Service alarms

A service alarm is a group of alarms that affect one or more business services and are related to an incident, which is identified by the time it occurred and its root cause. The root cause is the alarm on the topologically deepest device in the affected business service. All the situations that are reported by alarms in the group are due to the identified root cause. Service alarms are bases on the entity of the alarm compared to the inventory of the services defined in DX Operational Intelligence.
View Service Alarms
To view Service Alarms, click the
Alarms View filter
Alarm view filter.PNG , click
Service Alarms
to view the service alarms that are created in the selected period. service alarm Window.png  
Filters
You can filter alarms by using the various options available in the Overview of the Alarms Page:
  • Global Search Filter
  • Time Filter
  • Alarm View Filter
  • Filter by Alarm Attribute
Global Search Filter
The
Global Search Filter
Search Filter.PNG  lets you search for alarms in the alarms table. Enter your search text to view alarms that match your search text.
The search is case-sensitive for a few columns.
For Service alarms, the search takes effect in these columns:
  • Alarm Type
  • Alarm Message
  • Service
Time Filter
The
Calendar
icon  Time Filter.PNG enables you to select the duration for which you want to view the alarms that have been triggered. By default, service alarms that have been generated in the last one week are displayed.
Alarm Analytics also provides you with a
Custom
option, which enables you to pick a particular start date/time and a particular end date/time to help you narrow down the alarms that you are looking for.
Alarm View Filter
Use the
Alarms View Filter
Alarm view filter.PNG to filter alarms based on the following category that is generated in the selected period:
  • Situations
    This option displays all situation alarms.
  • Service Alarms
    This option displays all service alarms.
  • All Alarms
    This option displays all alarms.
  • Auto Update View
    If you want to auto-update, enable
    Auto-update view
    switch.
  • Show Closed Alarm
    If you want to view closed alarms, enable
    Show closed alarms
    switch.  The closed alarms appear disabled with a grey text. You cannot perform any action on these closed alarms. You can also view closed alarm in the
    Timeline
    Tab. There is also a column which displays the
    Close time
    . show closed alarm.png
  • Export to Excel
    This option enables you to export the alarm details to an excel. The excel contains data that is displayed in the Alarm Table. You can export the following ways:
    • All Alarms
      Enable you to export all alarms that are listed in the Alarm Table.
    • All Alarms with details
      Enable you to export alarm details of all the alarms that are listed in the Alarm Table based on the current context or view.
    • Selected alarms
      Enables you to export selected alarm from Alarm Table.
    • Selected Alarms with details
      Enable you to export alarm details of the selected alarms that are listed in the Alarm Table based on the current context or view.
Refresh Alarm Interval
  • To refresh the Alarms table automatically, enable the
    Auto-update view
    switch. Use this switch to shift the view from auto-update to manual update.
  • To refresh the alarm table manually:
    1. Disable
      Auto-update view
        switch.
    2. A pop-up (
      Alarm view is out-of-date
      ) appears indicating the following message "
      Updates are pending for the current alarm view. Refreshing will update the view, but the focus may be lost. Applied filters and sorting will remain in effect after refresh
      ." 
    3. Click
      Refresh View
      button to refresh the alarm table and the alarm table refreshes the data between the time interval that is set in the ALARM_REFRESH_INTERVAL environment variable and displays the last 7 days data or Select close (X), to leave the view as it is.
Filter by Alarm Attributes
You can also filter alarms by attributes using the
Alarm Attributes Filter
Alarm Attribute filter.PNG . This filter allows you to view only those alarms with attributes matching your search criteria.
Create Alert Filters
Creating alert filters enables you to filter alarms based on your requirements.
Follow these steps:
  1. Click the plus icon Plus.PNG in the
    Alarm Attributes Filter
    .
  2. Select a filter attribute with any one or more operators.
  3. Click
    Add
    to add attributes to the alarm filter. For example, if you want to see all critical alarms, select the attribute as
    Severity
    and select its value as
    Critical
    . The Alarms table and Insights show only the alarms that match your search criteria for the selected attributes.
Search for Elements
You can search for elements in the Service Alarms page using
Alarm Attributes Filter
Alarm Attribute filter.PNG .
Save Alert Filters
You can filter alerts from the list of filters saved.
Follow these steps:
  1. To save the current alarm filter, click the
    Save current filter
    button Plus.PNG . The Save Filter window appears.
  2. Enter the name for the alarm filter in 
    Alarm filter name
  3. If you want to  set the alarm filter as default, select the
    Set as default
    option. When you access the page next time, the
    Set as default
    option is enabled and the default alarm filter is applied, and the Alarms table and Insights show only alarms with the saved attributes. By default, the
    Set as default
    option is disabled.
    The default alarm filters that are created in the context of service takes precedence over the default alarm filters in the Alarm Analytics page. The filters that you save in the Service alarms page are specific only to the Service alarms page, and these saved filters would not be available in the other alarm pages.
Edit Alert Filters
  • Add extra attributes to an existing alarm filter and click the
    Update
    button to update the existing alarm filter.
  • To save the alarm filter with a different name, specify a different name and click
    Save as
    .
View Alert Filters
To view all saved alarm filters, click the
Saved filters
button .
The filters that you save in the Service alarms page are specific only to the Service alarms page, and these saved filters would not be available in the other alarm pages.
Delete Alarms
To delete any alarm, select the alarm  and click . A confirmation window appears, click
Delete
button. You can perform bulk delete operation by selecting multiple alarms and by clicking the Delete icon.
Alarm Table
For more information on various columns available for in Alarm table, see Alarm Table
Service Alarm Details
Click any service alarm in the Alarm table, the row expands to display the
Overview
tab.
Overview
  • This Overview tab provides additional information about the selected alarm. Properties are specific to the product or source from where the alarm originates.
    • The
      Alarm Details
      lists the details of the Alarms such as Alarm ID, Alarm Type, Description of the Alarm, Suppression key, time of creation, last updated and how long since last update.
    • The
      Monitoring
      Details
      lists the details such as Group name, Probe information, Monitoring host, source, Hub, Configuration item, Metric information, and the type details.
    • The
      Owner details
      provide details of the ticket (status, assigned to, and acknowledged).
    • The Recommended automation actions (Confidence)
      : The Automic integration is not configured or enable. In order to configure or enable, click on
      Configure/Enable
      . For more information, see Configure Automic Automation.
  • The alarm on the deepest configuration Item or device (as determined by Service Analytics) is the root cause alarm and is indicated by the icon.
View related alarms:
To view related alarms, click the
View related alarms
button. A new window opens with an option to view the alarm details in the following tabs:
  • Alarms
  • Timeline
By default, the related alarms open in
Alarms
Tab.
Alarms
The alarms tab displays the list of causing raw alarms.
  • The causing alarms display the following details:
    • Column / Row-level Alarm Action
      Select a row to perform individual actions on individual alerts or the entire column to perform bulk action.
    • Severity
      Indicates the severity of each alarm.
    • Message
      Displays the alert message.
    • Entity
      Displays application or device name.
    • Service(s)
      Displays the Service alarm name.
    • Source
      Indicates the source name of the alert.
    • Ticket
      Displays Ticket Id
    • Owner
      Displays the owner's name.
    • Last Updated
      Indicates the date and time when the alert was last updated.
  • Click a causing alarm and the row expands to display the following tabs:
    • Overview:
      This Overview tab provides additional information about the selected alarm. Properties are specific to the product or source from where the alarm originates. This tab also lets you view the Log Analytics dashboard of the logs that are associated with the alarm.
    • Affected Metric:
      The Affected Metrics tab shows the metric chart of the underlying metric. If the required fields are not available in the alarm, this tab is not shown. Probability bands are shown if the metric is configured with the proprietary Data Science Engine from CA. If the metric is not configured with the Data Science Engine, the actual metric chart with original metric values appears. If the metric chart is not available, you must verify if the particular metric is ingested. The metric chart displays anomaly alarms when a threshold is crossed. The threshold is determined based on historical trends. The alarm severity is indicated as minor, major, or severe. The Affected Metric tab has a Compare Metrics link that launches Performance Analytics from the context of an alarm and allows you to compare a single metric from different devices or multiple metrics from single or multiple devices. For more information about the metric charts, see Performance Analytics.
      By default, the chart time range is 8 hours before the last alarm update to one hour after the last alarm update.
    • Annotation
      This tab enables you to add any additional information or details that you want to add to the selected alarm. You can add the required information in the
      Annotation
      tab of the alarm and click
      Save
      to view the annotation as a part of the alarm details. The annotation includes the information you added, the details of the person who added this annotation, the date and time details.
      All alarm Impacted Service tab.png
    • Impacted Services
      This tab provides details of the services that are impacted due to the selected alarm. Clicking on a service redirects to Service analytics details page of that particular service.The table displays the impacted service metrics (such as users that are availing the service, actual service availability, and risk).
      All alarm Impacted Service tab.png
    • Topology
      This tab provides topology details of the selected service or sub-service. You can view the topology details by clicking the topology icon Alarm List.PNG of the service. If you select a parent service and click the topology icon, the CI of its children appears along with the topology of the CIs of sub-services in different tabs.
      Topology.PNG You can click on a service to view the topologies associated with that service. You can also view the summary of the service by clicking on the service from topology view.
Timeline Tab
The
Timeline
tab indicates the timeline of the service alarm as well as the underlying raw alarms, for a service alarm. 
The
Timeline
tab displays the following information:
  • Causing Alarm details
    The Alarm cluster displays the following detail
    • Column / Row-level Alarm Action
      Select a row to perform individual actions on individual alerts or the entire column to perform bulk action.
    • Severity
      Indicates the severity of each alarm.
    • Alarm type
      Indicates the alarm type.
    • Message
      Displays the alert message.
    • Entity
      Displays application or device name.
    • <Date and Time Interval>
      • This time interval shows the journey of an alarm. You can adjust the date and time interval, by dragging the horizontal scroll. You can drag and adjust the scroll on both ends of the timeline. The alarm timeline displays the alerts accordingly.
      • Click the diamond or small triangle to see the following information regarding an alert:
        • Created
          Displays the date and time at which the alert got created.
        • Alarm ID
          Displays a unique alarm ID
        • Metric
          Displays the metric details
      • Click the
        Change event
        icon to see any changes for the event at a given time.
        The change event icon appears for an alarm when the event attribute like hostname, IP, ci_unique_id matches the alarm attribute. It displays the event only once for the first alarm in the cluster, for a device.
        Change event icon displays the following details:
        • Change event message
          : This message displays the change event information on what has changed during the given time.
        • Previous value:
          Indicates the previous value of an event
        • Current value:
          Indicates the current value of an event
        For example, in the following image, on clicking the
        Change event
        icon, it displays information about change in build number from 2.1.6 to 2.1.9. 
  • Metric palette switch
    To view the details and metrics of the alarm, select an alert and Click .
    This switch provides the following details:
    • Details
      This section provides the following details of the alert:
      • Alarm ID
        Displays a unique id
      • Alarm Message
        Displays the alarm message
      • Service impact
        Displays the list of impacted services.
      • Entity
        Displays the application or device name.
      • Configuration Item
        Displays the name of the Configuration Item.
      • Last Updated
        Displays the date and time when the alert was last updated.
      • Duration
        Indicates the duration of the alert.
      • Annotation
        Enter an annotation and click
        Save
        . You can use Annotation to provide a description for a service alarm, which gets reflected in the ServiceNow ticket.
    • Metrics
      Displays the metric linear chart. The
      Compare metrics
      link launches Performance Analytics from the context of an alarm and allows you to compare a single metric from different devices or multiple metrics from single or multiple devices. For more information about the metric charts, see Performance Analytics.