- Print
- DarkLight
- PDF
Incidents Pane
- Print
- DarkLight
- PDF
The ControlUp Incidents Pane is a viewer for incidents that were recorded in your organization based on incident triggers. In this pane, you can investigate incidents retrospectively, such as changes in Stress Levels, user activity, Windows Events, and more. Every incident is recorded based on a trigger configured in ControlUp, either manually or with the help of ControlUp Hybrid Cloud Analytics, generates an incident whenever its conditions are met.
You can configure follow-up actions (e.g. send an email alert) but ControlUp will always store the incident in a database to be accessed later. For trending analysis and troubleshooting purposes, the Incidents Pane is where you can search, sort, and group all incidents.
A few important clarifications for an easy start with the Incidents Pane:
- The Incidents Pane is not available offline. Offline users of ControlUp will see the Incidents Pane button as greyed out (this will also happen briefly following Fast Login).
- Triggers are configured using the Triggers Settings window. That’s the place where you can control which incidents will be recorded by ControlUp.
- The Incidents Pane is read-only and intended for viewing the incidents and performing data analysis by filtering, sorting and grouping data.
- The default retention period for incidents is 14 days and every organization is limited to 1000 incidents per day by default. Contact our support team at support@controlup.com if these are not enough for your organization.
- Incidents are stored securely using ControlUp Hybrid Cloud Services, subject to ControlUp privacy policy.
Searching and Filtering the Incidents Grid
Here are some ways in which you can use the incidents grid in order to locate interesting data:
- The Filter / Search box locates incident records by searching all data fields (try computer names, user names or any other strings that might appear in the incidents, like parts of a Windows Event text).
- Each row in this grid can be double-clicked to focus on a specific incident type. You can always come back to the home page by clicking on the Home button or by clicking on Back (<) on the navigation bar.
- The time range slider can be adjusted to display events that happened during a specified time range.
- Click a folder or a computer in the organization tree to show incidents for that folder or computer.
All of the filtering options above instantly affect the information grid, causing it to recalculate the distributions. If the grid is filtered by any of those methods, the navigation bar will be highlighted in orange until all filters are cleared.
The Incidents Home Page
The Incidents home page is an information grid showing all available incident categories, along with their distribution over time. Its purpose is to provide a summary of incident history in your ControlUp organization. Every row in this grid represents a distinct incident category, like Computer Stress or Windows Event. Events are separated into these categories because every category has a distinct set of data fields. For example, a Computer Stress incident cannot be displayed in the same table as a Session State Changed incident since they do not have the same properties.
The Incidents home page includes the following columns:
- Graph column – shows the relative distribution of every event type over time, during the retention period (14 days by default). The leftmost bar in each graph represents the number of incidents logged on the first day of this period, and the rightmost bar represents the number of events logged today. By default, the graph is sorted by this column, which makes the most populated incident categories to appear on top.
- Incident type – the incident category name.
- Last incident on – the time of the last incident recorded in this category
- Last hour, Last day, Last X days (14 by default) – a count of incidents within the category for the respective time frame.
In order to research incidents in a particular category, double click that category’s row.
Incidents Category View
After double-clicking any row in the Incidents home page, you arrive at this view, which shows all incidents of the selected type (for example, Computer Stress). Nnote that any filters previously applied on the Incidents home page will remain active, as indicated by the orange highlight of the navigation bar.
This view includes the same columns as the Incidents home page. In addition, all data fields of the selected incident type are available for display. To add a column, click on its name in the side bar on the right.
For example, here we’ve added the Counter column to the Computer Stress incidents view. Once added, this column is added to the grouping logic of the incidents grid, dividing it into all unique combinations of the selected field values. If you originally had 10 computers in the Computer Stress view, adding the Stress Level column will divide every computer row into all existing values of Stress Level column on that computer (to a maximum of 10*4=40 rows, if every computer has triggered all possible stress levels).
Multiple columns can be added using the same method. This is a powerful data mining feature, which enables you to identify the most common factors contributing to incidents in your organization. For instance, in Computer Stress Level events the Counter column shows the specific counters responsible for each Stress Level incident. When added to this view together with the Computer Name column, the default sorting should highlight the specific resource that causes the most Stress Level events (e.g. Memory Utilization on Server1).
Double-clicking on a row in this table will switch the grid to the Individual Incidents view.
Individual Incidents View
This view’s purpose is to display the separate occurrences of any incident recorded by ControlUp. Unlike the other views in the Incidents Pane, every row in this view is not a summary, but an individual incident.
For every incident, all recorded details are displayed (see column reference below). In addition, this view includes the Trigger column which links to the trigger that caused every incident to be recorded, so that you can easily tune the relevant triggers. Note that the trigger causing a particular event may have been deleted since the incident had been recorded. In this case the Trigger column will show <trigger deleted>.
Incidents Pane Column Reference
Home Page Columns
Column name | Description |
Incident type | The incident category, as configured when creating the trigger. |
Last incident on | The time of the last incident recorded in this category. |
Last hour, Last day, Last X days (14 by default) | A count of incidents within the category for the respective time frame. |
Incidents Category View Columns
Column name | Description |
Incident type | The incident category, as configured when creating the trigger. Events are separated into these categories because every category has a distinct set of data fields. For example, a "Computer Stress" incident cannot be displayed in the same table as a "Session State Changed" incident since they do not have the same schema. |
Last incident on | The time of the last incident recorded in this category. |
Last hour, Last day, Last X days (14 by default) | A count of incidents within the category for the respective time frame. |
Columns available in the “Folder Stress” category | |
Stress Level | The Stress Level severity recorded during the incident |
Folder | The name of the folder in your ControlUp organization |
Trigger | The name of the trigger that caused the incident to be recorded (links to the trigger’s settings). Could be empty if the trigger has been deleted. |
Counter Name | The ControlUp column responsible for the increase in the computer’s Stress Level |
Columns available in the “Hosts Stress” category | |
Stress Level | The Stress Level severity recorded during the incident |
Folder | The name of the folder in your ControlUp organization |
Trigger | The name of the trigger that caused the incident to be recorded (links to the trigger’s settings). Could be empty if the trigger has been deleted. |
Counter Name | The ControlUp column responsible for the increase in the computer’s Stress Level |
Host Name | The name of the affected virtualization host |
Hypervisor Type | The hypervisor platform vendor |
Version | The version number of the hypervisor platform |
Installed Memory | The amount of physical RAM installed on the host |
Columns available in the “Computer Stress” category | |
Computer | The name of the computer on which the incident has occurred |
Folder | The name of the ControlUp organization tree folder in which the computer resides |
Trigger name | The name of the trigger that caused the incident to be recorded (links to the trigger’s settings). Could be empty if the trigger has been deleted. |
Manufacturer | The hardware manufacturer of the stressed computer |
Model | The hardware model of the stressed computer |
OS | The operating system of the stressed computer |
Service Pack | The OS service pack installed on the stressed computer |
Counter | The ControlUp column responsible for the increase in the computer’s Stress Level |
System Type | The system bitness (x86/x64) of the stressed computer |
CPU Count | The number of CPUs installed on the stressed computer |
Total Memory Installed | The amount of physical memory on the stressed computer |
Uptime Group | The uptime of the stressed computer, categorized (1 hour – 1 day, 1 day – 1 week, 1 week – 1 month) |
Stress Level | The Stress Level severity recorded during the incident |
Session Count | The number of user sessions established on the stressed computer, categorized (0-2,3-5,6-10, etc.) |
Domain Role | The domain role of the stressed computer |
Host Name | For a virtual machine, the name of the hypervisor host on which the machine was running at the time of the incident |
Hypervisor Type | For a virtual machine, the vendor of the hypervisor host |
Columns available in the “Session Stress” category | |
Account Name | The user account name of the stressed session |
Account Domain | The user account domain of the stressed session |
Computer | The computer on which the stressed session was hosted |
Folder | The ControlUp organization folder in which the computer hosting the session resides |
Counter | The ControlUp column responsible for the increase in the session’s Stress Level |
Trigger name | The name of the trigger that caused the incident to be recorded (links to the trigger’s settings) |
Client name | The name of the client computer from which the stressed session has been established |
Session state | The state of the user session at the time of the incident |
Initial program | The program configured to start when the session is initialized (or published application) |
Columns available in the “Process Stress” category | |
Image name | The name of the stressed process |
EXE version | The version number of the stressed process |
Product name | The product name of the stressed process |
Product version | The product version number of the stressed process |
Manufacturer | The manufacturer of the stressed process |
User name | The name of the user who launched the process |
Description | The description of the stressed process |
Computer | The computer on which the stressed process was executed |
Folder | The ControlUp organization folder in which the computer hosting the stressed process resides |
Command line | The command used to launch the process, including the full path and command-line arguments |
Priority | The base CPU priority of the stressed process |
Created time | The creation timestamp of the stressed process’s executable file |
Modified time | The last modification timestamp of the stressed process’s executable file |
Columns available in the “Account Stress” category | |
Account name | The name of the user account |
Account domain | The AD domain name of the user account |
Total sessions | The total number of sessions established using the user account |
Total processes | The total number of processes executed using the user account |
Stress Level | The Stress Level severity recorded during the incident |
Columns available in the “Application Stress” category | |
Image name | The name of the process executable |
Total processes | The number of process instances for the executable |
EXE version | The EXE version of the executable file |
Stress Level | The Stress Level severity recorded during the incident |
Columns available in the “Windows Event” category | |
Event log | The name of the Windows Event Log in which the event was logged |
Event type | The type of the event – Error, Warning, Information, Audit Success / Failure |
Event ID | The event ID number |
User | The User field as logged in the event |
Computer | The Computer on which the event was logged |
Full message | The full text of the event |
Event source | The source of the event |
Raw message | The raw message text of the event (without substituted parameters) |
Folder | The ControlUp organization folder in which the computer that logged the event resides |
Columns available in the “Process Started” category | |
Image name | The name of the started process |
Image version | The executable version of the started process |
Command line | The command used to launch the process, including the full path and command-line arguments |
User | The user who launched the process |
Computer | The computer on which the process was launched |
Folder | The ControlUp organization folder containing the computer on which the process was started |
Columns available in the “Process Ended” category | |
Image name | The name of the ended process |
Image version | The executable version of the ended process |
Command line | The command used to launch the process, including the full path and command-line arguments |
User | The user who launched the process |
Computer | The computer on which the process ended |
Folder | The ControlUp organization folder containing the computer on which the process ended |
Exit code | The exit code recorded when the process ended |
Columns available in the “User Logged On”, “User Logged Off” and “Session State Changed” categories | |
User name | The user name of the established session |
Machine name | The computer hosting the session |
Initial program | The program configured to start when the session is initialized (or published application) |
Session ID | The session ID number |
Columns available in the “Session State Changed” category (in addition to the above) | |
From state | The session state before the change |
To state | The session state after the change |
Columns available in the “Computer Down” category | |
Computer | The name of the computer disconnected from monitoring |
Action | The reason for disconnection |
Error description | The description of the error that led to disconnection |
Folder | The ControlUp organization folder containing the computer |
Columns available in the “NetScaler Stress” category | |
NetScaler Name | The name of the NetScaler on which the incident has occurred |
Version | The NetScaler version |
Load Balancer Name | The name of the Load Balancer on which the incident has occurred |
LB Service Group Name | The name of the Service Group on which the incident has occurred |
LB Service Name | The name of the Service on which the incident has occurred |
Gateway Name | The name of the Gateway on which the incident has occurred |
NIC ID | The ID of the NIC on which the incident has occurred |
Columns available in the “Load Balancers Stress” category | |
NetScaler Name | The name of the NetScaler on which the incident has occurred |
Version | The NetScaler version |
Load Balancer Name | The name of the Load Balancer on which the incident has occurred |
LB Service Group Name | The name of the Service Group on which the incident has occurred |
LB Service Name | The name of the Service on which the incident has occurred |
Gateway Name | The name of the Gateway on which the incident has occurred |
NIC ID | The ID of the NIC on which the incident has occurred |
Columns available in the “LB Services Stress” category | |
NetScaler Name | The name of the NetScaler on which the incident has occurred |
Version | The NetScaler version |
Load Balancer Name | The name of the Load Balancer on which the incident has occurred |
LB Service Group Name | The name of the Service Group on which the incident has occurred |
LB Service Name | The name of the Service on which the incident has occurred |
Gateway Name | The name of the Gateway on which the incident has occurred |
NIC ID | The ID of the NIC on which the incident has occurred |
Columns available in the “LB Services Groups Stress” category | |
NetScaler Name | The name of the NetScaler on which the incident has occurred |
Version | The NetScaler version |
Load Balancer Name | The name of the Load Balancer on which the incident has occurred |
LB Service Group Name | The name of the Service Group on which the incident has occurred |
LB Service Name | The name of the Service on which the incident has occurred |
Gateway Name | The name of the Gateway on which the incident has occurred |
NIC ID | The ID of the NIC on which the incident has occurred |
Columns available in the “Gateways Stress” category | |
NetScaler Name | The name of the NetScaler on which the incident has occurred |
Version | The NetScaler version |
Load Balancer Name | The name of the Load Balancer on which the incident has occurred |
LB Service Group Name | The name of the Service Group on which the incident has occurred |
LB Service Name | The name of the Service on which the incident has occurred |
Gateway Name | The name of the Gateway on which the incident has occurred |
NIC ID | The ID of the NIC on which the incident has occurred |
Columns available in the “NICs Stress” category | |
NetScaler Name | The name of the NetScaler on which the incident has occurred |
Version | The NetScaler version |
Load Balancer Name | The name of the Load Balancer on which the incident has occurred |
LB Service Group Name | The name of the Service Group on which the incident has occurred |
LB Service Name | The name of the Service on which the incident has occurred |
Gateway Name | The name of the Gateway on which the incident has occurred |
NIC ID | The ID of the NIC on which the incident has occurred |