Exploring Data

Last updated on 30 January, 2023

How you work with Dexda depends on how your system integration is configured. The process can be automated so that insights are created based on alert correlation and grouping. After a certain time, an incident will automatically be created in ServiceNow. You can also manually handle the incident creation from Dexda. Regardless of the workflow, Dexda provides multiple options to help you investigate incidents. See Using Dashboards.

The Explore page provides a free form of exploration when investigating details about issues. Using the options in the Explore page you can drill down into insights, alerts, and events. You can apply filters to queries, investigate details for each issue, and decide upon an action if needed.

Working with the Explore Page

Select the Explore option in the navigation bar to open the Explore page.

The upper part displays a graph showing the distribution of the all record types across a time range. By default data analyses of the previous 24 hours of data are displayed. The lower part is a result panel displaying the top 200 results matching a search query.

Query results are displayed by record type:

  • Insights shows actionable alerts created from machine learning processing of events.
  • Alerts are actionable alerts created by processing of events using rules.
  • Events are data received through collection from event sources such as monitoring tools.

For more information, see Record Types.

Changing the Time Range

Use the following options to change the time range filtering:

  • Select and drag in the graph to change the time range.
  • Select the calendar icon in top right to set a predefined time range.
  • Select the calendar icon and then Custom, and use the From/To date pickers to define a time range.
  • Select Last 24 hours to restore the default time range.

Creating a Query Using Filters

Filters are useful to narrow the number of items displayed when investigating an issue. To narrow a search, start by adding a filter in the top level search bar. If needed, continue by filtering items in the table lists.

Top level filtering

  1. Select the record type – InsightsAlertsEvents, default is insights.
  2. Select Add filter at the top to display a set of predefined filtering options.
  3. Select the desired field, operator, and value. The filter is automatically pinned to the top.
  4. Continue to drill down into the data by selecting more options from Add filter. The pinned filter is automatically built out with the added criteria.
  5. If needed, continue by filtering items in the table list.

Note: Queries are built up in the URL bar of the browser. You can copy this URL to store or share the query.

Filtering in table lists

  1. Right-click on an item in a list and select Add Filter. This adds a filter based on the column value for the selected item in the list.
  2. Created filters are pinned to the top where you can edit or remove them.
  3. Continue to drill down into the data by selecting more options from Add filter. The pinned filter is automatically built out with the added criteria.

More Options

The following describes some additional options when investigating issues.

Sorting a table list

  • Select a column header to sort the data in ascending or descending order.
  • To sort multiple columns, hold down the cmd button and select the desired column headers. Select the column headers again to remove the sorting.

Configuring column display

  • Select Columns to the right of the panel to select fields to add or remove columns for, and to change their display order.
  • You can also change the column display order by dragging and dropping columns into the preferred order.

Working with Details Pages

From these you can drill into details for an issue to help you identify causes and decide on actions if any. Depending on the type of record – insight, alert, or event, you will see different types of information. For example error descriptions, time ranges and durations, related alerts an events, originating monitored sources, and correlation model used for insights.

Accessing Details Pages

Select a row in a table list and select Details to open the Details page for a selected item. Alternatively, open the More options menu at the end of an item line, and select Details.

Note: The Details (Insight, Alert, Event) page opens in a new window with a specific URL that you can share with colleagues when collaborating to solve issues.

Exploring Insight Details

Insights are actionable alerts created from machine learning processing of events, and alerts grouped through correlation models. The Insight Details page provides an overview of information specific for a selected insight.

The following describes some of the available information when investigating an insight.

Overview
The upper panel displays a timeline where alerts associated with the item is layed out sequentially as they occur. The graph area displays the sources from where associated events occurred, and Causal CI associated with the selected insight. Hover over it or select the menu to see more details for the CI.

Information
This tab provides an overview of details associated with the insight, in table format. Useful for example to copy details from.

Alerts and Events
The lower panel displays alerts and events related to the investigated insight. From here you can sort data, add filters, inspect details, and perform actions in the same way as described earlier when working with the Explore page.

Links
Links in the left panel provides a URL to the details view for the selected insight, for sharing and storing the insight details.

Tags
Tags are derived from the correlation model, which summarizes associated item descriptions and picks out relevant keywords. See About Correlation Models.

Duration
The time range during which the first and last alerts associated with the selected insight, were observed.

Alert Count
The number of correlated alerts associated with the selected insight.

Tenant
The tenants that are associated with the selected insight. Used with multi-tenant scenarios, see About Correlation Models.

Correlation
The correlation(s) associated with the insight. From here you can select View Model to access the Create Correlation Page for the specific correlation model used. This is useful to understand how the insight was created, and to adjust the correlation model if needed. See About Correlation Models.

Exploring Alert Details

On the Alert Details page you can investigate details about a selected alert. Right-click on an alert in the list on the Explore page and select Details to open the Alert Details page.

Available options when investigating an alert:

  • The right panel displays insights and events associated with the alert. Right-click an item in the list to explore its details and act on it.
  • The Information tab provides an overview of details associated with the alert, in table format. Useful for example to copy details from.
  • CI is the Configuration Item (CI) associated with the selected alert.
  • Object shows the …??
  • Name is the name for the …??
  • Description provides information about the …??

Exploring Event Details

On the Event Details page you can investigate details about a selected event. Right-click on an event in the list on the Explore page and select Details to open the Event Details page.

Available options when investigating an event:

  • The right panel displays insights and alerts associated with the event. Right-click an item in the list to explore its details and act on it.
  • The Information tab provides an overview of details associated with the event, in table format. Useful for example to copy details from..
  • CI is the Configuration Item (CI) associated with the selected event.
  • Object shows the …??
  • Name is the name for the …??
  • Description provides information about the …??

Acting on Issues

You can select Actions from the options menu at the top left corner to manually act on an issue from a Details page. You can for example create an incident, assign it to yourself, or close it. For more information on incident management workflows, see Using Dashboards.

In This Article