Search for	Example	Results
A single word	`cat`	Topics that contain the word "cat". You will also find its grammatical variations, such as "cats".
A phrase. You can specify that the search results contain a specific phrase.	`"cat food"` (quotation marks)	Topics that contain the literal phrase "cat food" and all its grammatical variations. Without the quotation marks, the query is equivalent to specifying an OR operator, which finds topics with one of the individual words instead of the phrase.

Search for	Operator	Example
Two or more words in the same topic	`AND` `and` `+` (plus symbol) `&` (ampersand)	`cat AND dog` `"cat food"+milk` `"cat food"&"dog food"`
Either word in a topic	`OR` `or` `\|` (pipe)	`cat OR dog` `cat \| dog`
Topics that do not contain a specific word or phrase	`NOT` `not` `!` (exclamation point)	`NOT cat` `! dog`
Topics that contain one string and do not contain another	`^` (caret)	`cat ^ mouse`
A combination of search types	`( )` parentheses	`cat + (dog \| mouse)` `cat \| dog + (! mouse)`

Network Node Manager i Software10.30

Use > Monitor Incidents for Problems > Incident Views Provided by NNM

Incident Views Provided by NNMi

You and your team can easily monitor the posted incidents and take appropriate action to preserve the health of your network. To assist you, NNMi provides the following views for listing incident information:

NNMi generates informational incidents that do not appear by default in incident views. These incidents are advisory and have a Correlation Nature of Info. To view these incidents, create a filter for the All Incidents view using the Correlation Nature column and select the value Info from the enumerated list of values. See Filter a Table View for more information about filtering table views.

Open Key Incidents View
Unassigned Open Key Incidents View
My Open Incidents View
Closed Key Incidents View
Incident Views Provided by NNMi
Service Impact Incidents View
All Incidents View
Custom Open Incidents View
Custom Incidents View
Syslog Messages View (ArcSight)
SNMP Traps View

The most useful views for proactively monitoring your network for problems are the Key IncidentIncidents with both: (1) Severity = other than Normal. (2) Correlation Nature = equal to Root Cause, Service Impact, Stream Correlation, Rate Stream Correlation, Info, or None. views (seeKey Incident Views). These views include root cause incidents and their associated symptoms.

NNMi's Causal Engine uses ICMP and SNMP to constantly monitor your network. The Causal Engine uses the data collected from all the devices on your network to determine the root cause of known and potential problems.

The Custom Incidents view lets you use sorting and filtering to customize additional views while maintaining the views available in NNMi. This view includes most of the attributes available for the incident so that you can decide which are most important for you to display. See Use Table Views for more information about sorting, filtering, and hiding attributes within a view.

For each incident generated, you can view the Correlated Parents and Correlated Children tab information to assist you in understanding how the problem was detected.

You can also right-click any object in a table or map view to access the items available within the Actions menu.

Other useful tasks from the incident view, include the following:

My Open Incidents View

See Incident Form for more details about the incident attributes that appear in this view's column headings.

This view is useful for identifying the incidents for which you are responsible.

The My Open Incidents view in the Incident Management workspace displays all of the open incidents that meet this criterion:

Assigned to you.
Lifecycle state matching any of the following:
Registered
In Progress
Completed

As with all incident views, you can filter this view by time period. The default time period is Last Week.

If your NNMi Administrator defines at least one Tenant in addition to Default Tenant (provided by NNMi), the incident view displays the Tenant to which the Source Node belongs. If you are an NNMi administrator, see Configure Tenants for more information about Tenants.
Global Network Management only. The Regional Manager Name value that is associated with the Source Node's NNMi Management Server appears in the incident view on the Global Manager console. If the incident's Source Node no longer exists, the Management Server value is blank.

See Monitor Incidents for Problems for more information about ways to use incident views.

Key Incident Views

See Incident Form for more details about the incident attributes that appear in a key incident view's column headings.

The Key IncidentIncidents with both: (1) Severity = other than Normal. (2) Correlation Nature = equal to Root Cause, Service Impact, Stream Correlation, Rate Stream Correlation, Info, or None. views are useful for identifying incidents that are most important to the network Operator and that often require more immediate action.

The Key Incident views display incidents that meet the following criterion:

Severity is other than Normal.

Correlation Nature is any of the following:

Incident Correlation Nature	Description
Info	This Correlation Nature is meant to be informational.
None	Indicates there is no incident correlation for this incident.
Rate Stream Correlation	Indicates the incident tracks incident patterns based on the number of incident reoccurrences within a specified time period. After the count within the specified time period is reached, NNMi emits a Rate Correlation incident and continues to update the Correlation Notes with the number of occurrences within that rate.
Root Cause	Indicates an incident that NNMi's Causal Engine determined to be the root cause of a problem.
User Root Cause	Indicates that your NNMi administrator configured NNMi to always treat this Incident as Correlation Nature: Root Cause.
Key Incidents do not include Incidents with following Correlation Natures because they are not considered to be Key Incidents: Dedup Stream Correlation Secondary Root Cause Symptom

Some Key Incident views are filtered according to lifecycle state values (see the Lifecycle State information for the Incident form for more information), which can be set by the user.

NNMi provides the following Key Incident views filtered to display lifecycle state values of Registered, In Progress, or Completed:

Open Key Incidents View

NNMi provides the following Key Incident view filtered to display lifecycle state value of Closed:

Open Key Incidents View
Closed Key Incidents View

NNMi provides the following Key Incident view filtered to display (1) lifecycle state values of Registered, In Progress, and Completed plus (2) assigned to value equal to none:

Unassigned Open Key Incidents View

Open Key Incidents View

See Incident Form for more details about the incident attributes that appear in this view's column headings.

The Open Key Incidents view in the Incident Browsing workspace and Incident Management workspace shows the incidents that are most important to network Operators and that often require more immediate action. This view displays any Key IncidentIncidents with both: (1) Severity = other than Normal. (2) Correlation Nature = equal to Root Cause, Service Impact, Stream Correlation, Rate Stream Correlation, Info, or None. that has a Lifecycle State value that indicates the incident has not yet been closed. This view is useful for identifying the Key Incidents that need to be resolved. As with all incident views, you can filter this view by time period. The default time period is Last Week so that you can view all of the Key Incidents that have remained open within the last week.

Only incidents that have a Severity other than Normal are included in Key IncidentIncidents with both: (1) Severity = other than Normal. (2) Correlation Nature = equal to Root Cause, Service Impact, Stream Correlation, Rate Stream Correlation, Info, or None. views.

If your NNMi Administrator defines at least one Tenant in addition to Default Tenant (provided by NNMi), the incident view displays the Tenant to which the Source Node belongs. If you are an NNMi administrator, see Configure Tenants for more information about Tenants.
Global Network Management only. The Regional Manager Name value that is associated with the Source Node's NNMi Management Server appears in the incident view on the Global Manager console. If the incident's Source Node no longer exists, the Management Server value is blank.

Your NNMi administrator might have configured the Assigned To value to show a display name that consists of one or more Lightweight Directory Access Protocol (LDAP) properties rather than the user name assigned to NNMi. When configured to show display names, NNMi filters and sorts on the stored user name value, but shows the display name in the Incidents table.

See Monitor Incidents for Problems for more information about ways to use incident views.

You can also access additional views from this one using the Actions menu as described in Use Table Views. One example of an action available from an open root cause incident view is the ability to access a map view of the nodes related to the incident.

Unassigned Open Key Incidents View

See Incident Form for more details about the incident attributes that appear in this view's column headings.

The Unassigned Open Key Incident view in the Incident Management workspace displays any Key IncidentIncidents with both: (1) Severity = other than Normal. (2) Correlation Nature = equal to Root Cause, Service Impact, Stream Correlation, Rate Stream Correlation, Info, or None. that is open and unassigned. This view is useful for identifying the Key Incidents that are open and must still be assigned to someone. As with all incident views, you can filter this view by time period. The default time period is Last Day so that you can view all of the incidents that have remained unassigned with the last day.

Only incidents that have a Severity that is other than Normal are included in Key Incident views.

If your NNMi Administrator defines at least one Tenant in addition to Default Tenant (provided by NNMi), the incident view displays the Tenant to which the Source Node belongs. If you are an NNMi administrator, see Configure Tenants for more information about Tenants.
Global Network Management only. The Regional Manager Name value that is associated with the Source Node's NNMi Management Server appears in the incident view on the Global Manager console. If the incident's Source Node no longer exists, the Management Server value is blank.

See Monitor Incidents for Problems for more information about ways to use incident views.

Closed Key Incidents View

See Incident Form for more details about the incident attributes that appear in this view's column headings.

The Closed Key Incidents view in the Incident Browsing workspace displays any Key IncidentIncidents with both: (1) Severity = other than Normal. (2) Correlation Nature = equal to Root Cause, Service Impact, Stream Correlation, Rate Stream Correlation, Info, or None. with a Life Cycle state of Closed (see the Lifecycle State information for the Incident form for more information). This view is useful for identifying the Key Incidents that have been resolved. This view might be particularly useful for reporting on how many incidents were closed within a given time period.

Unlike other Key Incident views, the Closed Key Incidents view includes incidents that have a Correlation Nature of Info. The Info Correlation Nature is meant to be informational.

As with all incident views, you can filter this view by time period. The default time period is Last Day so that you can view all of the incidents that have a Last Occurrence Time within the last 24 hours. To select a more specific time range within a time period, you can filter the view using Last Occurrence Time values.

Only incidents that have a Severity that is other than Normal are included in Key IncidentIncidents with both: (1) Severity = other than Normal. (2) Correlation Nature = equal to Root Cause, Service Impact, Stream Correlation, Rate Stream Correlation, Info, or None. views.

For each incident displayed, you can view its severity, the date and time the incident last occurred, to whom the incident is assigned, the name of its source node, its source object, its category (for example, Fault or Security), its family (for example, Interface or Connection), its origin (for example, NNMi or SNMP Trap), the message used to describe the incident, and any related notes.

If your NNMi Administrator defines at least one Tenant in addition to Default Tenant (provided by NNMi), the incident view displays the Tenant to which the Source Node belongs. If you are an NNMi administrator, see Configure Tenants for more information about Tenants.
Global Network Management only. The Regional Manager Name value that is associated with the Source Node's NNMi Management Server appears in the incident view on the Global Manager console. If the incident's Source Node no longer exists, the Management Server value is blank.

Your NNMi administrator might have configured the Assigned To value to show a display name that consists of one or more Lightweight Directory Access Protocol (LDAP) properties rather than the user name assigned to NNMi. When configured to show display names, NNMi filters and sorts on the stored user name value, but shows the display name in the Incidents table.

See Monitor Incidents for Problems for more information about ways to use incident views.

Root Cause Incidents

See IP Address Form Incident Form for more details about the incident attributes that appear in a root cause incident view's column headings.

Root Cause Incidents identify the root cause, as well as symptoms associated with the root cause, as determined by NNMi's Causal Engine.

The Causal Engine uses the management protocols available (for example ICMP and SNMP) to constantly monitor your network. NNMi's Causal Engine uses the data collected from all the devices on your network to determine the root cause of known and potential problems. For example, NNMi notifies you if it encounters any of the following situations:

Node Down
Interface Down
Address Not Responding

NNMi provides the Open Root Cause Incidents View

When using Incident views:

Root Cause value = determined by NNMi's Causal Engine
User Root Cause = your NNMi administrator configured NNMi to always treat this Incident as Correlation Nature: Root Cause

See Monitor Incidents for Problems for more information about ways to use incident views.

Open Root Cause Incidents View

See Incident Form for more details about the incident attributes that appear in this view's column headings.

The Open Root Cause Incidents view in the Incident Browsing workspace displays the root cause incidents that have a Lifecycle State other than Closed. This view is useful for identifying the Root Cause Incidents that need to be resolved. As with all incident views, you can filter this view by time period. The default time period is Last Week so that you can view all of the Root CauseIncidents that have remained open within the last week.

You might also choose to narrow your focus by filtering this information according to one or more attribute values, such as all root cause incidents that have a Status of Critical, or all root cause incidents that have the description Node Down.

If your NNMi Administrator defines at least one Tenant in addition to Default Tenant (provided by NNMi), the incident view displays the Tenant to which the Source Node belongs. If you are an NNMi administrator, see Configure Tenants for more information about Tenants.
Global Network Management only. The Regional Manager Name value that is associated with the Source Node's NNMi Management Server appears in the incident view on the Global Manager console. If the incident's Source Node no longer exists, the Management Server value is blank.

Your NNMi administrator might have configured the Assigned To value to show a display name that consists of one or more Lightweight Directory Access Protocol (LDAP) properties rather than the user name assigned to NNMi. When configured to show display names, NNMi filters and sorts on the stored user name value, but shows the display name in the Incidents table.

You can also right-click any object in a table or map view to access the items available within the Actions menu.

Service Impact Incidents View

See Incident Form for more details about the incident attributes that appear in this view's column headings.

The Service Impact Incidents view in the Incident Browsing workspace displays all of the incidents that have a Correlation Nature of Service Impact. Service Impact incidents indicate a relationship between incidents in which a network service is effected by other incidents. By default, NNMi generates Service Impact incidents for Router Redundancy Groups. For example, an Interface Down incident can affect a Router Redundancy Group that is part of an HSRP service. This view is useful to identify a service that is affected.

The Service Impact Correlation Nature is available for use by Network Node Manager i Software Smart Plug-ins (iSPIs). See "Help for Administrators" for more information about NNM iSPIs.

As with all incident views, you can filter this view by time period. The default time period is Last Day so that you can view all of the Service Impact incidents that have occurred within the last 24 hours.

If your NNMi Administrator defines at least one Tenant in addition to Default Tenant (provided by NNMi), the incident view displays the Tenant to which the Source Node belongs. If you are an NNMi administrator, see Configure Tenants for more information about Tenants.
Global Network Management only. The Regional Manager Name value that is associated with the Source Node's NNMi Management Server appears in the incident view on the Global Manager console. If the incident's Source Node no longer exists, the Management Server value is blank.

Your NNMi administrator might have configured the Assigned To value to show a display name that consists of one or more Lightweight Directory Access Protocol (LDAP) properties rather than the user name assigned to NNMi. When configured to show display names, NNMi filters and sorts on the stored user name value, but shows the display name in the Incidents table.

See Monitor Incidents for Problems for more information about ways to use incident views.

All Incidents View

See Incident Form for more details about the incident attributes that appear in this view's column headings.

The All Incidents view in the Incident Browsing workspace is useful for viewing all of the incidents generated by NNMi within the specified time period. This view is useful to identify both Open and Closed incidents. As with all incident views, you can filter this view by time period. The default time period is Last Day so that you can view all of the incidents that have occurred within the last 24 hours.

If your NNMi Administrator defines at least one Tenant in addition to Default Tenant (provided by NNMi), the incident view displays the Tenant to which the Source Node belongs. If you are an NNMi administrator, see Configure Tenants for more information about Tenants.
Global Network Management only. The Regional Manager Name value that is associated with the Source Node's NNMi Management Server appears in the incident view on the Global Manager console. If the incident's Source Node no longer exists, the Management Server value is blank.

Your NNMi administrator might have configured the Assigned To value to show a display name that consists of one or more Lightweight Directory Access Protocol (LDAP) properties rather than the user name assigned to NNMi. When configured to show display names, NNMi filters and sorts on the stored user name value, but shows the display name in the Incidents table.

See Monitor Incidents for Problems for more information about ways to use incident views.

Custom Open Incidents View

See Incident Form for more details about the incident attributes that appear in this view's column headings.

The Custom Open Incidents view in the Incident Browsing workspace lets you choose the columns of incident information for all Open incidents, to better meet your needs. For example, you might want to filter the view to display only the incidents related to a particular set of devices. You might also want to filter the view to display only the incidents assigned to you.

This view includes most of the attributes available for the incident so that you can decide which are most important for you to display. See Use Table Views for more information about sorting, filtering, and hiding attributes within a view. As with all incident views, you can filter this view by time period. The default time period is Last Day so that you can view all of the incidents of interest that have occurred within the last 24 hours.

For each incident displayed, you can view its severity, its priority, its lifecycle state (see the Lifecycle State information for the Incident form for more information), the date and time the incident last occurred, to whom the incident is assigned, the name of its source node, its source object, its category (for example, Fault or Security), its family (for example, Interface or Connection), its origin (for example, NNMi or SNMP Trap), its Correlation Nature (for example, Symptom or Root Cause), the message used to describe the incident, and any related notes. You can also view the duplicate count to indicate any duplicate occurrences of this incident, the name of the custom incident, an indicator of whether the NNMi root cause analysis (RCA) engine considers this incident to be active, any Correlation Notes that exist for the incident, the date and time the first instance of this incident occurred (if suppressing incidents), the date and time the original event that triggered the incident occurred, the date and time the incident was created, and the date and time the incident was last modified.

If your NNMi Administrator defines at least one Tenant in addition to Default Tenant (provided by NNMi), the incident view displays the Tenant to which the Source Node belongs. If you are an NNMi administrator, see Configure Tenants for more information about Tenants.
Global Network Management only. The Regional Manager Name value that is associated with the Source Node's NNMi Management Server appears in the incident view on the Global Manager console. If the incident's Source Node no longer exists, the Management Server value is blank.

Your NNMi administrator might have configured the Assigned To value to show a display name that consists of one or more Lightweight Directory Access Protocol (LDAP) properties rather than the user name assigned to NNMi. When configured to show display names, NNMi filters and sorts on the stored user name value, but shows the display name in the Incidents table.

Custom Incidents View

See Incident Form for more details about the incident attributes that appear in this view's column headings.

The Custom Incidents view in the Incident Browsing workspace lets you choose the columns of incident information, to better meet your needs. For example, you might want to filter the view to display only the incidents related to a particular set of devices. You might also want to filter the view to display only the incidents assigned to you.

If your NNMi Administrator defines at least one Tenant in addition to Default Tenant (provided by NNMi), the incident view displays the Tenant to which the Source Node belongs. If you are an NNMi administrator, see Configure Tenants for more information about Tenants.
Global Network Management only. The Regional Manager Name value that is associated with the Source Node's NNMi Management Server appears in the incident view on the Global Manager console. If the incident's Source Node no longer exists, the Management Server value is blank.

Your NNMi administrator might have configured the Assigned To value to show a display name that consists of one or more Lightweight Directory Access Protocol (LDAP) properties rather than the user name assigned to NNMi. When configured to show display names, NNMi filters and sorts on the stored user name value, but shows the display name in the Incidents table.

Syslog Messages View (ArcSight)

See Incident Form for more details about the incident attributes that appear in this view's column headings.

The NNMi–ArcSight integration adds syslog message information to NNMi, so that you can view these syslog messages and investigate potential problems. After the ArcSight integration is enabled, NNMi receives ArcSightEvent traps that contain syslog message data. NNMi then maps this syslog information to a Syslog Message incident configuration and treats it as a syslog message in NNMi. The Syslog Messages view in the Incident Browsing workspace displays these incidents.

You can also right-click any object in a table or map view to access the items available within the Actions menu.

For each incident displayed, you can view its Severity, its Lifecycle State (see the Lifecycle State information for the Incident form for more information), the date and time the incident last occurred, the name of its Source Node and Source Object, its Category (for example, Fault or Security), its Family (for example, Interface or Connection), its Correlation Nature (for example, Symptom or Root Cause), the Message used to describe the incident, and any related Notes.

If your NNMi Administrator defines at least one Tenant in addition to Default Tenant (provided by NNMi), the incident view displays the Tenant to which the Source Node belongs. If you are an NNMi administrator, see Configure Tenants for more information about Tenants.
Global Network Management only. The Regional Manager Name value that is associated with the Source Node's NNMi Management Server appears in the incident view on the Global Manager console. If the incident's Source Node no longer exists, the Management Server value is blank.

As with all incident views, you can filter this view by time period. The default time period is Last Hour.

SNMP Traps View

See Incident Form for more details about the incident attributes that appear in this view's column headings.

The SNMP Traps view in the Incident Browsing workspace is useful for identifying all of the traps that were received from devices in your network environment. Your NNMi administrator must configure specific traps before they are displayed within NNMi incident views. As with all incident views, you can filter this view by time period. The default time period is Last Hour so that you can view the most recent incidents.

For each incident displayed, you can view its severity, its lifecycle state (see the Lifecycle State information for the Incident form for more information), the date and time the incident last occurred, the name of its source node, its source object, its category (for example, Fault or Security), its family (for example, Interface or Connection), its Correlation Nature (for example, Symptom or Root Cause), the message used to describe the incident, and any related notes.

If your NNMi Administrator defines at least one Tenant in addition to Default Tenant (provided by NNMi), the incident view displays the Tenant to which the Source Node belongs. If you are an NNMi administrator, see Configure Tenants for more information about Tenants.
Global Network Management only. The Regional Manager Name value that is associated with the Source Node's NNMi Management Server appears in the incident view on the Global Manager console. If the incident's Source Node no longer exists, the Management Server value is blank.

Related Topics:

About the NNMi Console

Display a Map from an Incident

Send Help Center feedback