Don't have your head in the clouds! Enable AlertStack!

In Ireland, the weather is a common topic of conversation. It is always unpredictable and as such, is a great topic to start a conversation. I have memories of summer days where it was raining in the back garden and dry as a bone on the other side of the house. Changeable is one word for it, and over time I've given up checking the forecast and just go with what I see out the window. 

Despite the unpredictability, there is a forecasting tool found all over the U.K. and Ireland - typically in tourist areas. It’s a phenomenon known on these shores as a weather or forecast stone. Next to this stone is always a legend of sorts to explain what the weather will be, based on the condition of the stone. 

As you can see, it is cutting-edge technology and probably the most accurate real-time weather gauge the world has seen. 

 

So, what is my point? 

Like the weather patterns in Ireland, alerts are also unpredictable and can have a significant impact on our daily lives. Despite their uncertainty, we can still prepare for and adapt to alerts by staying informed and ready to take action. I see noisy alerts like the constant barrage of conflicting weather information – sometimes the best solution is to look through a window.  

To avoid noisy alerts when using SolarWinds® Hybrid Cloud Observability, we designed the solution to support the ability to scale alerts back to better focus on what you need to see through the single-pane-of-glass clarity observability can provide. Then, as you become accustomed to the alerts, you can begin to add more, if necessary. 

By default, Hybrid Cloud Observability ships with several alerts turned on to give users an idea of the power of our alerting but also to help users gain an understanding of outstanding issues in their environments. The alerts also team with our other AIOps smart features. The features include: 

  • PerfStackTm
    PerfStack allows you to drag and drop metrics to visually correlate metrics and events into a single customized view.
  • AppStackTm
    With the AppStack auto-populated application stack dashboard,, you can see the application and all the underlying layers upon which it depends.
  • Dynamic baseline thresholds
    The statistical threshold-based alerting feature dynamically calculates baseline performance.
  • Capacity planning and forecasting
    This feature provides built-in capacity forecast charts and metrics to see usage trends of devices on your network and help you identify when server resources reach warning and critical thresholds.
  • Application discovery and dependency mapping
    The integrated application discovery tools are designed to provide visibility into server activity, allowing you to view what inbound connections are linked to your application and servers. You can also more easily identify the incoming port, service, and server to determine their internal resource consumption.
  • Optimization recommendations
    Built-in, actionable intelligence can make recommendations to optimize your VMware vSphere and Microsoft HyperV environments.

 

You may already have been introduced to anomaly-based alerting in the 2022.4 release of Hybrid Cloud Observability Advanced. It leverages machine learning to deliver anomaly detection. Actually, this isn’t a new functionality - we’ve had machine learning in other offerings, including SolarWinds Database Performance Analyzer (DPA) and Loggly®. 

Now we are implementing a consistent set of capabilities built on the common AIOps platform in the cloud. We have also added new AIOps functionality on-premises for both Hybrid Cloud Observability and module SolarWinds Platform customers called AlertStack. 

AlertStack has been built from the ground-up by our AIOps team. (Any time you see AIIM in the address bar, you are interacting with a function built by our AIOps team!)  

In essence, AlertStack is an alert/event clustering function. If an alert is triggered somewhere in your IT landscape, chances are many more alerts about components related to the original alert will go off as well. The resulting "alert storm" can overwhelm IT operators, obfuscating the true cause of the problem and crippling the team's ability to respond. 

SolarWinds AlertStack can help you by clustering the related alerts and events into a single view, so you can identify possible root cause of the issue and deal with it more efficiently.  

How do I use AlertStack?  

Well, first you must enable it in settings>AlertStack settings. Once it starts running, it listens for active alerts. It takes each alert and uses SolarWinds Platform topological information to understand associated and connected elements. It attaches alerts and SolarWinds Network Configuration Monitor (NCM)/Sever Configuration Monitor (SCM) events to a group built from the initial alert. 

AlertStack then jumps back in time 30 minutes and appends any associated alerts/events it finds to the alert group, or as we call it, alert cluster. The cluster is built to stay open as long as there’s new associated alerts/events being added, or if certain alerts are still active. AlertStack also creates a map with all associated entities in the cluster. 

 

AlertStack has four different cluster states: 

  1. Open - Cluster is currently active 
  2. Suspended - Maps recording will occur once an hour since no changes have occurred after the specified time built-in 
  3. Resolved - Cluster no longer active because the end conditions have been met 
  4. Closed - Manually closed by user 

  

 

AlertStack has a timeline that allows you to go back in time and try to identify the issue at the root cause of the cluster. The color-code of entity/alert reflects actual real value per time interval. In the cluster, there are hyperlinks to the details page for each entity. 

  

To help find important clusters, users have the ability to sort by the below options. The only ones which may not be entirely obvious are “Alert Count” and “Entity Count” - these show clusters with the most alerts and most entities per cluster, respectively. 


AlertStack also provides insights into related and actionable alerts or events over time to present a comprehensive view and help reduce some alert noise. This helps with faster resolution by viewing related alerts/events and enables them to take an informed action. Also helps you identify possible root causes, since you can see historical data and timeline view of the alerts​. 

 

AlertStack ties in nicely with our anomaly-based alerting feature. Anomaly-based alerts can create clusters and be added to clusters. AlertStack is available for no extra cost and both module users and Hybrid Cloud Observability users get the feature. We’re extremely excited about AlertStack and the value we believe it will bring! 

 

Have you used AlertStack yet? Let me know in the comments what you think AlertStack can help you solve in your environment. 

THWACK - Symbolize TM, R, and C