High level overview
Introduction
This document provides comprehensive information about the introduction and concepts around the Nexthink Event Connector, its high-level architecture and use cases.
The information contained herein is subject to change without notice and is not warranted to be error-free.
If you find any errors, please report them to us via the Nexthink support portal. This document is intended for readers with a detailed understanding of Nexthink technology.
This software and related documentation are provided under a license agreement containing restrictions on use and disclosure and are protected by intellectual property laws. Except as expressly permitted in your license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license, transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means. Reverse engineering, disassembly, or decompilation of this software, unless required by law for interoperability, is prohibited.
Nexthink Event Connector
Concepts and Architecture
The purpose of the Nexthink Event Connector is to transform Nexthink data into meaningful events that will then be populated and utilized in a third-party application like ServiceNow, Splunk or Azure Data Lake Storage Gen2.
Integration with Splunk
Splunk allows digestion of high-frequency events with a high level of granularity, giving it the ability to populate many events in a short amount of time. The data is then visualized and correlated with other sources via dashboards.
Below is an example of a dashboard in Splunk that has been populated with events from Nexthink Data.
Integration with ServiceNow
The integration with ServiceNow is intended to send only those meaningful events that will require an action from the Service Desk, usually via the automatic creation of an Alert that will be transformed into an Incident or to a Problem, based on certain ServiceNow rules.
Below is an example of events received by ServiceNow from Nexthink.
Integration with Azure Data Lake Storage Gen2
The integration with Azure Data Lake Storage Gen2 is intended to export the configured Event Connector events to the Azure Data Lake as CSV files that can be consumed from external sources (for example, Microsoft Power BI).
Below is an example of events received by Azure Data Lake from Nexthink.
Concepts
Event: A predefined and meaningful occurrence or change of state in a device or user which is configured in the Event Connector to be reported in a third-party application with a certain frequency. Events are recorded by the Nexthink Engines and exported by the Event Connector using Web API queries. These events are then mapped and exported to the third-party APIs.
Event Management: The process responsible for managing events throughout their lifecycle. Event management is one of the main activities of IT operations. It is a way to consolidate all events/alerts from disparate monitoring systems in one place to give you more information while reducing noise for your teams. Not all events should become an alert and not all alerts should become incidents.
Incident: An unplanned interruption to an IT service or reduction in the quality of an IT service. Failure of a configuration item that has not yet affected service is also an incident.
Mapping: This is a configuration section in the Event Connector where the name of the fields in the NQXL data model is translated into the names in the third party API, either Splunk HTTP Event Collector or ServiceNow Event Management API.
Frequency: The
frequency
is the time window in which the times of an event will be checked. It always falls behind the Connector’s execution time. The Engine takes several minutes to update its data, which is the reason behind thedelay
type of time. Thefrequency
will always fall behind thedelay
so that the next Connector’s execution can grab an event time that would otherwise be missed.
General architecture
The Event Connector is an extra component of the Nexthink core product with the goal of adding Nexthink intelligence into ServiceNow or Splunk instances.
Please note that running the Event Coordinator in a separate appliance rather than in the Nexthink Portal or Engines is recommended.
Event modes
Punctual: This is a one-time event, for example, an Outlook crash.
Listing: This type of event is intended to list any type of object (devices, connections, events, etc.). Its main purpose is reporting/inventory– it is the most common event used in Splunk.
Listing advanced: This is very similar to the Listing event, but intended to list all events. As there are several updates for the given event, more processing is required.
Long-lasting (Splunk only): this is a durable event, one that lasts through a given period of time. The connector will report a start
event and subsequent updates, for example, a situation in which a device is experimenting with high memory consumption. Multiple updates for a given event may slow down performance.
Event types
Device Errors
These are errors that directly impact the device’s hardware or OS which requires quick IT attention. Often critical, these errors prevent the user from working properly.
Examples:
System Crash (BSOD, Blue Screen of the Death)
Hard reset
SMART disk failure
Long Log-on times
Device boot
Execution Errors
These are errors where application and productivity tools crash or are non-responsive. They tend to create significant employee frustrations and can be business-critical.
Frozen applications, such as Office 365 being non-responsive
Crashes, such as an Outlook crash
Long-lasting executions
Device Warnings
These are warnings about the state of the device and activities that can lead to future issues. They are early symptoms of issues that will soon impact employees.
High CPU usage
High memory usage
High IO usage
High number of page faults
Software metering
This is Real-time monitoring of either all or selected applications running on the computers.
Software installation
Software uninstallation
Connections monitoring
Failed connections such as Teams not connecting
Established connections
Failed web requests, such as a web browser not loading
Established web requests
Port scan
Use cases
Business Services real-time status: One place for all the information needed to proactively monitor your business services.
Compliance: Ensures your endpoints respect IT standards and best practices are followed to minimize risk to your infrastructure.
Event Management and Incident Management: Events get reported, and rule configuration in ServiceNow enables the creation of incidents and problems.
Change management: Offers a more accurate impact analysis utilizing actual service usage information which will allow you to plan better and follow up on changes.
Limitations
The Event Connector can be installed to populate ServiceNow, Splunk services or Azure Data Lake Storage Gen2, although not all simultaneously. Three installations are required if all are desired.
Support
Nexthink provides support for the application following the terms and conditions of the Support and Maintenance Agreement applicable between the customer and Nexthink. If you have any questions, please contact us via the Nexthink support portal.
Last updated