IBM Netcool Operations Insight consists of a base operations management solution. It can be optionally extended by integrating Network Management, Performance Management, and Service Management solution extensions.
The full name of the Netcool Operations Insight base solution is Operations Management for Operations Insight. This base solution provides the capability of monitoring the health and performance of IT and network infrastructure across local, cloud and hybrid environments. It also incorporates strong event management capabilities, and leverages real-time alarm and alert analytics, combined with broader historic data analytics.
Operations Management is made up of the following products and components:
- IBM Tivoli Netcool/OMNIbus
- Tivoli Netcool/OMNIbus Web GUI
- IBM Tivoli Netcool/Impact
- IBM Operations Analytics – Log Analysis
- Event Analytics
- Event Search
- IBM Connections Integration
Operations Management leverages real-time alarm and alert analytics, combined with broader historic data analytics. Netcool Operations Insight is powered by the fault management capabilities of IBM Tivoli Netcool/OMNIbus and IBM’s leading big data technologies within IBM Operations Analytics – Log Analysis, providing powerful event search and historical analysis in a single solution. Operations Management integrates infrastructure and operations management into a single coherent structure across business applications, virtualized servers, network devices and protocols, internet protocols, and security and storage devices, and includes the following capabilities:The components and capabilities of Operations Management are described below:Event AnalyticsEvent Analytics performs statistical analysis of Tivoli Netcool/OMNIbus historical event data. You can use the results of seasonal analysis to create network, device, or suppression rules to reduce the number of events, or use the results of related event analysis to deploy Netcool/Impact correlation rules to group events together under a single parent, thereby reducing the number of events that are presented to operators.Event SearchEvent search applies the search and analysis capabilities of Operations Analytics – Log Analysis to events that are monitored and managed by Tivoli Netcool/OMNIbus.IBM Connections IntegrationNetcool/Impact enables social collaboration through IBM Connections by automatically providing updates to key stake holders.
Event Search tasks
Using Event Search, Operations staff can use the analytics available in Operations Analytics – Log Analysis to determine how the monitoring environment is performing over time.Using Event SearchNetwork operators can diagnose and triage events in the Event Viewer by using the search and analysis capabilities within Event Search. An example of this is the use of Event Search to narrow down the cause of an event storm by running the Event Search dashboard and timeline tools against selected events in the Event Viewer.Configuring Event SearchAdministrators can make extra event data available within Event Search, to provide Operations with a more semantically rich set of data to use in Event Search dashboard and timeline tools. This, in turn, helps operators to more effectively diagnose and triage events using Event Search.Administrators can also customize Event Search dashboards, to enable Operations to more effectively analyse event data.
Event Analytics tasks
Using Event Analytics, Operations staff can determine event patterns, groups, and seasonality, and use this knowledge to build rules that create parent and synthetic events, thereby reducing event count and presenting operators with events that are closer to the underlying incidents.Using Event AnalyticsOperations staff can review generated analytics reports, and drill into the reports to see seasonality graphs, related event groups, and event patterns. Based on an analysis of the report data, they can set up rules to act on live events and thereby reduce event count and improve the quality of the events in the Event Viewer.Configuring Event AnalyticsAdministrators can customize Event Analytics in a variety of ways:
- Making custom data available within seasonal and related event reports to provide Operations with a richer set of analytics data.
- Changing the mechanism used by seasonality to suppress events.
- Configuring how event pattern processing is performed.
In addition, administrators can set up configuration scans to run against historical data over a specified time range. They can specify which type of analytic to run and can set up a schedule so that analytics reports are automatically generated for Operations.
The following figure shows a simplified data flow between the products of the base Netcool Operations Insight solution.
The stages of this data flow are as follows, indicated by the call-out graphics (for example, 1 ).
Capture of alert data
Probes monitor the devices and applications in the environment.
1 : Alerts are received from applications and devicesAlert data is captured by the probes and forwarded to the Netcool/OMNIbus ObjectServer. Event data is then manipulated in various data flows.
Web GUI data flow
Event data is enriched and visualized in Web GUI.
2 : Event data is read from the ObjectServer and enrichedNetcool/Impact reads the event data from the ObjectServer. In Netcool/Impact, the event data is enriched by information retrieved by Impact policies.
3 : Event data is visualized and managed in the Web GUIThe Web GUI displays the application events that are in the ObjectServer. From the event lists, you can run tools that changes the event data; these changes are synchronized with the data in the ObjectServer.
Event Analytics data flow
Event data is archived and historical event data is used to generate analytics data.
4 : Events are read from the ObjectServer by the Gateway for JDBCThe Gateway for JDBC reads events from the ObjectServer.
5 : Event data is archivedThe Gateway for JDBC sends the event data via an HTTP interface to the Historical Event Database. The figure shows an IBM DB2 database but any supported database can be used. The gateway must be configured in reporting mode. This data flow is a prerequisite for the event analytics capability.
6 : Event analytics algorithms run on archived event dataAfter a set of historical alerts is archived, the seasonality algorithms of the Netcool/Impact policies can generate seasonal reports. The related events function analyzes Netcool/OMNIbus historical event data to determine which events have a statistical tendency to occur together and can therefore be grouped into related event groups. Pattern functions analyze the statistically related event groups to determine if the groups have any generic patterns that can be applied to events on other network resources.
7 : Analytics data is visualized and managedThe seasonality function helps you identify and examine seasonal trends while monitoring and managing events. This capability is delivered in a Seasonal Events Report portlet in Dashboard Application Services Hub. The portlet contains existing seasonal reports, which can be used to identify the seasonal pattern of the events in the Event Viewer. You can create new seasonal reports and edit existing ones. Statistically related groups can be analyzed in the Related Events GUI. Validated event groups can be deployed as Netcool/Impact correlation rules. Patterns in the statistically related event groups can also be analyzed in the Related Events GUI. These patterns can be extracted and deployed as Netcool/Impact generalized patterns.
Event Search data flow
Event data is indexed in Operations Analytics – Log Analysis and used to display event dashboard and timelines.
8 : Events are read from the ObjectServer by Gateway for Message BusThe Gateway for Message Bus reads events from the ObjectServer.
9 : Event data is transferred for indexing to Operations Analytics – Log AnalysisThe Gateway for Message Bus sends the event data via an HTTP interface to the Operations Analytics – Log Analysis product where the event data is indexed. The Tivoli Netcool/OMNIbus Insight Pack V18.104.22.168 parses the event data into a format suitable for use by Operations Analytics – Log Analysis. The diagram shows the default IDUC connection, which sends only event inserts. For event inserts and reinserts, the Accelerated Event Notification client can be deployed, which can handle greater event volumes. See On-premises scenarios for Operations Management.
10 : Event search data is visualizedEvent search results are visualized in Operations Analytics – Log Analysis event dashboards and timelines by performing right-click tools from event lists in Web GUI.