This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

alert that will be triggered by a node status

Hello;

I have all my alerts quite set, but sometimes there duplicate alerts and thats a pain for people on-call....

Now, how I can make like a audit-check which alerts will be triggered if a node is down, for example.....I am looking for a list of alerts - that way I can simplify/modify....

Thank you

J.

  • FormerMember
    0 FormerMember

    A great way to avoid those duplicates is to ensure that any alerts setup, that may be triggered is the node is down, have a trigger condition that includes "Node is not equal Down".  See screenshot below:2014-04-24_1514.png

  • Lets assume that you have several alerts because the person before you didn't know what he was doing :-)

    What then? Start from scratch? Go one by one and check them?

    Thank you

    J.

  • From what I understand from the above description you would like to see which alert got triggered (something like audit log), follow the below steps:

    1. Get onto Advanced Alert Manager

    2. Select the Alert -> Click on Edit

    3. Under Trigger Actions of the Alert, click on "Add New Action"

    4. Select on "Log the Alert to NetPerfmon Event Log" and Click on ok

    5. Add this line - Alertname is ${AlertName} under NPM Event Log - Message to send to Network Performance Monitor Event Log. Click on OK

    Note: ${AlertName} would display the alert that was fired, in addition to this you can as well add other variables like ${node.Caption} or ${NodeName}

    When an alert is fired you would able to capture these details under Home -> Event Summary (you can use this information as audit logs)

    Sorry some issue with the attachment, couldn't attach the screenshot - you will have to go with the steps mentioned by me

  • FormerMember
    0 FormerMember in reply to julionavarro1414

    I wouldn't start from scratch necessarily, unless they were setup poorly.  I would probably just add the Node is not down condition to avoid noise.  If you have Email/Text alerts setup, a good way to test your results is copy the alert and remove the trigger actions before enabling it, then you can make your changes and see what alerts get generated.  Once you do a few, you'll start to know exactly how you'll impact the condition results.

  • Couple of Options:

    You can run a SQL report on your Alerts and then audit them (requires SQL knowledge to interpret the results)

    SELECT

      AlertName

      ,AlertDescription

      ,ObjectType

      ,TriggerQuery

      ,CASE WHEN ResetQueryDesign = 'Simple' THEN 'RESET WHEN TRIGGER CONDITIONS NO LONGER EXIST'

      WHEN ResetQuery = '' THEN 'NO RESET FOR TRIGGER EXISTS'

      ELSE ResetQuery END AS ResetQuery

    FROM AlertDefinitions

    WHERE Enabled = 1

    Otherwise, I would start with the idea that Vinay BY mentioned and look at your Alert Log through the website. You can filter your results to both alert triggers and alert resets.

    One thing I have seen a lot of times: clients have an email action for both the alert trigger and reset. However they leave the subject line for both emails the same. It's very possible to have flawed alert logic that will cause either false positives, or false resets; both of which would result in 2 emails spaced about 1-2 minutes apart for every alert.

    To work around this, I would highly recommend that you mark your email subject lines with 'Alert Triggered:______' and 'Alert Reset:_______' just to save some headaches down the road.

    Ultimately, the answer to your question is up to you. You could take the time to audit each alert, or you could disable them all and build from scratch. Each would take about the same amount of work to be honest. I would caution that, either way, you should get the foundation logic in place for accurate alerting before spending too much time "running in circles" so to speak.

    Perhaps you could post some screenshots of the alerts that you are having problems with to see if there is an easy fix that someone could identify for you? Alert Triggers and Reset Triggers please. emoticons_happy.png

    -ZackM

    Loop1 Systems: SolarWinds Training and Professional Services