Incidents Pane
  • Dark
    Light
  • PDF

Incidents Pane

  • Dark
    Light
  • PDF

ControlUp’s Incidents Pane is a viewer for incidents that were recorded in your organization based on incident triggers. In this pane, you can investigate incidents retrospectively, such as changes in Stress Levels, user activity, Windows Events, and more. Every incident is recorded based on a trigger configured in ControlUp, either manually or with the help of ControlUp Hybrid Cloud Analytics, generates an incident whenever its conditions are met. You can configure follow-up actions (e.g. send an email alert) but ControlUp will always store the incident in a database to be accessed later. For trending analysis and troubleshooting purposes, the Incidents Pane is where you can search, sort, and group all incidents.

A few important clarifications for an easy start with the Incidents Pane:

  • The Incidents Pane is not available in Offline Mode. Offline users of ControlUp will see the Incidents Pane button as greyed out (this will also happen briefly following Fast Login).
  • Incident triggers are configured using the Triggers Settings window. That’s the place where you can control which incidents will be recorded by ControlUp.
  • The Incidents Pane is read-only and intended for viewing the incidents and performing data analysis by filtering, sorting and grouping data.
  • The default retention period for incidents is 14 days and every organization is limited to 1000 incidents per day by default. Contact us if you feel like these are not enough for your organization.
  • Incidents are stored securely using ControlUp Hybrid Cloud Services, subject to ControlUp privacy policy.

Searching and Filtering the Incidents Grid

Here are some ways in which you can use the incidents grid in order to locate interesting data:

  • The Filter / Search box locates incident records by searching all data fields (try computer names, user names or any other strings that might appear in the incidents, like parts of a Windows Event text).
  • Each row in this grid can be double-clicked to focus on a specific incident type. You can always come back to the home page by clicking on the Home button or by clicking on Back (<) on the navigation bar.
  • The time range slider can be adjusted to display events that happened during a specified time range.
  • Click a folder or a computer in the organization tree to show incidents for that folder or computer.

All of the filtering options above instantly affect the information grid, causing it to recalculate the distributions. If the grid is filtered by any of those methods, the navigation bar will be highlighted in orange until all filters are cleared.

The Incidents Home Page

The Incidents home page is an information grid showing all available incident categories, along with their distribution over time. Its purpose is to provide a summary of incident history in your ControlUp organization. Every row in this grid represents a distinct incident category, like Computer Stress or Windows Event. Events are separated into these categories because every category has a distinct set of data fields. For example, a Computer Stress incident cannot be displayed in the same table as a Session State Changed incident since they do not have the same properties.

The Incidents home page includes the following columns:

  • Graph column – shows the relative distribution of every event type over time, during the retention period (14 days by default). The leftmost bar in each graph represents the number of incidents logged on the first day of this period, and the rightmost bar represents the number of events logged today. By default, the graph is sorted by this column, which makes the most populated incident categories to appear on top.
  • Incident type – the incident category name.
  • Last incident on – the time of the last incident recorded in this category
  • Last hour, Last day, Last X days (14 by default) – a count of incidents within the category for the respective time frame.

In order to research incidents in a particular category, double click that category’s row.

Incidents Category View

After double-clicking any row in the Incidents home page, you arrive at this view, which shows all incidents of the selected type (for example, Computer Stress). Nnote that any filters previously applied on the Incidents home page will remain active, as indicated by the orange highlight of the navigation bar.

This view includes the same columns as the Incidents home page. In addition, all data fields of the selected incident type are available for display. To add a column, click on its name in the side bar on the right.
image.png

For example, here we’ve added the Counter column to the Computer Stress incidents view. Once added, this column is added to the grouping logic of the incidents grid, dividing it into all unique combinations of the selected field values. If you originally had 10 computers in the Computer Stress view, adding the Stress Level column will divide every computer row into all existing values of Stress Level column on that computer (to a maximum of 10*4=40 rows, if every computer has triggered all possible stress levels).

Multiple columns can be added using the same method. This is a powerful data mining feature, which enables you to identify the most common factors contributing to incidents in your organization. For instance, in Computer Stress Level events the Counter column shows the specific counters responsible for each Stress Level incident. When added to this view together with the Computer Name column, the default sorting should highlight the specific resource that causes the most Stress Level events (e.g. Memory Utilization on Server1).

Double-clicking on a row in this table will switch the grid to the Individual Incidents view.

Individual Incidents View

This view’s purpose is to display the separate occurrences of any incident recorded by ControlUp. Unlike the other views in the Incidents Pane, every row in this view is not a summary, but an individual incident.

For every incident, all recorded details are displayed (see column reference below). In addition, this view includes the Trigger column which links to the trigger that caused every incident to be recorded, so that you can easily tune the relevant incident triggers. Note that the trigger causing a particular event may have been deleted since the incident had been recorded. In this case the Trigger column will show <trigger deleted>.

Incidents Pane Column Reference

Home Page Columns

Column name Description
Incident typeThe incident category, as configured when creating the incident trigger.
Last incident onThe time of the last incident recorded in this category.
Last hour, Last day, Last X days (14 by default)A count of incidents within the category for the respective time frame.

Incidents Category View Columns

Column nameDescription
Incident typeThe incident category, as configured when creating the incident trigger. Events are separated into these categories because every category has a distinct set of data fields. For example, a "Computer Stress" incident cannot be displayed in the same table as a "Session State Changed" incident since they do not have the same schema.
Last incident onThe time of the last incident recorded in this category.
Last hour, Last day, Last X days (14 by default)A count of incidents within the category for the respective time frame.
Columns available in the “Folder Stress” category
Stress LevelThe Stress Level severity recorded during the incident
FolderThe name of the folder in your ControlUp organization
TriggerThe name of the trigger that caused the incident to be recorded (links to the trigger’s settings). Could be empty if the trigger has been deleted.
Counter NameThe ControlUp column responsible for the increase in the computer’s Stress Level
Columns available in the “Hosts Stress” category
Stress LevelThe Stress Level severity recorded during the incident
FolderThe name of the folder in your ControlUp organization
TriggerThe name of the trigger that caused the incident to be recorded (links to the trigger’s settings). Could be empty if the trigger has been deleted.
Counter NameThe ControlUp column responsible for the increase in the computer’s Stress Level
Host NameThe name of the affected virtualization host
Hypervisor TypeThe hypervisor platform vendor
VersionThe version number of the hypervisor platform
Installed MemoryThe amount of physical RAM installed on the host
Columns available in the “Computer Stress” category
ComputerThe name of the computer on which the incident has occurred
FolderThe name of the ControlUp organization tree folder in which the computer resides
Trigger nameThe name of the trigger that caused the incident to be recorded (links to the trigger’s settings). Could be empty if the trigger has been deleted.
ManufacturerThe hardware manufacturer of the stressed computer
ModelThe hardware model of the stressed computer
OSThe operating system of the stressed computer
Service PackThe OS service pack installed on the stressed computer
CounterThe ControlUp column responsible for the increase in the computer’s Stress Level
System TypeThe system bitness (x86/x64) of the stressed computer
CPU CountThe number of CPUs installed on the stressed computer
Total Memory InstalledThe amount of physical memory on the stressed computer
Uptime GroupThe uptime of the stressed computer, categorized (1 hour – 1 day, 1 day – 1 week, 1 week – 1 month)
Stress LevelThe Stress Level severity recorded during the incident
Session CountThe number of user sessions established on the stressed computer, categorized (0-2,3-5,6-10, etc.)
Domain RoleThe domain role of the stressed computer
Host NameFor a virtual machine, the name of the hypervisor host on which the machine was running at the time of the incident
Hypervisor TypeFor a virtual machine, the vendor of the hypervisor host
Columns available in the “Session Stress” category
Account NameThe user account name of the stressed session
Account DomainThe user account domain of the stressed session
ComputerThe computer on which the stressed session was hosted
FolderThe ControlUp organization folder in which the computer hosting the session resides
CounterThe ControlUp column responsible for the increase in the session’s Stress Level
Trigger nameThe name of the trigger that caused the incident to be recorded (links to the trigger’s settings)
Client nameThe name of the client computer from which the stressed session has been established
Session stateThe state of the user session at the time of the incident
Initial programThe program configured to start when the session is initialized (or published application)
Columns available in the “Process Stress” category
Image nameThe name of the stressed process
EXE versionThe version number of the stressed process
Product nameThe product name of the stressed process
Product versionThe product version number of the stressed process
ManufacturerThe manufacturer of the stressed process
User nameThe name of the user who launched the process
DescriptionThe description of the stressed process
ComputerThe computer on which the stressed process was executed
FolderThe ControlUp organization folder in which the computer hosting the stressed process resides
Command lineThe command used to launch the process, including the full path and command-line arguments
PriorityThe base CPU priority of the stressed process
Created timeThe creation timestamp of the stressed process’s executable file
Modified timeThe last modification timestamp of the stressed process’s executable file
Columns available in the “Account Stress” category
Account nameThe name of the user account
Account domainThe AD domain name of the user account
Total sessionsThe total number of sessions established using the user account
Total processesThe total number of processes executed using the user account
Stress LevelThe Stress Level severity recorded during the incident
Columns available in the “Application Stress” category
Image nameThe name of the process executable
Total processesThe number of process instances for the executable
EXE versionThe EXE version of the executable file
Stress LevelThe Stress Level severity recorded during the incident
Columns available in the “Windows Event” category
Event logThe name of the Windows Event Log in which the event was logged
Event typeThe type of the event – Error, Warning, Information, Audit Success / Failure
Event IDThe event ID number
UserThe User field as logged in the event
ComputerThe Computer on which the event was logged
Full messageThe full text of the event
Event sourceThe source of the event
Raw messageThe raw message text of the event (without substituted parameters)
FolderThe ControlUp organization folder in which the computer that logged the event resides
Columns available in the “Process Started” category
Image nameThe name of the started process
Image versionThe executable version of the started process
Command lineThe command used to launch the process, including the full path and command-line arguments
UserThe user who launched the process
ComputerThe computer on which the process was launched
FolderThe ControlUp organization folder containing the computer on which the process was started
Columns available in the “Process Ended” category
Image nameThe name of the ended process
Image versionThe executable version of the ended process
Command lineThe command used to launch the process, including the full path and command-line arguments
UserThe user who launched the process
ComputerThe computer on which the process ended
FolderThe ControlUp organization folder containing the computer on which the process ended
Exit codeThe exit code recorded when the process ended
Columns available in the “User Logged On”, “User Logged Off” and “Session State Changed” categories
User nameThe user name of the established session
Machine nameThe computer hosting the session
Initial programThe program configured to start when the session is initialized (or published application)
Session IDThe session ID number
Columns available in the “Session State Changed” category (in addition to the above)
From stateThe session state before the change
To stateThe session state after the change
Columns available in the “Computer Down” category
ComputerThe name of the computer disconnected from monitoring
ActionThe reason for disconnection
Error descriptionThe description of the error that led to disconnection
FolderThe ControlUp organization folder containing the computer
Columns available in the “NetScaler Stress” category
NetScaler NameThe name of the NetScaler on which the incident has occurred
VersionThe NetScaler version
Load Balancer NameThe name of the Load Balancer on which the incident has occurred
LB Service Group NameThe name of the Service Group on which the incident has occurred
LB Service NameThe name of the Service on which the incident has occurred
Gateway Name The name of the Gateway on which the incident has occurred
NIC ID

The ID of the NIC on which the incident has occurred

Columns available in the “Load Balancers Stress” category
NetScaler NameThe name of the NetScaler on which the incident has occurred
VersionThe NetScaler version
Load Balancer NameThe name of the Load Balancer on which the incident has occurred
LB Service Group NameThe name of the Service Group on which the incident has occurred
LB Service NameThe name of the Service on which the incident has occurred
Gateway Name The name of the Gateway on which the incident has occurred
NIC ID

The ID of the NIC on which the incident has occurred

Columns available in the “LB Services Stress” category
NetScaler NameThe name of the NetScaler on which the incident has occurred
VersionThe NetScaler version
Load Balancer NameThe name of the Load Balancer on which the incident has occurred
LB Service Group NameThe name of the Service Group on which the incident has occurred
LB Service NameThe name of the Service on which the incident has occurred
Gateway Name The name of the Gateway on which the incident has occurred
NIC ID

The ID of the NIC on which the incident has occurred

Columns available in the “LB Services Groups Stress” category
NetScaler NameThe name of the NetScaler on which the incident has occurred
VersionThe NetScaler version
Load Balancer NameThe name of the Load Balancer on which the incident has occurred
LB Service Group NameThe name of the Service Group on which the incident has occurred
LB Service NameThe name of the Service on which the incident has occurred
Gateway Name The name of the Gateway on which the incident has occurred
NIC ID

The ID of the NIC on which the incident has occurred

Columns available in the “Gateways Stress” category

NetScaler NameThe name of the NetScaler on which the incident has occurred
VersionThe NetScaler version
Load Balancer NameThe name of the Load Balancer on which the incident has occurred
LB Service Group NameThe name of the Service Group on which the incident has occurred
LB Service NameThe name of the Service on which the incident has occurred
Gateway Name The name of the Gateway on which the incident has occurred
NIC ID

The ID of the NIC on which the incident has occurred

Columns available in the “NICs Stress” category

NetScaler NameThe name of the NetScaler on which the incident has occurred
VersionThe NetScaler version
Load Balancer NameThe name of the Load Balancer on which the incident has occurred
LB Service Group NameThe name of the Service Group on which the incident has occurred
LB Service NameThe name of the Service on which the incident has occurred
Gateway Name The name of the Gateway on which the incident has occurred
NIC ID

The ID of the NIC on which the incident has occurred


Was this article helpful?

What's Next