Table Of Contents

Tracking Faults Using Cisco ANA EventVision

User Roles Required to Work with Cisco ANA EventVision

Viewing Events and Tickets in Cisco ANA EventVision

All Tab

System Event Tabs

Audit Tab

Provisioning Tab

Security Tab

System Tab

Network Event Tabs

Service Tab

Syslog Tab

Ticket Tab

V1 Trap Tab

V2 Trap Tab

V3 Trap Tab

Viewing 3.6.x Tabs

Working in Cisco ANA EventVision

Viewing Event Properties

Viewing Ticket Properties

Refreshing Cisco ANA EventVision Information

Filtering Events and Tickets

Defining Filters

Removing Filters

Exporting Displayed Data

Tracking Faults Using Cisco ANA EventVision

---

The following topics describe how to use Cisco ANA EventVision to track faults:

•User Roles Required to Work with Cisco ANA EventVision

•Viewing Events and Tickets in Cisco ANA EventVision

•Viewing 3.6.x Tabs

•Working in Cisco ANA EventVision

---

Note For detailed information about alarms and event management, see the Cisco Active Network Abstraction 3.7.1 Theory of Operations Guide.

---

User Roles Required to Work with Cisco ANA EventVision

Table 8-1 identifies the roles that are required to work with Cisco ANA EventVision. Cisco ANA determines whether you are authorized to perform a task as follows:

•For GUI-based tasks (tasks that do not affect devices), authorization is based on the default permission that is assigned to your user account.

•For device-based tasks (tasks that do affect devices), authorization is based on the default permission that is assigned to your account. That is, whether the device is in one of your assigned scopes and whether you meet the minimum security level for that scope.

For more information on user authorization, see the Cisco Active Network Abstraction 3.7.1 Administrator Guide.

Table 8-1 Default Permission/Security Level Required for Cisco ANA EventVision 

Task	Viewer	Operator	OperatorPlus	Configurator	Administrator
Viewing events and tickets	—	—	—	—	X
Viewing events and ticket properties	—	—	—	—	X
Refreshing information displayed in tables	—	—	—	—	X
Filtering events and tickets	—	—	—	—	X
Exporting displayed data	—	—	—	—	X

Viewing Events and Tickets in Cisco ANA EventVision

Events are displayed according to event categories, which are represented by tabs in the Cisco ANA EventVision window. Each tab displays an events list log that provides event information for the specific event category. Events can be of system type or network type.

The Ticket tab displays the tickets that have been generated for correlated events.

Events and tickets are sorted by date, with the latest item displayed first and the oldest item displayed last. You can define a filter to be used as well as the number of items to be displayed in the list, by using the Cisco ANA EventVision Options dialog box. Each tab displays the specified number of entries per page as defined in the Cisco ANA EventVision Options dialog box.

For more information, see Selecting Cisco ANA EventVision Viewing Options, page 7-8.

Because the lists of events and tickets can be lengthy, you can use the left and right arrows on the navigation toolbar to move through the records. You can also use the submenus that are available from View > Go To in the main menu.

All Tab

The All tab displays information about all events. Additional information specific to the event category can be viewed in the Event Properties window or individual category tabs.

When you launch Cisco ANA EventVision, the All tab is not displayed. You can view this tab by choosing File > Open All Tab.

---

Note When you open the All tab, it might take some time to retrieve information from the Cisco ANA database for all category events.

You can disable the All tab by following the instructions provided in the Cisco Active Network Abstraction 3.7.1 Installation Guide.

---

Table 8-2 describes the information that is displayed in the All tab.

Table 8-2 All Tab 

Column	Description
Severity	Icon of a bell, colored according to the severity of the alarm on the event (the color and type of alarm are displayed in the Properties window Severity field). See Event Status Indicators, page 7-4.
Event ID	Event identifier, assigned sequentially.
Time	Date and time when the event occurred and was logged and recorded.
Description	Description of the event.
Location	Entity that triggered the event.
Event Type	Type of event: Audit, Provisioning, Security, Service, Syslog, System, V1 Trap, V2 Trap, or V3 Trap.

System Event Tabs

The following tabs in the Cisco ANA EventVision window display the system events:

•Audit Tab

•Provisioning Tab

•Security Tab

•System Tab

Audit Tab

The Audit tab displays all events generated for each command or request in Cisco ANA; for example, opening Cisco ANA EventVision displays the Get command as shown in Figure 8-1.

Figure 8-1 Audit Tab

Table 8-3 describes the information that is displayed in the Audit tab.

Table 8-3 Audit Tab 

Column	Description
Severity	Icon of a bell, colored according to the severity of the alarm on the event (the color and type of alarm are displayed in the Properties window Severity field). See Event Status Indicators, page 7-4.
Event ID	Sequential ID number of the event.
Time	Date and time when the event happened and was logged and recorded.
Description	Aggregation of portions of the same fields in the Audit Command fields.
Command Name	Audit-specific command name, prefaced by, for example, Get, Update, or Find.
Command Signature	Actual command run by Cisco ANA, such as GetEventViewerProperties.
Command Parameters	Command parameters issued with the command identified in the Command Name column.
Originating IP	IP address of the client that issued the command
User Name	Name of the user who initiated the command.

The audit service enables you to audit all the commands executed in the system; for example, the Get command can be audited. The Audit tab then displays this information.

Provisioning Tab

Events displayed in the Provisioning tab are events triggered during the configuration of a device. Cisco ANA sends an event explaining the configuration operation, such as configuring the cross-connect table in a device. The Provisioning tab displays detailed information specific to this event category. It contains events from both Cisco ANA Command Builder and Cisco ANA Workflow Editor¹ .

Additional information specific to this event category can be viewed in the Event Properties window.

If a provisioning event is the result of an activation script, the provisioning event can include an extremely long description. This description is displayed in the Event Properties window in the Details field. If the description exceeds the size of the Details field, Cisco ANA truncates the description in the database and Details field, and displays the following line to indicate that the description has been truncated:

=====CONTENT TRUNCATED BY CISCO ANA=====

For more information about activation scripts, see the Cisco Active Network Abstraction 3.7.1 Integration Developer Guide.

Table 8-4 describes the information that is displayed in the Provisioning tab.

Table 8-4 Provisioning Tab 

Column	Description
Severity	Icon of a bell, colored according to the severity of the alarm on the event (the color and type of alarm are displayed in the Properties window Severity field). See Event Status Indicators, page 7-4.
Event ID	Sequential ID number of the event.
Time	Date and time when the event happened and was logged and recorded.
Description	Description of the event, such as "Script Show has failed."
Location	Entity that triggered the event.
Username	Name of the user who performed the provisioning operations.
Status	Status, such as Success or Fail.

Security Tab

The Security tab displays detailed information specific to this event category. Security events are related to client login and user activity when managing the system and the environment. Additional information specific to this event category can be viewed in the Event Properties window.

Table 8-5 describes the information that is displayed in the Security tab.

Table 8-5 Security Tab 

Column	Description
Severity	Icon of a bell, colored according to the severity of the alarm on the event (the color and type of alarm are displayed in the Properties window Severity field). See Event Status Indicators, page 7-4.
Event ID	Sequentially assigned identifier of the event.
Time	Date and time when the event happened and was logged and recorded.
Description	Description of the event, such as "Successful login root."
Location	Entity that triggered the event.
Username	Name of the user who triggered the event.
Originating IP	IP address of the client where the event was triggered.

For more information about the system security events displayed in this tab, see the Cisco Active Network Abstraction 3.7.1 Reference Guide.

System Tab

The System tab displays all the system events related to the everyday working of the internal system and its components. These events can be related to Cisco ANA and Cisco ANA gateway resources, representing the system log. Additional information specific to this event category can be viewed in the Event Properties window.

Table 8-6 describes the information that is displayed in the System tab.

Table 8-6 System Tab 

Column	Description
Severity	Icon of a bell, colored according to the severity of the alarm on the event (the color and type of alarm are displayed in the Properties window Severity field). See Event Status Indicators, page 7-4.
Event ID	Sequential ID number of the event.
Time	Date and time when the event happened and was logged and recorded.
Description	Description of the event, such as "Dropped Events Report."
Location	Entity that triggered the event.

For more information about the system error and event messages displayed in this tab, see the Cisco Active Network Abstraction 3.7.1 Reference Guide.

Network Event Tabs

The following topics describe the information displayed in Cisco ANA EventVision for network events:

•Service Tab

•Syslog Tab

•Ticket Tab

•V1 Trap Tab

•V2 Trap Tab

•V3 Trap Tab

Service Tab

The Service tab displays all the events generated by Cisco ANA, such as Link Down. Service events are related to the alarms that are generated by the Cisco ANA system. Additional information specific to this event category can be viewed in the Event Properties window.

Table 8-7 describes the information that is displayed in the Service tab.

Table 8-7 Service Tab 

Column	Description
Severity	Icon of a bell, colored according to the severity of the alarm on the event (the color and type of alarm are displayed in the Properties window Severity field). See Event Status Indicators, page 7-4.
Event ID	Calculated correlation identifier.
Time	Date and time when the event happened and was logged and recorded.
Description	Description of the event, such as "BGP neighbor found."
Location	Hyperlink to the entity that triggered the event.
Alarm ID	Hyperlinked identifier of the alarm associated with the event. Click the link to view the Ticket Properties window.
Ticket ID	Hyperlinked identifier of the ticket associated with the event. Click the link to view the Ticket Properties window.
Causing Event ID	Identifier of the causing event.
Duplication Count	For network events, the duplication count is calculated by the VNE and pertains only to flapping events. The duplication count represents the number of noncleared events aggregated by the flapping event.
Reduction Count	For network events, the reduction count is calculated by the VNE and pertains only to flapping events. The reduction count represents the number of events that are aggregated by the flapping event.

For more information about the service alarms that are displayed in this tab, see the Cisco Active Network Abstraction 3.7.1 Reference Guide.

Syslog Tab

The Syslog tab displays all the syslog events. These events are related to the predefined set of syslogs received from the devices by the VNEs, which are used to generate the syslog events. Additional information specific to this event category can be viewed in the Event Properties window.

Table 8-8 describes the information that is displayed in the Syslog tab.

Table 8-8 Syslog Tab 

Column	Description
Severity	Icon of a bell, colored according to the severity of the alarm on the event (the color and type of alarm are displayed in the Properties window Severity field). See Event Status Indicators, page 7-4.
Event ID	Calculated correlation identifier.
Time	Date and time when the event happened and was logged and recorded.
Description	Description of the event, such as "Device configuration changed."
Location	Entity that triggered the event.
Alarm ID	Identifier of the alarm associated with the event.
Ticket ID	Identifier of the ticket associated with the event.
Causing Event ID	Identifier of the causing event.
Duplication Count	For network events, the duplication count is calculated by the VNE and pertains only to flapping events. The duplication count represents the number of noncleared events aggregated by the flapping event.
Reduction Count	For network events, the reduction count is calculated by the VNE and pertains only to flapping events. The reduction count represents the number of events that are aggregated by the flapping event.

Ticket Tab

The Ticket tab displays detailed information specific to tickets. A ticket contains a single root alarm (the root cause alarm can be of any alarm type, such as syslog or service), and all its subsequent correlated alarms. Additional information specific to tickets can be viewed in the Ticket Properties window.

A Tickets capacity overflow, red threshold reached system alarm is generated when the maximum number of tickets is exceeded. The alarm severity is defined as critical.

Table 8-9 describes the information that is displayed in the Ticket tab.

Table 8-9 Ticket Tab 

Column	Description
Severity	Icon of a bell, colored according to the severity of the alarm on the ticket (the color and type of alarm are displayed in the Ticket Properties window Severity field). See Event Status Indicators, page 7-4.
Ticket ID	Sequentially assigned identifier of the ticket, hyperlinked to the Ticket Properties window.
Last Modification Time	Date and time when the ticket was last modified.
Description	Description of the event, such as "BGP neighbor found."
Location	Hyperlink to the entity that triggered the event.
Acknowledged	Status of the ticket: Acknowledged or Not Acknowledged.
Event Count	Number of events associated with the ticket.
Affected Devices Count	Number of devices affected by the ticket (the sources of the alarm and their subsequent alarms).
Duplication Count	For tickets, the duplication count is the sum of the duplication counts of all events that are associated with the root alarm.
Reduction Count	Ticket reduction count is the sum of reduction counts of all the events that are associated to the ticket. The History tab in the Ticket Properties window displays one reduction count for each event listed. For more information, see Chapter 9, "Working with Tickets in Cisco ANA NetworkVision."
Alarm Count	Total number of alarms associated with the ticket, including the root alarm.

For information about viewing ticket properties, see Viewing Ticket Properties.

V1 Trap Tab

This event is triggered when the network element sends a trap message to Cisco ANA because of a network event, such as Link Down. The V1 Trap tab displays detailed information specific to this category. Additional information specific to each event category can be viewed in the Event Properties window.

Table 8-10 describes the information that is displayed in the V1 Trap tab.

Table 8-10 V1 Trap Tab 

Column	Description
Severity	Icon of a bell, colored according to the severity of the alarm on the event (the color and type of alarm are displayed in the Properties window Severity field). See Event Status Indicators, page 7-4.
Event ID	Calculated correlation identifier.
Time	Date and time when the event happened and was logged and recorded.
Description	Description of the event, such as "Enterprise generic trap."
Location	Hyperlink to the entity that triggered the trap.
Alarm ID	Identifier of the alarm associated with the event, hyperlinked to the Alarm Properties window.
Ticket ID	Hyperlinked sequential identifier of the ticket. Click the link to view the Ticket Properties window.
Causing Event ID	Identifier of the causing event, hyperlinked to the Network Event Properties window.
Duplication Count	For network events, the duplication count is calculated by the VNE and pertains only to flapping events. The duplication count represents the number of noncleared events aggregated by the flapping event.
Reduction Count	For network events, the reduction count is calculated by the VNE and pertains only to flapping events. The reduction count represents the number of events that are aggregated by the flapping event.

For more information about the Cisco IOS and Cisco IOX traps displayed in one of these tabs, see the Cisco Active Network Abstraction 3.7.1 Reference Guide.

V2 Trap Tab

This event is triggered when the network element sends a trap message to Cisco ANA because of a network event. The V2 Trap tab displays detailed information specific to this category. Additional information specific to each event category can be viewed in the Event Properties window.

Table 8-10 describes the information that is displayed in the V2 Trap tab.

Table 8-11 V2 Trap Tab 

Column	Description
Severity	Icon of a bell, colored according to the severity of the alarm on the event (the color and type of alarm are displayed in the Properties window Severity field). See Event Status Indicators, page 7-4.
Event ID	Calculated correlation identifier.
Time	Date and time when the event happened and was logged and recorded.
Description	Description of the event, such as "Enterprise generic trap."
Location	Hyperlink to the entity that triggered the trap.
Alarm ID	Identifier of the alarm associated with the event, hyperlinked to the Alarm Properties window.
Ticket ID	Sequential identifier of the ticket, hyperlinked to the Ticket Properties window.
Causing Event ID	Identifier of the causing event, hyperlinked to the Network Event Properties window.
Duplication Count	For network events, the duplication count is calculated by the VNE and pertains only to flapping events. The duplication count represents the number of noncleared events aggregated by the flapping event.
Reduction Count	For network events, the reduction count is calculated by the VNE and pertains only to flapping events. The reduction count represents the number of events that are aggregated by the flapping event.
Translated Enterprise	Translation of the OID using the MIB. For example, an enterprise OID of .1.3.6.1.2.1.88.2 is displayed in this column as .iso.org.dod.internet.mgmt.mib-2.dismanEventMIB.dismanEventMIBNotificationPrefix.
Trap Type OID	Trap object identifier.
Enterprise	Enterprise OID for the trap, representing the company or organization that is associated with the trap.

For more information about the Cisco IOS and Cisco IOX traps displayed in this tab, see the Cisco Active Network Abstraction 3.7.1 Reference Guide.

V3 Trap Tab

This event is triggered when the network element sends a trap message to Cisco ANA because of a network event. The V3 Trap tab displays detailed information specific to this category. Additional information specific to each event category can be viewed in the Event Properties window.

Table 8-12 describes the information that is displayed in the V3 Trap tab.

Table 8-12 V3 Trap Tab 

Column	Description
Severity	Icon of a bell, colored according to the severity of the alarm on the event (the color and type of alarm are displayed in the Properties window Severity field). See Event Status Indicators, page 7-4.
Event ID	Calculated correlation identifier.
Time	Date and time when the event happened and was logged and recorded.
Description	Description of the event, such as "Enterprise generic trap."
Location	Hyperlink to the entity that triggered the trap.
Alarm ID	Identifier of the alarm associated with the event, hyperlinked to the Alarm Properties window.
Ticket ID	Sequential identifier of the ticket, hyperlinked to the Ticket Properties window.
Causing Event ID	Identifier of the causing event, hyperlinked to the Network Event Properties window.
Duplication Count	For network events, the duplication count is calculated by the VNE and pertains only to flapping events. The duplication count represents the number of noncleared events aggregated by the flapping event.
Reduction Count	For network events, the reduction count is calculated by the VNE and pertains only to flapping events. The reduction count represents the number of events that are aggregated by the flapping event.
Translated Enterprise	Translation of the OID using the MIB. For example, an enterprise OID of .1.3.6.1.2.1.88.2 is displayed in this column as .iso.org.dod.internet.mgmt.mib-2.dismanEventMIB.dismanEventMIBNotificationPrefix.
Trap Type OID	Trap object identifier.
Enterprise	Enterprise OID for the trap, representing the company or organization that is associated with the trap.

For more information about the Cisco IOS and Cisco IOX traps displayed in this tab, see the Cisco Active Network Abstraction 3.7.1 Reference Guide.

Viewing 3.6.x Tabs

If you upgrade to Cisco ANA 3.7 or 3.7.1 from version 3.6.7, you can view the following tabs by choosing File > Open 3.6.x Tabs:

•3.6.x Ticket

•3.6.x Service

•3.6.x Syslog

•3.6.x V1 Trap

•3.6.x V2-V3 Trap

Figure 8-2 shows an example Cisco ANA EventVision when the 3.6.x tabs are displayed.

Figure 8-2 Cisco ANA EventVision with 3.6.x Tabs

Table 8-13 describes the information that is displayed in each of the 3.6.x tabs.

Table 8-13 3.6.x Tab Contents in EventVision 

Field	Description
3.6.x Ticket Tab
Severity	Icon of a bell, colored according to the severity of the alarm on the ticket. For more information, see Event Status Indicators, page 7-4.
Ticket ID	Sequentially assigned identifier of the ticket.
Short Description	Description of the event.
Location	Hyperlink to the entity that triggered the event.
Last Modification Time	Date and time when the ticket was last modified.
Time	Date and time recorded when the first event happened.
Acknowledged	Status of the ticket: Acknowledged, Not Acknowledged, or Partly Acknowledged.
Affected Devices Count	Number of devices affected by the ticket (the sources of the alarm and their subsequent alarms).
Correlation Count	Number of correlated alarms included in the ticket.
Reduction Count	Ticket reduction count is the sum of reduction counts of all the events that are associated to the ticket. The History tab in the Ticket Properties window displays one reduction count for each event listed. For more information, see Chapter 9, "Working with Tickets in Cisco ANA NetworkVision."
Duplication Count	For tickets, the duplication count is the sum of the duplication counts of all events that are associated with the root alarm.
3.6.x Service Tab
Severity	Icon of a bell, colored according to the severity of the alarm. For more information, see Event Status Indicators, page 7-4.
Alarm ID	Sequentially assigned identifier of the alarm.
Short Description	Description of the event.
Location	Hyperlink to the entity that triggered the event.
Time	Date and time recorded when the first event happened.
3.6.x Syslog Tab
Severity	Icon of a bell, colored according to the severity of the alarm. For more information, see Event Status Indicators, page 7-4.
Alarm ID	Sequentially assigned identifier of the alarm.
Short Description	Description of the event.
Location	Hyperlink to the entity that triggered the event.
Time	Date and time recorded when the first event happened.
3.6.x V1 Trap Tab
Severity	Icon of a bell, colored according to the severity of the alarm. For more information, see Event Status Indicators, page 7-4.
Alarm ID	Sequentially assigned identifier of the alarm.
Short Description	Description of the event.
Location	Hyperlink to the entity that triggered the event.
Time	Date and time recorded when the first event happened.
Suppress Display	Whether or not the display of the alarm is suppressed.
3.6.x V2-V3 Trap Tab
Severity	Icon of a bell, colored according to the severity of the alarm. For more information, see Event Status Indicators, page 7-4.
Alarm ID	Sequentially assigned identifier of the alarm.
Short Description	Description of the event.
Location	Hyperlink to the entity that triggered the event.
Time	Date and time recorded when the first event happened.
Suppress Display	Whether or not the display of the alarm is suppressed.

Working in Cisco ANA EventVision

The following sections describe how to view, filter, and display the properties of specific events and tickets, and how to refresh and export events:

•Viewing Event Properties

•Viewing Ticket Properties

•Refreshing Cisco ANA EventVision Information

•Filtering Events and Tickets

•Exporting Displayed Data

Viewing Event Properties

Cisco ANA EventVision enables you to view the properties of a specific event type. The Event Properties window displays detailed information about the event; for example, the severity and the number of affected parties.

---

Tip Clicking Details Pane on the toolbar displays the properties of the selected ticket or event in the Properties pane.

---

To view event properties:

---

Step 1 Select the required tab for the specific event type and the event in the Cisco ANA EventVision window.

Step 2 Do one of the following:

•Double-click the event in the events list.

•Choose View > Properties from the main menu.

•Right-click the event and choose Properties.

The Event Properties tabbed window is displayed for the selected event, as shown in Figure 8-3. The Details tab is displayed by default.

Figure 8-3 Event Properties Window - Details Tab

Table 8-14 describes the information that is displayed in the Event Properties window in the Details tab.

Table 8-14 Details Tab for Events 

Field	Description
Event ID	Unique identifier for the selected event.
Severity	Severity of the event, indicated by color and text label.
Description	Description of the event.
Time	Date and time when the event happened and was logged and recorded.
Location	Entity that triggered the event, hyperlinked to its entry in physical inventory.
Type	Type of event, such as Security or Service.
Ticket ID	This field is displayed only for network events. Sequential identifier of the ticket, hyperlinked to the Ticket Properties window.
Alarm ID	This field is displayed only for network events. Alarm identifier, hyperlinked to the Ticket Properties window.
Causing Event	This field is displayed only for network events. The identifier of the causing event.
Details	Detailed description of the event.

Step 3 As required, view additional properties for the event.

Table 8-15 identifies the tabs that are available for each type of event and a link to the relevant information.

Table 8-15 Event Properties Window - Available Tabs by Event Type 

Event Types and Tabs	Related Topic
Audit Events
Details	Details Tab for Events, page 8-15
Audit	Audit Tab
Provisioning Events
Details	Details Tab for Events, page 8-15
Provisioning	Provisioning Tab
Security Events
Details	Details Tab for Events, page 8-15
Security	Security Tab
Service Events
Details	Details Tab for Events, page 8-15
Affected Parties	Affected Parties Tab, page 9-11
Advanced	Advanced Tab, page 9-15
Syslog Events
Details	Details Tab for Events, page 8-15
Affected Parties	Affected Parties Tab, page 9-11
Advanced	Advanced Tab, page 9-15
System Events
Details	Details Tab for Events, page 8-15
Trap Events
Details	Details Tab for Events, page 8-15
Affected Parties	Affected Parties Tab, page 9-11
Advanced	Advanced Tab, page 9-15
Trap	Trap Tab

Audit Tab

Table 8-16 describes the information that is displayed in the Audit tab for audit-related events.

Table 8-16 Audit Tab 

Field	Description
User Name	Name of user who initiated the command.
Result	Command result, if available.
Originating IP	IP address of the client that issued the command.
Command Signature	Actual command run by Cisco ANA, such as GetEventViewerProperties.
Command Parameters	Parameters applied to the command.

Provisioning Tab

Table 8-17 describes the information that is displayed in the Provisioning tab for provisioning-related events.

Table 8-17 Provisioning Tab 

Field	Description
User Name	Name of the user who performed the provisioning operation.
Status	Status of the operation: Success or Fail.

Security Tab

Table 8-18 describes the information that is displayed in the Security tab for security-related events.

Table 8-18 Security Tab 

Field	Description
User Name	Name of the user who triggered the event.
Client Type	Client that triggered the event: Cisco ANA NetworkVision, Cisco ANA Manage, Cisco ANA EventVision, or Unknown.
Originating IP	IP address of the client where the event was triggered.

Trap Tab

Table 8-19 describes the information that is displayed in the Trap tab for trap-related events.

Table 8-19 Trap Tab 

Field	Description
Version	The SNMP version: version-1, version-2c, or version-3.
Community String	The community that the device sends in the Protocol Data Unit (PDU).
Error Status	The error status: No Error, Too Big, No Such Name, Bad Value, Read Only, and Gen Err.
Values
Translated Oid	A string representation of the OID. For example, 1.3.6 is translated into iso.org.dod where: •1 represents iso. •3 represents org. •6 represents dod.
Translated Value	A string representation of the OID value. For example, 1.3 is translated to iso(1).org.10, or a specific value, such as "down" or "4 days, 20 hours, 32 minutes, 11 seconds."
Oid	The OID that is not translated. It is a dot notation representation of the OID, such as 1.3.6.1.4.1.9.
Value	The value that is not translated.

---

The properties of a selected ticket can be viewed in the Ticket Properties window. For a detailed description of the Ticket tab properties, see Viewing Ticket Properties, page 9-7.

Viewing Ticket Properties

The properties of a selected ticket can be viewed in detail by displaying the Ticket Properties window.

To view ticket properties:

---

Step 1 In the Ticket tab in the Cisco ANA EventVision window, select the required ticket.

Step 2 Do one of the following:

•Double-click the ticket.

•Choose View > Properties from the main menu.

•Right-click the ticket and choose Properties.

The Ticket Properties tabbed window is displayed for the selected ticket, as shown in Figure 8-4.

Figure 8-4 Ticket Properties Window - Details Tab

Table 8-20 describes the information that is displayed in the Details tab in the Ticket Properties window.

Table 8-20 Ticket Properties Window - Details Tab 

Field	Description
Details Tab
Ticket ID	Sequentially assigned identifier of the ticket.
Severity	Severity of the ticket, indicated by color and text label.
Description	Description of the ticket.
Time	Date and time when the ticket and was logged and recorded.
Location	Hyperlink to the entity that triggered the event. Note If the entity that triggered the event is outside your scope, a message is displayed that states you do not have permission to access the selected item.
Open Alarms	Number of open alarms out of all alarms, such as 3/4.
Acknowledged	Whether or not the ticket has been acknowledged: Yes or No.
Details	Detailed description of the ticket.

Step 3 As required, review additional properties for the ticket.

Table 8-21 identifies the additional tabs that are displayed in the Ticket Properties window and links to the relevant information.

Table 8-21 Ticket Properties Window - Additional Tabs 

Tab	Description
History	Contains the history of the ticket, including all the events. For more information, see History Tab, page 9-10.
Affected Parties	The services (affected pairs) that are potentially affected (potential impact analysis) by the ticket. For more information, see Affected Parties Tab, page 9-11.
Correlation	Displays all the alarms that are correlated to the selected ticket. For more information, see Correlation Tab, page 9-14.
Advanced	The number of affected devices, correlations, duplications, and reductions for the selected ticket. In addition, it provides any other additional information available about the ticket. For more information, see Advanced Tab, page 9-15.
Notes	Enables you to add and save notes for the selected ticket. The Notes tab is not available for tickets that have been archived. For more information, see Notes Tab, page 9-15.

---

Refreshing Cisco ANA EventVision Information

Cisco ANA EventVision displays current information in lists in each tab. While you view a list, the information is not updated unless you manually refresh the list or activate autorefresh. The default autorefresh setting is 60 seconds and can be adjusted (see Selecting Cisco ANA EventVision Viewing Options, page 7-8). Your filter settings remain intact.

Table 8-22 shows the refresh icons.

Table 8-22 Cisco ANA EventVision Refresh Icons 

Button	Name	Function
	Refresh Now	Manually refreshes the events list.
	Auto Refresh	Automatically refreshes the events list. The Auto Refresh icon toggles to indicate whether auto refresh is on or off. This icon indicates auto refresh is on.

To manually refresh a list, do one of the following:

•Click Refresh Now in the main toolbar.

•Choose View > Refresh from the main menu.

To automatically refresh a list, click Auto Refresh in the toolbar.

Filtering Events and Tickets

The Filter Events dialog box allows you to filter events and tickets according to severity, identifier, date and time, and text in the description field. You may also use the filter to search for information in the database.

The Filter icon toggles to indicate that a filter has been applied.

The following settings in the Cisco ANA EventVision Options dialog box also affect your filters:

•If you check the Keep Last Filter check box, the currently defined filter settings are saved in the registry and are displayed the next time you log in, but are not applied.

•If you check the Open Using Filter check box, the events are continuously filtered according to the defined settings, even when you log out of and back into the application.

For more information, see Selecting Cisco ANA EventVision Viewing Options, page 7-8.

See the following topics for more information about filtering events and tickets:

•Defining Filters

•Removing Filters

Defining Filters

To define a filter:

---

Step 1 Do one of the following:

•Choose Edit > Filter from the main menu.

•Click Filter in the main toolbar.

Figure 8-5 Cisco ANA EventVision Filter Events Dialog Box

Step 2 In the Filter Events dialog box, specify the filter criteria as described in Table 8-23.

Table 8-23 Cisco ANA EventVision Filter Events Options 

Field	Description
Aggregated Severity	Check the check box of each event severity to include in the filter.
General
ID	To filter by ticket identifier: 1. Check the ID check box. 2. In the drop-down list, choose the required operator: –Contains –Does Not Contain 3. Enter the value to include or exclude from the filter.
Description	To filter by a string in the description: 1. Check the Description check box. 2. In the drop-down list, choose the required operator: –Contains –Does Not Contain 3. Enter the string to include or exclude from the filter.
Location	To filter events by location: 1. Check the Location check box. 2. Specify the location in one of the following ways: –In the Location field, enter the name of the network element to include in the filter. –Click the ... button to select the required element from a list.
Last Modification Time	To filter events according the time they were last modified: 1. Check the Last Modification Time check box. 2. In the From field, specify the beginning date and time to filter events by. 3. In the To field, specify the ending date and time to use for filtering events.
Advanced
Acknowledged	To filter events according to their acknowledgement status: 1. Check the Acknowledged check box. 2. In the drop-down list, choose the acknowledgement status: –Acknowledged –Not Acknowledged –Partly Acknowledged
Event Count	To filter events according to their event count: 1. Check the Event Count check box. 2. In the drop-down list, choose the operator for comparing the event count: Greater Than, Less Than, Equal, or Not Equal. 3. In the Event Count field, enter the number of events to use for filtering.
Affected Devices Count	To filter events according to their affected devices count: 1. Check the Affected Devices Count check box. 2. In the drop-down list, choose the operator for comparing the affected devices count: Greater Than, Less Than, Equal, or Not Equal. 3. In the Affected Devices Count field, enter the number of affected devices to use for filtering.
Duplication Count	To filter events according to their duplication count: 1. Check the Duplication Count check box. 2. In the drop-down list, choose the operator for comparing the duplication count: Greater Than, Less Than, Equal, or Not Equal. 3. In the Duplication Count field, enter the value to use for filtering.
Reduction Count	To filter events according to their reduction count: 1. Check the Reduction Count check box. 2. In the drop-down list, choose the operator for comparing the reduction count: Greater Than, Less Than, Equal, or Not Equal. 3. In the Reduction Count field, enter the value to use for filtering.
Alarm Count	To filter events according to their alarm count: 1. Check the Alarm Count check box. 2. In the drop-down list, choose the operator for comparing the alarm count: Greater Than, Less Than, Equal, or Not Equal. 3. In the Alarm Count field, enter the value to use for filtering.

Step 3 Click OK to save your filter settings and apply the filter. The filtered entries are displayed in the list according to the defined criteria.

---

Removing Filters

To remove a filter:

---

Step 1 Click Filter in the main toolbar.

Step 2 In the Filter Events dialog box, click Clear. The selected options in the Filter Events dialog box are cleared.

Step 3 Click OK. All events are displayed in the list.

---

Exporting Displayed Data

Cisco ANA EventVision enables you to export the currently displayed data from the Cisco ANA EventVision table according to the criteria defined in the Cisco ANA EventVision Options dialog box. You can then import and view at a later time.

To export a table to a file:

---

Step 1 Choose File > Export.

Step 2 In the Export Table to File dialog box, browse to the directory where you want to save the list.

Step 3 In the File name field, enter a name for the list.

Step 4 Click Save. The displayed events list or rows are saved in the selected directory.

---

¹ The Workflow Editor is based on LiquidBPM by Autonomy, Inc.