• State Verified Answer
  • Locked Locked
  • Replies 4 replies
  • Subscribers 19 subscribers
  • Views 477 views
  • Users 0 members are here
Options
Related
This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

Question about advanced alerting

swannke

Below is the format for the alert in question:

Trigger Alert when all of the following apply

Node Status is equal to Down

Trigger Alert when any of the following apply:

Machine Type is equal to Cisco 2811

Machine Type is equal to Cisco 3825 

Machine Type is equal to ..................

 

In the trigger actions, I have it set to not only send an email but also open a ticket within our internal ticketing system when the condition exists.

the problem lies where we have some devices that keep flapping, that open multiple tickets a day.  What sort of trigger condition can I add that says if these specifc devices(device name, maybe?) go down, still send an email alert, but don't open a ticket.

I added those devices to the suppression tab but that didn't work 'cause now none of the devices on the main trigger condition work.

any ideas?

-Kevin

  • 0

    For this all you need is two separate alerts.  One alert that covers all of your devices except for the problematic devices and a 2nd alert that is specifically for the problematic devices.

    To exclude the devices in your first alert put in a set of conditions that look like the following...

    Trigger Alert when any of the following apply:

    Node Name is not equal to <problem device 1>

    Node Name is not equal to <problem device 2>

    Node Name is not equal to <problem device #>

     

    And for the 2nd alert do the same thing noted above but change the logic to be "Node Name is equal to".

    Hope this helps!

  • 0

    There's probably a better way to do this than what I'm about to suggest.  But if you had some number of devices, say 20, that are the flapping hosts you could create a custom property and fill it with a value to indicate flapping and leave it blank for the rest.  In your alerts setup, you could then include consideration for the flapping host on whether or not to process it like your regular alerts.

  • 0 in reply to MNPS_G


    There's probably a better way to do this than what I'm about to suggest.  But if you had some number of devices, say 20, that are the flapping hosts you could create a custom property and fill it with a value to indicate flapping and leave it blank for the rest.  In your alerts setup, you could then include consideration for the flapping host on whether or not to process it like your regular alerts.



    Yeah, I completely agree with this.  If you have more than just a few flapping devices or anticipate having more in the future, use custom properties to flag that and then use those in the alert to separate out those nodes.

  • 0 in reply to byrona

    Thanks for the advice guys.  I will work on this with the information given and see how it works out.

     

    -Kevin

SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 195,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.

SolarWinds Customer Success Center Certification Media Vault Link Accounts
About THWACK Blogs For Government Edit Settings Free Tools & Trials
Legal Documents Terms of Use Privacy California Privacy Rights Security Information
©2024 SolarWinds Worldwide, LLC. All Rights Reserved.