• State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 38 subscribers
  • Views 1269 views
  • Users 0 members are here
Options
Related
This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

Using IP address as a condition in an alert

bthornto

Hey all-

We've added some devices on the other side of the world that are always triggering our 'response time' alert.  My approach was to creat to alerts, one for APAC and one for EMEA and NA.

I tried to use the IP address of the node as a qualifier for APAC:

'when all of the following are true'

IP address begins with 10.50

IP address begins with 10.51

and for the other alert

'when none of the following are true'

IP address begins with 10.50

IP address begins with 10.51

 

The conditions don't seem to make a difference and I'm still getting the lower response time alerts for devices in the 10.50 and 10.51 range.

Could someone let me know how to properly qualify an IP address, or better yet a CIDR network?

tia- Brad

Parents
  • 0

    Dear bthornto,

    The conditions should be make a big difference in my point of view.

    The first condition, when ALL of the following are true, supposed IP address for a node is unique, so for this point of view, the first alert cannot find any node that are both begins with 10.50 AND 10.51.

    In second condition, when NONE of the following are true, it should be some nodes that are not begins with 10.50 and are not begins with 10.51, say 10.52.

    But I have no idea on the problem of lower response time, just share the view for the conditions, you may just ignore it if my logic or understanding is incorrect.

    Thanks.

    Best regards,
    Jason

Reply
  • 0

    Dear bthornto,

    The conditions should be make a big difference in my point of view.

    The first condition, when ALL of the following are true, supposed IP address for a node is unique, so for this point of view, the first alert cannot find any node that are both begins with 10.50 AND 10.51.

    In second condition, when NONE of the following are true, it should be some nodes that are not begins with 10.50 and are not begins with 10.51, say 10.52.

    But I have no idea on the problem of lower response time, just share the view for the conditions, you may just ignore it if my logic or understanding is incorrect.

    Thanks.

    Best regards,
    Jason

Children
  • 0 in reply to jasonyau

    Right-  The first condition should have been an 'any' of the following are true.

    I had it set up like this and got 161 emails about APAC.  We've since prefaced the SNMP location for devices in APAC with there country code so I'll test a filter on a 'begins with XX'

    I am curious why the IP address condition doesn't work though, I looked at the actual SQL query in the alert definitions and it seems like the syntax is correct.

    Should the IP address be used as a suppression rule?  I had it as a qualifier in the trigger action.

SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 195,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.

SolarWinds Customer Success Center Certification Media Vault Link Accounts
About THWACK Blogs For Government Edit Settings Free Tools & Trials
Legal Documents Terms of Use Privacy California Privacy Rights Security Information
©2024 SolarWinds Worldwide, LLC. All Rights Reserved.