Using Unified Search

In BigPanda, you can use unified search to investigate current and historical incidents across all of your integrated monitoring systems, which can help you find, solve, and prevent problems. Enter a keyword search or query, and apply filter criteria to narrow results. BigPanda finds all incidents with alerts that match your search criteria.

Prerequisites

Using Unified Search

  1. At the top of the screen, click the Search tab.
  2. Enter a keyword search (term or exact phrase in quotes) or a query in BigPanda Query Language (BPQL).
    Both keyword search and BPQL support regular expressions.
  3. Select the filter criteria or leave the default settings.
  4. Click the search icon or press Enter.
    The results page shows the total number of matching incidents and lists up to the first 10 matches.
  5. (Optional) Scroll down to view more results.

👍

Tag Names In Different Monitoring Systems

If you don't see the results you were expecting, try adding OR conditions in your BPQL query to include similar values that may have different tag names in different monitoring systems (ie: host in Nagios and object in SolarWinds).

Filtering Search Results

You can apply any of these filter criteria to narrow the results of your searches:

  • Select the Environment.
  • Select the source.
    You can include all results from a source type (such as Nagios or New Relic). Or, you can include results only from a specific instance of the source type (for example, Nagios-US-EAST1).
  • Select a timeframe, or select Pick Date Range to enter specific dates and times.
    The results will include all incidents that were active at any point during the specified time frame (that is, started before the end time and ended before the start time).

📘

Default Filter Criteria

By default, search results display incidents in All Environments, from All Sources, that were active during the Last 7 Days. If you selected custom criteria, you can click Reset Filters to return to the default filter criteria.

Sorting Search Results

You can change the sort order so that the results you want to see most are listed first. By default, incidents are listed in order by when they were last changed, with the most recently changed incident on top.

  1. On the top right of the results, click the Sort menu.
  2. Select the desired sort option:
  • Last Changed - Time of the last change to the incident
  • Status - Current status of the incident (Critical, Warning, Resolved or Acknowledged)
  • Created - The time the first alert in the incident was received
  • No. of Alerts - Number of active alerts in the incident(s)

For more information about the sort options, see Sorting Incidents.

Reviewing Search Results

The search results show basic information about incidents with matching alerts, including:

  • Incident title and subtitle.
  • Number of active alerts.
  • Source system.
  • Current status.
  • List of the alerts that the incident contains, along with a timeline of status changes for each alert.
  • Number of shares per incident.
  • Number of comments per incident.

👍

When searching for specific comments, the search results show all the information for each associated incident, not just the relevant comment. Click on the incident’s Comments icon to view the comments containing your search term(s).

Using the Timeline

The timeline shows the time frame for the filter criteria, highlighted in blue. It also shows the time when the first alert was received (incident start time) and the time when the incident was resolved (incident end time) or the current time if the incident is still active.

  • To see the complete details for an alert at any point in its life cycle, click a dot on the timeline. Then, click the arrows to step through the details of every status change for the alert.
  • To collapse the list of alerts and the timeline, click the arrow beside the row.

Viewing Incident Shares and Comments

The search results show the number of existing shares and comments for each matching incident.

Click the Share icon to:

  • View how and when the incident was shared.
  • View who shared the incident.

Click the Comments icon to:

  • View who has commented and what has been said.
  • Add comments to the incident.