'Investigate mode' is available within the contextual menu of Hosts and Service Checks that provides you with the ability to investigate every aspect of a Host or Service Check within a dedicated modal window
In the investigate mode for a Host, the following tabs are available:
- Host Interfaces
To load up the investigate window, click the 'Investigate' option from within a Host's contextual menu:
Investigate button within a Host's contextual menu
The 'Info' tab is displayed when the Investigate mode window first opens:
The Info tab is a one-stop shop for all information relating to the Host. For an explanation of what each field means, see below:
- Host Status: The state of the Host, i.e. 'UP', 'DOWN' or 'UNREACHABLE'. Also displays how long the Host has been in the given state, i.e. 'UP for 2 days ..'.
- Status information: The output of the Host Check Command. In the example above, 'ping' is used as the Host Check Command, therefore the rta of the ping is returned.
- Performance data: If the Host Check Command returns data in a 'performance data' ('perfdata') format, it will be displayed here.
- Current Attempt: The current attempt number. If the Host is 'UP' this value will always be one. If the Host is 'DOWN' or 'UNREACHABLE', this number will be between one and the number defined in the 'Max Attempts' field.
- Max Attempts: The number of attempts required for the Host to be converted from a 'SOFT' state to a 'HARD' state.
- State Type: Hard or Soft; if 'UP' the Host will always be in a 'HARD' state (see Section Host Check Commands for more information). If 'DOWN' or 'UNREACHABLE' the Host will be in a 'SOFT' state until the number of Max Attempts has been met, at which point it will convert from SOFT to HARD.
- Last Check: The date and time of the last check of the Host, i.e. the last time the Host Check Command was run.
- Check Type: Active/Passive, depending on your configuration.
- Monitored By: The name of the Monitoring Server that is monitoring the Host. If monitored by a Slave Cluster, the Slave Cluster name will be returned here instead of the individual Slave Node.
- Latency: The time it took Opsview Monitor in milliseconds to execute the Host Check Command.
- Duration: The time it took Opsview Monitor in milliseconds to get a response from the Host via its Host Check Command.
- Next Scheduled Check: The date and time of the next scheduled Host Check Command.
- Last State Change: The date and time of the last state change, e.g. when the Host last changed between 'UP', 'DOWN' or 'UNREACHABLE'.
- Last Notification: The date and time of when the last Notification regarding a non-OK Host status was sent
- Notification Number: If the Host is currently 'DOWN'/'UNREACHABLE' and sending notifications, this number denotes the number of notifications sent. For example, if the Host has been down for six hours and Opsview Monitor is configured to send an alert every hour, this number would be six (i.e. six Notifications sent). If the Host is 'UP', then no Notifications are being sent and the number will be zero.
- Is This Host Flapping?: A 'Yes' or 'No' label relating to Flap Detection, which is configured within the 'Notifications' tab of the edit window for the Host. See Section Configuring a Host: 'Notifications tab' for more information. If the Host is marked as 'flapping', this field will change to 'Yes'.
- In Scheduled Downtime?: A 'Yes' or 'No' label relating to whether the Host is in a state of Downtime or not.
- Last update: The date and time of when a Host Check Command result was received for this Host.
- Active Checks: An 'Enabled' or 'Disabled' label relating to whether active checks are currently allowed for this Host. This is configured via the 'Actions' tab. For more information, see Section 'Investigate mode: Host ' Actions tab'.
- Passive Checks: An 'Enabled' or 'Disabled' label relating to whether passive checks are currently allowed for this Host. This is configured via the 'Actions' tab. For more information, see Section 'Investigate mode: Host ' Actions tab'.
- Notifications: An 'Enabled' or 'Disabled' label relating to whether Notifications are currently enabled or disabled for this Host. This is configured via the 'Actions' tab. For more information, see Section 'Investigate mode: Host ' Actions tab'.
- Event Handler: An 'Enabled' or 'Disabled' label relating to whether an event handler is currently allowed for this Host. This is configured via the 'Actions' tab. For more information, see Section 'Investigate mode: Host ' Actions tab'.
- Flap Detection: An 'Enabled' or 'Disabled' label relating to whether Flap Detection is currently enabled or disabled on this Host. This is configured via the 'Actions' tab. For more information, see Section 'Investigate mode: Host ' Actions tab'.
When an Acknowledgement has been set on a Host it will be shown next to the Host Status, you can also easily remove this Acknowledgment.
Start by clicking on the menu for the Host or Service Check you wish to remove the acknowledgement from and then selecting Investigate:
Click on the underlined 'Acknowledged' text:
A prompt will appears asking you to confirm that you would like to remove the Acknowledgement, click 'Yes':
You will now see a drop down notification will appear in the top right hand corner of the screen to indicate the Acknowledgement has been removed:
The 'Actions' tab is the second tab within the Investigate mode window:
The Actions tab provides you with the ability to change certain settings relating to the Host such as whether Active Checks are enabled for the Host, or whether Flap Detection is enabled.
There are two boxes below the 'toggle buttons' panel, the first of which allows for the rescheduling of the next check of either the Host, the Service Checks on the Host, or both, at a specific date and time:
The second box allows for the submission of a Passive Check result for the Host Check Command, i.e. change the Host from an 'UP' to a 'DOWN' state with a user defined 'output' and 'performance data' value:
Clicking the 'Reset' button will clear all values entered into the 'Reschedule' and 'Submit Passive Check' boxes. However, any toggle switches are actioned immediately, meaning if 'Accept Passive Checks?' is toggled from 'Enabled' to 'Disabled', the Host no longer accepts passive check results immediately, without the need for the 'Commit' button to be pressed.
Clicking 'Commit' will submit the information from the 'Reschedule' OR 'Submit Passive Check Result' boxes, depending on which one is enabled via the radio button.
The 'Notes' tab is the third tab within the Investigate mode window:
The Notes section for a Host is very similar to the one for Host Groups, in that it allows you to enter text in a WYSIWYG editor which can be seen and edited by other Users of Opsview Monitor (who have permission to view the relevant Host). This is a great way to leave notes about what the Host is i.e. 'This is Tims Tyres router, they are located in London, UK and have an internal subnet of 192.168.1.0/24 with the router's IP being 1.254...'.
The 'Notifications' tab is the fourth tab within the Investigate mode window:
This tab will show all Notifications sent relating to either the Host or one of the Hosts Service Checks.
- Time: The date and time the Notification was sent.
- Service: If relating to a Service Check, the Service Check name will be listed here. This field will be blank if the Notification is sent due to an issue with the Host Check Command.
- Status: The status of the Service Check or Host Check at the point of the Notification; i.e. CRITICAL, DOWN, etc. [Note, the screen above does not show this column, a bug has been raised].
- Users: The number of Users who the specific Notification was sent to. The number is clickable, at which point a new modal window will appear displaying the username, profile name and Notification Methods used to notify the Users. These notification methods are displayed as icons, which have a description in the tooltip when the mouse is hovered over the icon:
- Notification Type: The method used to send the Notification, such as email, SMS, IM, etc
The list of Notifications can be exported by clicking on the 'Export' button, at which point you are prompted to choose one of three export formats: csv, json and xml. When the format is selected, the Notifications list will be generated in the given format and downloaded to your desktop/device via the browser.
The 'History' tab is the fifth tab within the Investigate mode window:
This tab will show the history of the Host and all of its Service Checks within a tabular format. The 'State' and 'Type' columns can be filtered via the columns contextual menu as below:
To filter on the date and time, you can use the filter toolbar at the top of the table:
To apply the entered date and time parameters, you should click on the 'search' icon. To clear the entered results and reset the values in the fields you should click on the 'cross' icon.
If you attempt to filter on a range where the 'Start date' (From) is later than the 'End date' (Until), Opsview Monitor will display the following error:
The history list can be exported by clicking on the 'Export' button, at which point you are prompted to choose one of three export formats: csv, json and xml. When the format is selected, the Notifications list will be generated in the given format and downloaded to your desktop/device via the browser.
The 'Events' tab is the sixth tab within the Investigate mode window, or seventh/last tab if the 'Host Interfaces' section is configured:
Essentially a different way of analyzing the History of a Host and its Service Checks, the Events tab allows Users to choose a date using the date picker on the left hand side, which then re-populates the bar graph with the events (if any) for the chosen date. In the screen above, we have 28 'OK' events and '9' critical' events at 15:00.
By default, the bar graph is displayed 'full tab', with the event checker minimized. The mouse can be hovered over the bars which will reveal the number of events in that given state, i.e. 28 'OK' events in the above example.When one or more bars are clicked, the Event Checker will be populated with the events from the selected bars:
In the above example we have clicked on the three critical events bar, which has loaded the event checker with the three specified critical events. To clear the Event Checker and minimize it we can re-click on the 'three' bar which will deselect it. When the Event Checker is empty it will automatically minimize.
Within the event bar, located in the top right, is a 'downwards' arrow. When moused-over, this arrow will reveal four contextual menu options:
Download as ' allows you download the graph in one of four formats: png, jpg, svg or pdf.
Save data ' allows you to download the data in one of three options: .csv, .xlsx or .json.
Annotate ' When selected, allows you to draw and annotate the bar graph. Once annotated, the bar graph can be downloaded using the 'Download as..' button.
Print ' allows you to print the bar graph as an image.
The 'Host Interfaces' tab is an optional tab and will only appear in the Investigate Mode window for Hosts which have had interfaces configured for monitoring see Configuring a Host: 'SNMP' tab for configuration information).
Host Interfaces provided a single overview of the performance and status of each monitored interface on the specific Host, including the admin status, link status, graph (sparkline graph of the throughput) and the speed of the interface.