Chapter 5. Known slow traffic between two points in a network

Search in book...
Toggle Font Controls
Create new playlist

Name your new playlist

Playlist description (optional)
Sign In

Email address

Password

Forgot Password?

or

Continue with Facebook

Continue with Google
Sign Up

Full Name

Email address

Confirm Email Address

Password

or

Continue with Facebook

Continue with Google

Known slow traffic between two points in a network

The demonstration that is presented in this chapter guides you through the procedures of performing a search, selecting data from your search results, creating a graph that is based on that data, and starting a dashboard. The tasks are based on the sample data.

This scenario describes a user experience that manages problems with slow traffic between two points in a network. It helps to understand how Network Manager Insight Pack can be used effectively to search for OMNIbus events and how wanted information can be displayed in the IBM Operations Analytics - Log Analysis web console.

This chapter includes the following topics:

•5.1, “Scenario description” on page 108

•5.2, “Scenario topology” on page 108

•5.3, “Scenario steps” on page 109

•5.4, “Summary” on page 117

5.1 Scenario description

Company A is a large company with many facilities through out the Europe. Tom is one of operators of the consolidated Operations Center who is responsible for managing, evaluating, and resolving events throughout the enterprise. Tom is tasked with monitoring, resolving, and improving the efficiencies of the Operations Center.

This scenario shows how Tom uses Event Search Analytics for Operational Agility and Efficiency. In his daily work, Tom is informed about critical out-of-memory errors on intermediate devices between the end points. From Network Manager topology view, he selects the two end points and uses the Network Manager Insight Pack to search for OMNIbus events between the two nodes. Critical out-of-memory errors are found on intermediate devices between the end points.

5.1.1 Business value

Machine-driven, analytics-based event grouping assists Tom in several ways.

When you integrate IBM Operations Analytics - Log Analysis with IBM Tivoli Netcool/OMNIbus, you can use the text analytics features to find patterns and trends in event data. With the integration of these two products, you can view and search historical and real-time event data from IBM Tivoli Netcool/OMNIbus in the IBM Operations Analytics - Log Analysis user interface.

IBM Operations Analytics - Log Analysis parses event data into a format that is suitable for searching and indexing. The event data is transferred from IBM Tivoli Netcool/OMNIbus to IBM Operations Analytics - Log Analysis by the IBM Tivoli Netcool/OMNIbus Message Bus Gateway.

When a new event arrives or an event is reinserted in the ObjectServer, event data is sent to the Gateway for Message Bus with an Insert, Delete, Update, or Control (IDUC) signal or an accelerated event notification (AEN) channel. The gateway then sends the event through an HTTP interface to the IBM Operations Analytics - Log Analysis server.

This scenario is most suitable for customers who do not need to maintain their environment or want to start with a fresh approach. This option can also be a good option for a customer who no longer has (or never had) the skills in the Network Manager Insight Pack.

5.2 Scenario topology

For more information about system components and default settings in the test environment, see 1.4, “Our environment for the scenarios” on page 18. The solution that is used in this scenario includes system components that are installed on the following systems:

•itnmrh61.test.ibm.com server contains the following software:

– IBM DB2 v10.5

– Network Manager 4.2

– Network Manager Health Dashboard 4.2

•itnmrh62.test.ibm.com server contains the following software:

– Netcool/OMNIbus v8.1 FP 7

– Netcool Web GUI v8.1 FP 5

– Netcool/OMNIbus Gateway for Message Bus

– Netcool/OMNIbus Syslog Probe

– MTTrapd (SNMP) probe

•itnmlogs.test.ibm.com server features Operations Analytics - Log Analysis v1.3.2 software

The following dedicated settings are used on the itnmrh61.test.ibm.com machine:

•IBM DB2 v10.5 Enterprise Server Edition that is run in this scenario is hosting the NCIM Topology database and includes the following dedicated settings:

tnm.database.host=itnmrh61.test.ibm.com

tnm.database.dbname=ITNM

tnm.database.username=ncim

•ObjectServer includes the following dedicated settings:

server name = NM_LA

server host = itnmrh62.test.ibm.com

server port = 4100

Netcool simulated event generator

Netcool/OMNIbus can create event records by using information from many sources. For testing purposes, we use the event generator to send simulated events to the IBM Tivoli Netcool/OMNIbus ObjectServer that is generated with Netcool Event Generator. For more information about downloading the event generator for your environment, see the following resources (your IBM ID is required):

•NETCOOL Event Generator for Solaris:

https://ibm.biz/BdrDSs

•NETCOOL Event Generator 1.0.1 for Linux

https://ibm.biz/BdrDSi

•NETCOOL Event Generator for Windows

https://ibm.biz/BdrDSZ

Note: For more information about Netcool Event Generator for Windows, see the following IBM developerWorks® website:

https://ibm.biz/BdrDS2

This software is delivered “as-is” and is not supported.

5.3 Scenario steps

This section describes the process that is used to recreate and solve the issue of a known slow traffic between two points in a network.

Netcool/OMNIbus can create event records by using information from many sources. The Netcool/OMNIbus SNMP probe receives the trap and events that are created in the ObjectServer. After the events show in the ObjectServer, the Message Bus Gateway retrieves them and sends them to Operations Analytics - Log Analysis.

Tom performs the following steps:

1. He logs in to the following Integrated Portal console, as shown in Figure 5-1:

https://itnmrh61.test.ibm.com:16311/ibm/console/logon.jsp

Figure 5-1 IBM Dashboard Application login

2. He clicks Availability → Network Availability → Network Views and selects the Libraries tab.

3. Tom opens the Cisco Devices view. He can see the topology view, as shown in Figure 5-2 on page 111. He might need to zoom in the view by using the top menu buttons or right-clicking any area in the window.

Tip: It is easier to zoom in by using the keyboard and mouse. Tom can use mouse wheel for zooming. He can also use mouse wheel, in combination with keyboard Shift and Ctrl, to move in required position (up, down, right, and left).

Figure 5-2 ITNM console view

4. To determine what is occurring between chosen devices, Tom presses and holds the Ctrl key and then, press the left mouse button to select the following devices:

london-asbr-cr72.uk.eu.test.lab

paris-asbr-cr36.fra.eu.test.lab

5. For the purposes of this scenario, we use NETCOOL Event Generator for Windows with a loaded .xml file that contains the event Table for the End-To-End Search Demonstration. Events are set to match the “Cisco Devices” Network View.

As shown in Figure 5-3 on page 112, Tom selects the paris-asbr-cr36.fra.eu.test.lab device.

Figure 5-3 Selected Cisco device

6. Tom right-clicks one of selected devices and chooses Event Search → Find events between two nodes → Layer 2 topology → Last 15 minutes, as shown in Figure 5-4.

Figure 5-4 Find events between two nodes

The WebAnalysis site opens. (Tom might need to log in to access the site). The first search he performs after the IBM Operations Analytics - Log Analysis new processes were restarted might take longer to complete than subsequent searches.

7. The IBM Operations Analytics - Log Analysis console is shown. Tom can search the log files for keywords. Search results are displayed in a list or table format. Search results also are displayed in a distribution graph because he searched for events between two selected devices, as shown in Figure 5-5.

Figure 5-5 IBM SmartCloud Analytics - Log Analytics User Assistance

8. While clicking one of the routes, Tom can see a timeline and issues description. Because he investigates the memory issue now, the issue that interests him is low memory error between the devices, as shown in Figure 5-6.

Figure 5-6 Dashboard view

9. After he displays the events on one of the routes, Tom clicks the Grid view icon and identifies which device is generating the highest severity alerts, as shown in Figure 5-7.

Figure 5-7 Identifying the problematic device on the Topology Map

He can see which device is problematic and note its entity ID, as shown in Figure 5-8.

Figure 5-8 Finding entity ID of the problematic device

10. He returns to the Topology Map view and clicks the Search icon to find the problematic device, as shown in Figure 5-9.

Figure 5-9 Looking for the problematic device from Topology Map

11. The device is found and highlighted, as shown in Figure 5-10.

Figure 5-10 Problematic device found

12. Tom right-clicks the highlighted device and chooses Show Events, which shows the details of the state of this device (see Figure 5-11).

Figure 5-11 Problematic device event view

13. Tom can limit your search to one or more data sources. To further limit his search, he can create a time filter.

14. To include data from warning and error messages, Tom adds a logical operator value of OR to the search box. He clicks in the search box and adds the string OR to the end of the search box value. He ensures that a space is added before and after the OR string.

5.4 Summary

As described in this scenario, Operations Analytics - Log Analysis is a significant and beneficial feature of Networks for Operations Insight. By using it, an IT practitioner, such as Tom, can get a consolidated view of network devices and identify and troubleshoot network outages fast and resolve them quickly.

Event search applies the search and analysis capabilities of Operations Analytics - Log Analysis to events that are monitored and managed by Tivoli Netcool/OMNIbus. Events are transferred from the ObjectServer through the Gateway for Message Bus to Operations Analytics - Log Analysis, where they are imported into a data source and indexed for searching. After the events are indexed, you can search every occurrence of real-time and historical events.

The Tivoli Netcool/OMNIbus Insight Pack is installed into Operations Analytics - Log Analysis and provides custom modules that search the events based on various criteria. By using keyword searches and dynamic drill-down functions, you can more closely review event data for more information.

Tooling can be installed into the Web GUI that starts the modules from the right-click menus of the Event Viewer and the Active Event List. An event reduction wizard is also supplied that includes information and applications that can help you analyze and reduce volumes of events and minimize the “noise” in your monitored environment.

Note: For more information about Netcool Operations Insight 1.4.0.1 - Event search, see the following IBM Knowledge Center site:

https://ibm.biz/BdrDvk

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.

Table of Contents for Chapter 5. Known slow traffic between two points in a network

Create new playlist

Sign In

Sign Up

Table of Contents for
Chapter 5. Known slow traffic between two points in a network