This topic takes you through the minimum required steps for troubleshooting and resolving an alert. These steps include:
Faults in the SilverBack Managed Services Platform refer to the matching of a set of conditions (an Event Monitor filter, threshold, trap or Collection Fault Monitor) indicating a problem. You use the Current Faults report to see faults active in the system.
From the Alerts category page click on the Current Faults link to display the Current Faults report.
From the Current Faults report, click on a fault and then select the More > Acknowledge action.
To select multiple faults, Ctrl-click on the faults you want to acknowledge, then select the More > Acknowledge option.
Optionally, enter a comment into the Comment field, then click on the OK button.
The display refreshes to the Current Faults report, and shows the acknowledged time and current fault owner.
From the Current Faults report, click on a fault and then select the More > Unacknowledged option.
To select multiple faults, Ctrl-click on the faults you want to unacknowledge, then select the More > Unacknowledged option.
The display refreshes to the Current Faults report, and shows no acknowledged time.
From the Current Faults report, click on a fault, then select the More > Assign option.
To select multiple faults, Ctrl-click on the faults you want to assign, then select the More > Assign option.
From the User drop-down, select a user to assign to the fault, then click on the OK button.
The display refreshes to the Current Faults report, and shows the current fault owner.
SilverBack provides you with several powerful tools to assist you as you work through issues. This section takes you through some of the more common tools you will use in your day-to-day alert troubleshooting activities.
SilverBack's vast Windows and Syslog events online knowledge base enables you to quickly and easily find troubleshooting information that directly relates to the issues at hand.
From the Current Faults report, click on a fault generated by an Event Monitor, and then select the More > Show > Event Monitor option.
The display refreshes to the Event Monitors report, and shows the Event Monitor that generated the fault.
Scroll to the right, and hover the mouse over the Event Monitor's Description field to display the description in a yellow popup window.
Click on the blue hypertext link in the yellow popup window.
A PDF document displays, showing relevant troubleshooting information for the fault.
Go back to the Event Monitor report.
From the Event Monitor report, click on the Event Monitor again and select the More > Contained Filters > Windows Filters (or Syslog Filters) option.
The display refreshes to the Event Monitor Filters report, and shows the selected Event Monitor's filters.
Match the Event IDs from the Description column to those in the knowledge base PDF document.
Perform the remediation steps suggested in the matching knowledge base PDF document to resolve the issue.
One way to aid in tracking the faults troubleshooting process is by using comments. Adding comments at each troubleshooting stage can show you who did what, when they did it, and how faults were eventually resolved.
From the Current Faults report, click on a fault and select the More > Add Comment option.
To select multiple faults, Ctrl-click on the faults you want to resolve, then select the More > Add Comment option
Enter a comment into the Comment field, then click on the OK button.
There may upon occasion be times when the system generates a fault at a severity level that you may not want or need. For example, a fault that the systems thinks is Critical may really be Minor in your infrastructure; or the opposite may be true. In either case you can easily change the fault severity to match your requirements.
From the Current Faults report, click on a fault and select the More > Change Severity option.
To select multiple faults, Ctrl-click on the faults you want to resolve, then select the More > Change Severity option
Select the new severity from the Severity drop-down, then click on the OK button.
The Current Faults report refreshes to display the changed fault severity.
Faults are resolved in one of two ways in the SilverBack managed services platform:
Automatically - No user intervention required. Examples include threshold value violations over specified time periods, which will automatically resolve once the values return to acceptable levels for the required time periods.
Manually - Must be resolved by a user. - Examples include Syslog buffer overflow Collection Failures, which will not automatically resolve once the overflow condition no longer exists.
From the Current Faults Report, click on a fault and select the More > Resolve option.
To select multiple faults, Ctrl-click on the faults you want to resolve, then select the More > Resolve option
Enter a resolution comment into the Comment field, then click on the OK button.
The Current Faults report refreshes, and no longer displays the resolved fault.
To view the resolved fault, click on the Report Type filter and select the Resolved option.
Click on the Refresh button.
The display refreshes to the Resolved Faults report, and displays the fault resolved above.
You can also view the fault resolution history for a complete picture of the resolution process.
From the Resolved Faults report, click on the fault, then select the More > Show > History option.
The Fault History report displays the entire resolution history of the selected fault.
