• State Verified Answer
  • Locked Locked
  • Replies 6 replies
  • Subscribers 19 subscribers
  • Views 498 views
  • Users 0 members are here
Options
Related
This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

Adv Alert Suppresion

Mike_C

 am looking for a way to supress alerts based on the following (simplified) setup:

Core routers connect to Cloud

Distribution SW  connec t to  Core routers

DMVPN's (distribution routers)  connect to Dist SW

Appro  160 sites connect to DMVPN's

 

Looking for best way to supress based on the following  alerts set up for all individual devices.  If a Dist SW  goes down, do not want alert generated for DMVPN's or the 160 sites as down.    What would be the best way to do this?

  • 0

    There are a couple of methods to accomplish this. One is in the Understanding Orion Advanced Alerts Paper, the other is in NPM content exchange. I have not done the second one but it has great user reviews.

  • 0 in reply to mcbridea

    I havent tried the second method either (I wouldnt be able to... this is just to "manual")... however I never found a solution to this, not in the guide either... i am pretty much guessing that every orion user would use that function.

  • 0 in reply to Questionario

    I have tried looking thru the manual and on posts, but have never discovered a concrete way of doing it, i am supposed to make a presentation on how we are going to do this as upper management wants it.   I have seen how to do 1 layer  of supprsion but nothing on mulitple layers which is what I need.

  • 0

    Well you probably need to start by having a down alert specifically for the DMVPN's and the sites.  You can do this by using a custom property field and noting something specific to them.  I have seen several cases where folks use a custom property field to note the Network Layer or something like that.

    Once you have that setup you can then setup a suppression for that alert where device name is Dist SW and status is equal to down.

    This is one way that I think you can accomplish what you want.

  • 0 in reply to byrona

    That is along the lines I was thinking, perhaps by using a numeric field to depect each layer for main core all the way down to sites.  The most unfortuante thing is there is no way to test as we do not have a matching test environment and I don't think I could convince NetEng team to take down a core device!!  

  • 0

    You can test the SQL by toggling the status condition... its not perfect but then you at least can screen out any obvious typos.

    Using traceroute is something I thought might help but for some reason the IPs returned don't match what I would expect the COREs would be ( I don't understand why this is...).

    The other thing that I've been doing is I leave the original alerts active... as I add my suppression I have it only email me... eventually when an outage occurs... I can validate my suppression. 

    Short of taking a core down.. I can't think of anything else.

SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 195,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.

SolarWinds Customer Success Center Certification Media Vault Link Accounts
About THWACK Blogs For Government Edit Settings Free Tools & Trials
Legal Documents Terms of Use Privacy California Privacy Rights Security Information
©2024 SolarWinds Worldwide, LLC. All Rights Reserved.