Minh Doan
Currently, when we export events under the Reports tab, we have data in columns Event Start Time / Relevance Engine / Form / Incident Identifier / Event Identifier / Sender / Delivery Status. These exported data is not meaningful enough to tell who did what and when. At the very least, we want to see the following data in the export:
1) WHO: all responses, when? and by whom?
2) WHAT: the actual event Message.
2) WHEN: Event Start Time already available, need to time stamp any responses.
0
Comments
Please sign in to leave a comment.
Hey Minh!
Well, you are in luck. We put together a notifications2csv a while back to do just this kind of thing. It leverages the Integration Agent as a place to run some javascript. As it is, these are the columns returned:
// The list of headers and where to find the corresponding
// value in the notification object. The value portion is
// passed to javascript's eval function, so any valid
// js is allowed.
var COLUMNS = {
"Identifier": "notification.identifier",
"First Name": "notification.user.firstName",
"Last Name": "notification.user.lastName",
"Target Name": "notification.user.targetName",
"Incident": "notification.incident",
"Device Name": "notification.deviceName",
"Event": "notification.event",
"Domain": "notification.domain",
"Created": "notification.created",
"Delivered": "notification.delivered",
"Responded": "notification.responded",
"Response": "notification.response",
"Sender": "notification.sender",
"Device Type": "notification.deviceType",
"Protocol": "notification.protocol",
"Protocol Provider": "notification.protocolProvider",
"Subscription": "notification.subscription",
"Subscription Name": "notification.subscriptionName"
};
These columns can be removed or moved around as needed. They come from the GET notifications api
Give that a shot and let us know if it works for you!
Happy Tuesday!
--- Travis
Minh,
Do really want to see all of that information across every event? Or are you looking to see it for a specific event?
For specific events you should look at "drilling through" on the Tracking Report to see the status of the users and their responses. Simply click on the All Users status box to drill through, and then export. You will see the status for all of the users with date and time information for delivery and responses. There is also a header record showing the initiator and date time.
If you want to see the date for every notification your best option is to use the Notifications Report. Set an appropriate date range, then drill through on All Users status box and you will see the delivery and response date and times for all notifications in the selected time period. Travis program below does the same thing programmatically.
Thanks Travis and Doug!!
We recently added the Message tab to the Events Report; this is the WHAT that we're looking for. It would be helpful to include another column in the export for this Message. Our on-call team leaders actually asked for reports per Group Recipients (not just individual User Recipients). It would be beneficial to include similar search filter for Notifications as we already have under Events, or simply include Recipient Group Name in the export.
Happy New Year!
Is there any chance that the event Message will be included in the Reports > Events > Options > Export? We have a huge need now for each and every on call group to export their events history for analysis, before integrating some events with Incident management system. It's simply not feasible to drilling through each event for the Message.
Ideally, we still would like to see this Events export to include the 'who did what and when' data, but what we need right now is the WHAT, which is the actual event Message.
Thanks in advance for your consideration!
Minh
Minh, so what all are you looking for in the export and at what level? Walk me through the process you are thinking. Are you thinking a user would log in once each month, run a search in the Reports tab, export all the events? What exactly do you want in that export?
Any interest in doing this via the various APIs? Or are you looking at a purely manual process?
A user would log in once a month or so, run a search in the Reports tab for a given group / oncall schedule, and export all filtered events for that group. I've sent to our CSM Pamela Schmitz a couple screenshots to clarify this request.
Hi Travis
Are such APIs available ? I came across QueryEventAuditTrail during my search.
We are looking into automatically retrieving Event Logs from xMatters into some kind of extract to be subsequently used for custom reporting.
Does Notifications2csv needs to be integrated with those APIs ?
Hi Rahul, By QueryEventAuditTrail I'm assuming you mean the SOAP web service. If this gets you what you need, then I say go for it, but I would encourage checking out the XM API call audits. Right now it only supports comments and responses, but we are looking for other things to add.
So, the question is, what data exactly are you trying to get? You mention the Event Logs, but specifically what info? Is response and comment enough, or do you also need who was notified when on what device? What other data do you need?
Notifications2csv hasn't been updated in a long time. We are rolling out a new agent, so we'll likely wait until we get inbound support for that, then we can see about updating it, if the community feels like it is useful.
Happy Friday!
Hi Travis ! Thanks for analyzing this.
Data Required for Extraction:
1. Incident IDs.
2. We have integration with BMC Remedy so it's possible the remedy incident ids are mentioned in the Event Subject instead of the Incident ID field of some events.
3. Group or Individuals (ids etc.) who where notified as part of the event/incident.
4. Date Timestamp when a notification was sent to the group(s) or person(s).
5. Date Timestamp when their response was received/logged.
All this information is available in Events log.
Hey Rahul,
Sorry for the delayed response. I think your best bet for this is with the GET /events API calls. Using the `?embed=properties,recipients&targeted=true` will get you the event properties and recipients (who was notified) as well as the targeted recipients (who was targeted).
Here's the doc with more detail. http://help.xmatters.com/xmAPI/#get-an-event
Oh, you might need to tie this with the GET /audits to get the when response was received/logged.
Doc here: http://help.xmatters.com/xmAPI/#audits
Let me know if that works for you!
Happy Tuesday!
Hello Travis
I found another of your creations "xMatters Actionable Alerts for Splunk" App.
In this conversation I was asking about APIs etc. in order to log xMatters data (Event Audit Logs, refer my note dated 11 Aug, 15:45) into Splunk. Our business users would use Splunk for strategic reporting.
Do you think this Splunk integration would help my cause.
Thanks for all the help !
Hi Rahul!
Ah interesting use case. We've kicked that idea around a bit, but haven't done any work for it. The app as it is won't get what you need, but if you know some javascript it would be relatively straightforward to do:
I think either using the HEC or a log file would work, although using a log file might give you more flexibility on how the data looks in Splunk... I think.
Which do you think most Splunk users would prefer? HEC or a log?