Alerts Resolution Report

Use the Alerts Resolution report to obtain clear visibility into how effectively and efficiently alerts are managed and resolved in the target environment over a chosen period of time. This report helps administrators track the life cycle of alert - from detection to resolution - allowing them to identify recurring issues, response bottlenecks, and potential gaps in incident management processes. By analyzing alert volumes over a period of time, administrators can assess the health and stability of their systems, improve root cause analysis, and prioritize automation or preventive measures to reduce alert fatigue.

To generate this report, do the following:

  1. Select the Alerts Resolution option from the Operational Reports node of the REPORTS BY FUNCTION tree.

  2. Figure 1 then appears.

    Generating History of Acknowledgements Report

    Figure 1 : Generating the Alerts Resolution report

  3. You can build filter conditions using Figure 1 so that, you can selectively view the alert resolution. The first step towards building these filter conditions is selecting a basis for the filter. This can be achieved by picking an option from the Analyze By list. The options available here are as follows:

    • Component : This is the default selection in the Analyze By list. This implies that by default, the Alerts Resolution report is generated for all managed components in the environment. If you proceed with the default selection, then, you will find that All Component Types is the default selection in the Component Type list, and all the managed components in the environment populate the Components list. If you want to view the alert resolution of a particular component of a particular component-type, pick the type of your choice from the Component Type list; this will make sure that the Components list consists of only those managed components that are of the chosen type. You can then easily pick the component of your choice from the Component list.

    • Zone: Selecting this option from the Analyze By list will invoke a Zone list. Select a particular zone from this list, if you want to view the alerts resolution related to that zone. An Include Subzones flag also appears. By setting this flag to Yes, you can make sure that the alert resolution report also includes those alerts that are associated with the sub-zones of the chosen zone.

      Once a Zone is selected, the Component Type and Components lists will be populated with those component types and components (respectively) that are part of the selected zone. To view the alert resolution of a component that is part of a zone, pick that component from the Components list. If the Components list has too many components to choose from, then, you can condense the list by first picking a Component Type; this will make sure that the Components list consists of those components in the selected zone that are of the chosen type. You can then easily pick the component of your choice from the Components list.

      Note that the 'Zone' option will not be available in the 'Analyze By' list if no zones are configured in the environment.

    • Segment: If this option is chosen from the Analyze By list, a Segment list will additionally appear. In order to view the alerts resolution report pertaining to a specific segment, pick a segment from the Segment list.

      Once a Segment is selected, the Component Type and Components lists will be populated with those types and components (respectively) that are part of the selected segment. To view the alert resolution of a component that is part of a segment, pick that component from the Components list. If the Components list has too many components to choose from, then, you can condense the list by first picking a Component Type; this will make sure that the Components list consists of those components in the selected segment that are of the chosen type. You can then easily pick the component of your choice from the Components list.

      Note that the 'Segment' option will not be available in the 'Analyze By' list if no segments are configured in the environment.

    • Service: If this option is chosen from the Analyze By list, a Service list will additionally appear. In order to view the alert resolution pertaining to a specific service, pick a service from the Service list.

      Once you choose a Service, the Component Type and Components lists in Figure 1 will be populated with those types and components (respectively) that are engaged in the delivery of the said service. If you want to view the alert resolution of a component that supports the selected service offering, pick that component from the Components list. If the Components list has too many components to choose from, then, you can condense the list by first picking a Component Type; this will make sure that the Components list consists of those components in the selected service that are of the chosen type. You can then easily pick the component of your choice from the Components list.

      Note that the 'Service' option will not be available in the 'Analyze By' list if no services are configured in the environment.

  4. Next, pick a component type for which the report is to be generated from the Component Type list. By default, All Component Types option is chosen from this list.

  5. If the Components list consists of too many components, then viewing all the components and selecting the ones you need for report generation could require endless scrolling. To avoid this, you can click the Components button next to the Components list. The Components pop up window will then appear using which you can view almost all the components in a single interface and Select the ones for which the report is to be generated.

  6. Specify the report Timeline. You can either provide a fixed time line such as 1 hour, 2 days, etc., or select the Any option from the list to provide a From and To date/time for report generation.

    Note:

    For every user registered with the eG Enterprise system, the administrator can indicate the maximum timeline for which that user can generate a report. Once the maximum timeline is set for a user, then, whenever that user logs into eG Reporter and attempts to generate a report, the Timeline list box in the report page will display options according to the maximum timeline setting of that user. For instance, if a user can generate a report for a maximum period of 3 days only, then 3 days will be the highest option displayed in the Timeline list - i.e., 3 days will be the last option in the fixed Timeline list. Similarly, if the user chooses the Any option from the Timeline list and proceeds to provide a start date and end date for report generation using the From and To specifications, eG Enterprise will first check if the user's Timeline specification conforms to his/her maximum timeline setting. If not, report generation will fail. For instance, for a user who is allowed to generate reports spanning over a maximum period of 3 days only, the difference between the From and To dates should never be over 3 days. If it is, then, upon clicking the Run Report button a message box will appear, prompting the user to change the From and To specification.

  7. In addition to the settings discussed above, this report comes with a set of default specifications. These settings are hidden by default. If you do not want to disturb these default settings, then you can proceed to generate the report by clicking the Run Report button soon after you pick one/more components from the Components list. However, if you want to view and then alter these settings (if required), click on the More Options button. The default settings will then appear in the MORE OPTIONS drop down window (see Figure 2). The steps below discuss each of these settings and how they can be customized.

    Default Settings for Generating History of Alarms Report

    Figure 2 : The default settings for generating the Alerts Resolution report

  8. By default, the Chosen Period option is chosen from the Filter By Start Time list indicating that the report generated will list only those alerts that were raised during the time period chosen from the Timeline list. However, if you wish to view the alerts that were already open in the chosen Timeline, then, pick the Any Period option from this list.

  9. Next, indicate the report Time period.

    Note:

    By default, the Time period is set to 24 hours. Accordingly, the From and To parameters in the [timeframe] section of the eg_report.ini file (in the <eg_install_dir>\manager\config directory) are set to 00:00 and 24:00 respectively. If need be, you can override this default setting by configuring a different timeframe against the From and/or To parameters. 

  10. In large environments, reports generated using months of data can take a long time to complete. Administrators now have the option of generating reports on-line or in the background. When a report is scheduled for background generation, administrators can proceed with their other monitoring, diagnosis, and reporting tasks, while the eG manager is processing the report. This saves the administrator valuable time. To schedule background processing of a report, you can either select the Background Save - PDF option or the Background Save - CSV option from the Report Generation list. In this case, a Report Name text box will appear, where you would have to provide the name with which the report is to be saved in the background. To process reports in the foreground, select the Foreground Generation - HTML option from this list.

    Note:

    • The Report Generation list will appear only if the EnableBackgroundReport flag in the [BACKGROUND_PROCESS] section of the eg_report.ini file (in the [EG_INSTALL_DIR]\manager\config directory) is set to Yes.
    • The default selection in the Report Generation list will change according to the Timeline specified for the report. If the Timeline set is greater than or equal to the number of days specified against the MinDurationForReport parameter in the [BACKGROUND_PROCESS] section of the eg_report.ini file, then the default selection in the Report Generation list will be Background Save - PDF. On the other hand, if the Timeline set for the report is lesser than the value of the MinDurationForReport parameter, then the default selection in the Report Generation list will be Foreground. This is because, the MinDurationForReport setting governs when reports are to be processed in the background. By default, this parameter is set to 2 weeks - this indicates that by default, reports with a timeline of 2 weeks and above will be processed in the background.
  11. Click the Done button once you have made the necessary changes in Figure 2.

  12. Finally, click the Run Report button to generate the report. Figure 3 then appears.

    History of Acknowledgments Report

    Figure 3 : The Alerts Resolution report

  13. The generated report consists of the following sections:

    • An Overview section(see ) that lists the total count of alerts that were raised during the chosen time period in the target environment, the total number of alerts that were open, the total number of alerts that were closed during the chosen time period, the average time duration of the alerts and the maximum duration of the alerts for the chosen time period.

    • The Not Acknowledged section (see ) lists the total number of alerts that were not acknowledged in the chosen period of time, the average duration of the alerts that are not acknowledged and the maximum duration of the alerts that were not acknowledged over the chosen period of time.

    • The Acknowledged section(see ) lists the total number of alerts that were acknowledged in the chosen period of time, the average duration of the alerts that are acknowledged and the maximum duration of the alerts that were acknowledged over the chosen period of time.

    • The Alerts by Priority section(see ) reveals a doughnut chart that displays the percentage of alerts based on their priorities during the chosen time period. For each priority of alert (Critical/Major/Minor), a table adjacent to the doughnut chart displays the count and percentage of alerts raised during the chosen time line in comparison with the previous time period i.e., if your chosen Timeline (see Figure 1) is 1 day, then the percentage of alerts will be displayed for the chosen 1 day (0 to 24 hours) in comparison with the previous 1 day (48 to 24 hours).

    • The Alerts by Duration section(see ) reveals a doughnut chart that displays the alerts based on the duration during the chosen time period. For each duration range, a table adjacent to the doughnut chart displays the count and percentage of alerts raised during the chosen time line in comparison with the previous time period i.e., if your chosen Timeline (see Figure 1) is 1 day, then the percentage of alerts will be displayed for the chosen 1 day (0 to 24 hours) in comparison with the previous 1 day (48 to 24 hours).

    • Using the Alerts Trend bar graph (see ) you can easily view a break up of the count of alerts (based on priority) that were raised in the chosen time period. This will help in identifying the hour/day during which maximum alerts were generated.

    • The Top 10 Component Types by Alerts section (see Figure 4) gives a graphical comparison of the count of alerts raised for the top 10 component types during the chosen time period and the previous time period. This graph helps administrators identify the component type that is problematic and gives administrators a heads up to look into the servers at the earliest.

      History of Acknowledgments Report

      Figure 4 : A series of bar graphs in the generated report

    • The next is a series of bar graphs(see Figure 4) that display the top 10 component types based on alert duration, the top 10 components based on total alerts, critical alerts, major alerts and minor alerts. Using these graphs, administrators can figure out the component type for which maximum alerts were generated, the component for which maximum alerts were generated, the component for which maximum number of critical, major and minor alerts were generated over a chosen period of time.