Attachments

doc/4.0.0/Working With Finder/Explore/Using Source View

Contents

  1. Source View Concept
  2. Using the Source View
    1. Source View - Overview Tab
      1. Showing alerts
      2. Changing the view period in the Overview Tab
      3. Drilling Down in the Overview Tab
      4. Contextual Options with the Overview Tab
        1. Exporting the Overview information into a Table
        2. Investigating Errors and Warnings
      5. Service Activity for a Specific Source
      6. Customizing the Overview Tab
    2. Compare with Function
      1. Tagging and the Compare with Function
    3. Source View - Properties Tab
    4. Compare with and Properties Tab

1. Source View Concept

The source view is, as its name indicates, a view dedicated to a particular source. It displays the most important characteristics and several metrics of the said source on a daily basis. The source view is mainly targeted at support teams which can have, at a glance, the necessary information to potentially identify, locate and start to address an issue reported on a computer. The content of the view can be customized via definition of alerts and services to help target specific issues.

2. Using the Source View

To open the source view, you simply right-click on a source (e.g. from an Investigation) and select Display source view (shortcut: double-click on the source).

  • Selecting an Object for Source View

  • Selecting a Source to view its associated records (in this case for the computer 'NXT-L16')

The source view for the selected device is then displayed in a window with key information at the top (Source Name, Last IP address, Last Windows boot, and Last seen) plus two tab views below (Overview and Properties), with the Overview tab initially displayed.

2.1. Source View - Overview Tab

The Overview tab provides at a glance, essential information on the health of the source over the last 3 days (initial view). You can quickly identify if the computer has generated any alerts, experienced any errors, flagged any warnings, had new software installed, had some services experiencing difficulties, etcetera. The view can be refreshed by clicking on the refresh icon at the top right of the frame.

  • Source view of selected object

  • Source View Overview Tab for computer NXT-L16

As can be seen above, the Overview report is divided vertically into categories, with a list of items under each category heading. Each item may have a [+] icon, indicating it can be expanded for more information, an item description, a total count column appropriate to the category and a display along a time axis of category performance. As you hover your mouse pointer in the performance over time field, a marker appears in the time axis at the top of the frame, indicating the time associated with the mouse pointer.

Note: At the bottom of the Overview tab, we show when users were active on a source (obfuscated in the above screenshot). For privacy reasons this features can be disabled in the appliance configuration as described in this FAQ: FAQ/Engine FAQ#How_do_I_anonymize_user_information_in_Engine?

2.1.1. Showing alerts

To see summary information about an alert or alerts at a given time, hover over the alert(s). For additional detail, right click on the alert. This provides you with context menu on which you can click to run an investigation.

  • A right click on an alert provides you with a context menu through which you can run an investigation

  • Show Alert context menu generated by a right click on the alert field. Click on this to run an investigation

For multiple alert, right click on the alert and select the appropriate alert from the context menu.

  • A right click on a multiple alert provides you with a context menu through which you can run an investigation

  • Show Alert context menu generated by a right click on the alert field. Click on the appropriate alert to run an investigation

2.1.2. Changing the view period in the Overview Tab

  • Using the zoom controls to move along time axis

  • Change the view period in the Overview Tab by using the home and zoom in/out controls

The number of days shown in the Overview tab depends on the window sizing and zoom settings and can be toggled between 3 days (initial view) and one week by using the zoom in/out controls. Clicking on the (+) Zooms in (shortcut: Enter) and on (-) Zooms out (shortcut: Backspace). The zoom tools change in lightness to show if they can be used . In the screenshot above, it is only possible to zoom out.

You can zoom-in down to a scale of 2 seconds. First select a region in the timeline before you zoom in. Click and drag your mouse below the time axis anywhere in the overview display to select your area of interest, which is shown by light shading as shown below, then press the Enter key.

  • Selecting a timeframe to zoom into

  • The time between 13.11.2011 00:00 and 13.11.2011 04:00 has been selected, enabling the user to zoom in on this period

As you zoom in, activity counts displayed in light blue circles will resolve into individual activities provided they are not time-coincident.

  • Selecting a timeframe to zoom into

Eventually, activities that extend over a time period will resolve into the normal presentation as shown below.

  • At a high enough zoom, the activity indication changes to the normal representation

To move the source view back and forward by the viewing period, click on the back and forward arrows in the time zone at the top of the Source Overview tab. By this means you can look at the performance of the source anywhere within the entire available period. You can also navigate to a specific date by clicking and dragging in the time scale zone area with your mouse. The mouse cursor changes to a double ended arrow and the dates move backwards and forwards to enable you to stop when you have reached the date of interest. Click on the Home icon at the top right of the Overview frame to return to the initial time.

Tip: By holding down the spacebar before using the mouse, you can drag the timeline while having the mouse positioned at any point in the timeline (i.e. not just on the time axis).

2.1.3. Drilling Down in the Overview Tab

  • Using Tooltips to identify the error cause

  • Hovering over items in the Overview display provides additional detail, in this case the red circle indicates a serious error - an application crash

Hovering over the row item description provides additional information. If the text is light blue, then a tooltip will be displayed, provided one is available. In the activity row associated with an Overview category for a continuous process, the colour and colour's brightness provide a metric of performance over time. Where discrete events are recorded (for example binary installations), the number of events that have occurred in the viewed time period are shown in a circle - again with the circle colour indicating the severity. Hovering over the circle provides a list of events that have occurred in the associated time period. If you require more details or if there are more than can be displayed in the tooltip, double-click on the circle to generate an Investigation.

  • If the tooltip can't provide full information, double click to generate an investigation

  • You are warned if there is more information than can be included in the tooltip

If the tooltip can't list all the events that have happened, a warning is provided at the bottom of the tooltip as shown above. You can always double click on the event and an appropriate investigation is launched providing you with more information. In the above example, 25 new binaries were installed on the source between 10:57:30 and 11:12:59 on the 6th of November, but only 9 of the 16 installations are listed in the tooltip. Double-clicking generates the report below, which provides a full listing of all the executables installed in that period.

  • Use an Investigation to obtain full details

  • Double clicking on an incident report generates an Investigation, providing greater detail plus access to concurrent Network and Local activity reports

2.1.4. Contextual Options with the Overview Tab

2.1.4.1. Exporting the Overview information into a Table

Should you require the information displayed in the Overview tab in a text format, you can export it in a table format for pasting into a text document or spreadsheet, perhaps for use in a report, or for further analysis.

  • Right clicking in a clear area in the Overview reporting area enables you to copy the overview information as a table

  • Exporting the information in the Overview area is possible via a right-click

2.1.4.2. Investigating Errors and Warnings

Source View provides the same investigation support for Errors and Warnings. While hovering over an error or warning provides a summary of the reason for the error or warning, right-clicking enables the user to investigate similar events on the same computer, with the same application(s), within the same domain or other domains, et cetera.

  • Hovering over an error shows that maploader and explorer have both crashed

  • Hovering over an error provides a summary of the error causing applications

  • After Right clicking on an error or warning, the busy icon is displayed for a few seconds, after which a range of context sensitive options are presented to the user to aid in further investigations.

  • Right click on an error and choose from options providing detail on the errors over time or within the domain

  • Right clicking on an error results in the busy icon for a few seconds followed by a context sensitive menu with multiple options

  • After a few seconds, you can drill down to events, look at recent occurrences of the same event, (either on the same computer or in the same domain) and limit your investigation to the same executable(s) or widen it to any executable.
  • The above screenshots show the process for errors. Warnings can be investigated in the same way, as illustrated below.

  • Hovering over a warning shows we have high memory usage and lists 5 applications responsible

  • Hovering over a Warning provides the reason for the warning along with additional details

  • Right click on a warning and chose from options providing detail on the warnings over time or within the domain

  • Right-clicking enables you to find other computers recently experiencing the same problem(s) or recent incidences on the same computer

2.1.5. Service Activity for a Specific Source

By viewing the Mail Clients service, we can see from the red shading that there was a mail delivery performance issue. Hovering over problem area shows that between 13:00 and 14:00, availability was only 71%.

  • Tooltip shows mail client availability was 71% between 13:00 and 14:00

  • Hovering over a problem area provides a tooltip giving further details

Double clicking on the problem area opens an Investigation in Network Activity view.

  • Select Network Connections to see what is happening

  • Investigation into Mail Connectivity issue - Network Investigation showing connections

The Network Investigation opens in the traffic in & out view, which doesn't help us. By switching to the connections (or failed connections) view, we can see in red when the failed connections occurred.

  • Use the options at the top right of the Investigation Network view

  • Investigation into Mail Connectivity issue - Network View options

Using the icons at the top right of the Investigations Network View, you can move the timeframe, save, edit or refresh the investigation (top row) and zoom in/out or switch to a full screen view (bottom row).

  • List events to identify cause of poor performance

  • Investigation into Mail Connectivity issue - List View (partially displayed)

Switching to the List view shows that at 13:06:41, 6 attempts to connect to the host were unsuccessful.

2.1.6. Customizing the Overview Tab

The Overview tab contents are customizable elsewhere in Finder by creating Alerts and Services that will be displayed when relevant. Note that Alerts and Services are only displayed if they are relevant to the selected source.

2.2. Compare with Function

Above the top right of both the Overview and Properties Tab, there is a dynamic comparison feature which enables you to compare the performance of your selected computer against others, thus assisting with the diagnostic process.

  • Available Compare with options vary depending on context and are selectable

  • Compare with function located above Overview and Properties tabs

The Compare with options vary depending on the context and available categories and are selectable to further filter and compare the attributes and performance of a computer against others in the fleet.

  • Categories shown at bottom left of Properties tab

  • The categories visible at the bottom left of the Properties tab dictate the options available to the Compare with function

Comparison groups are defined by categories which are extended by tagging. In the above screenshot, we see that available categories for comparison by the "sources with category" field are OS, RAM, Domain, Non standard OS version and Locations. By changing from "sources with category" Domains to "sources with category" OS, and if we retain the "any keyword", we are given the option of selecting from the range of Operating Systems in the computer fleet.

  • You can compare a computer with those in different categories, in this case different Operating Systems

  • Changing the Compare with function to compare with different Operating Systems

If you change "any keyword" to the alternative "and same keyword", you are limited to the same category as your current computer.

  • And keyword vs same keyword options

  • Compare with - same keyword vs and keyword

By changing the and same keyword phrase in the above Compare with option to and keyword, we are given the option of reducing the scope of our investigation into a range of sub-groups, which includes those created by tagging. In this instance, we have divided our computer fleet into location groupings. This enables us to compare the level or warning or error incidences at Lausanne with those at Zurich.

  • By changing to "and keyword" we can now look at Zurich

  • Changing the Compare with options from "and same keyword" to "and keyword" enables you to widen your investigation - for example compare performance at different sites

  • We can now look at warnings in Zurich

  • We can now look at similar events in another domain

2.2.1. Tagging and the Compare with Function

Creating custom groups by tagging objects (see doc/4.0.0/WorkingWithFinder/Organize/Categories/TaggingObjects) extends the available categories for investigation. For example, tagging enables you to divide your computer fleet into departments, locations or other smaller logical groupings, thus providing you with additional groups which you can access for investigation by changing the Compare with options.

2.3. Source View - Properties Tab

Clicking on the Properties tab provides a summary of hardware and other useful information for the selected computer.

  • Source View Properties Tab view

  • Source View Properties Tab for NXT-L16

  • Clicking on a plot icon will generate a comparative plot of sources, highlighting the bars in light yellow which include your source

  • Generating a Comparative Inventory Plot

You can toggle between the Properties and Comparative Inventory Plot views by clicking on the plot icon, or close the plot view by clicking on the close (x) icon in the top right of the frame. Double-click on the bar to to show the detailed list of sources belonging in that category. The comparison group is defined by the controls at the top right of the source view header.

  • Double clicking on a bar from the Pareto plot will return a list of sources that are included in that bar count

  • Generating an Investigation from the Pareto plot of Hardware Model - Computer model yellow bar

Double clicking on a bar from the Pareto plot will run an Investigation and return a list of sources that are included in that bar count along with their properties. By this means you can find similar machines, or machines that are similar except for one parameter, e.g. RAM or Operating System, to help with your diagnosis. The above listing was generated by clicking on the yellow plot for computer models 27658JG. From it you've discovered that while all 3 laptops are running Windows 7, they all differ in OS version or Service Pack level. Perhaps the reported fault coincided with the upgrade to SP1? You might want to go back to the Overview tab and check the new binary item under the Activity category to see when Service Pack 1 was installed and whether the reported problem only occurred after that date.

Close the investigation to return to the Properties view, from which you can run further Investigations.

2.4. Compare with and Properties Tab

The population of computers used to generate the plots shown on the Properties tab is controlled by the Compare with filtering. In the screenshot below, because we have Compare with "all sources" the entire population is plotted. The comparison computer, NXT-L15 is included in the 8GB RAM group as indicated by the yellow colouring of this bar.

  • Bar graph plot of RAM for computers by category groups

  • Source View with all sources included - per the Compare with settings

If we change the Compare with category to "sources with category" RAM and use the "and same keyword" setting, the plots only include RAM that falls in the same category as the reference computer, in this case, over 3GB. We are shown a reduced subset of computers, with the category our computer falls into highlighted in yellow as usual.

  • Bar graph plot of computers with RAM >3GB

  • Source View of Sources with RAM in same category as our reference computer

Any changes to the Compare with filters result in the plots being immediately regenerated in accordance with the new selection criteria. If we change the "and same keyword" to "and keyword" and select, in this case, (up to 1GB) from the available categories, we get the result shown below. NOTE that this selection excludes our reference computer, which has 8GB RAM, but it is still shown in the plot in the yellow bar, but this time with a count of 1.

  • Bar graph plot of computers with up to 1GB RAM

  • Source View Sources with Category RAM and keyword up to 1GB, showing our computer (in yellow) outside of plot range

last modified 2012-02-06 13:26:04