enVision Reporting BASH: Post Your Entries Here
Report : Correlated Alerts by Viewname
This report would let you select the Viewname at run time to see the alerts created for a specific view.
This report is very useful when you have a View created for monitoring devices not sending logs. This report has captures the destination address , which is the device that did not send the logs. So if you have a view called "Device Health" created for monitoring inactive event sources , you can select this Viewname view and the report will show you mesage like below
|Event Source inactive for the past 4 hours||1||10.31.204.41||10.20.98.242|
where "10.20.98.242" is the inactive event source and "10.31.204.41" is the envision node sending the alert.
Report:Top Sources of Alerts
This report will show you the top sources of alerts , that is the event sources that trigger the most alerts. Analyzing alerts this way makes it easier for investigation. If you see a lot of alerts from a firewall device , you can then track down the location of that firewall and see which BU,location it caters to and see investigate further