Alert Dependencies?

I want to try an minimise the number of alerts in our environment, currently we have alerts for the nodes and alerts for the groups, such that if all nodes in the group are down then the group alerts also (think all switches at a site are down, so get an extra alert saying the site is down)

what I would like to happen is that when the group alert fires, the node alerts are hidden, does that make sense?

  • You could create a custom SWQL/SQL statement to achieve this, but first I would suggest reviewing the fundamental function here.

    I advise our customers to use Group alert function for scenarios that are best managed by the status value you can craft in the Group definition e.g. Site down type alert. Then combining this with the use of Dependencies to control the volume of alerts generated. Extending this example:

    1. The 2 WAN tier routers both go offline = 2 Node Down Alerts

    2. The WAN Group for the site these 2 devices below is now in a Down status = 1 Group down alert

    3. All devices at that site in the LAN Group have a dependency on the WAN Group 'parent' nd therefore do not generate any alert output

  • Thats it!

    I knew there would be a way!

  • We have created a group which has all categories of devices (network, server etc.) in the DMZ segment. Status rollup mode is set to 'Show worst status', so even if a single node is down, group status is down. Now this generates one alert for the group and another for the actual 'node down'. I've tried to create a dependency in the past but that did not work, simply because the nodes I choose are part of the group. Is there any way only one alert can be generated - either node down or group down alert? Appreciate your inputs, thank you.