, but can also be customized.

    Timestamp

    The time the event occurred, using the server’s time zone. For aggregate events, this is the time the most recent event occurred.

    First Timestamp

    For aggregate events only, the timestamp of the first event in the aggregated events.

    Count

    For aggregate events only, the number of events included in the aggregate event.

    Source IP

    The IP address of the device sending the event.

    Source ID

    The identifier of the device sending the event.

    Ack’d On

    The time the event was acknowledged.

    Ack’d By

    The name of the user who acknowledged the event.

    Aggregate ID

    Identifier for the aggregate event.

    Cleared By

    The name of the user who cleared the event.

    Note that the number of rows in the events table cannot be the same as the number of events due to aggregation of events. Events that share the same Event Type, Device ID, Element Type, and Element Name are grouped together into one row representing an aggregate event in order to reduce clutter in the Event Browser.