cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post
Level 9

Creating Custom Alert

Jump to solution

I am attempting to create a custom alert for 7 specific objects.  In the beginning of the process, the 7 objects are present in the "show list" scope.  However, when I get to the final summary it shows:

"This alert would be immediately triggered on 55 object(s) in alert scope... If this behavior is not expected, try to  adjust the trigger condition."

I have have tried repeatedly to adjust the trigger condition to no avail.  How can I get the alert to trigger on the 7 objects specifically?

0 Kudos
1 Solution
Level 12

@dbradley1 When you had the OR you were saying "trigger an alert when Node Prison_Facility is equal to WDC *OR* when a node is down" (all nodes in your environment). 

if you just want the alert to trigger when a WDC node is down you would want an AND.

The "this alert would be immediately triggered on X objects"  is just letting you know "hey, if you press submit, these alert's trigger actions will be fired"

on the trigger condition page, that is just showing you the SCOPE of the alert, it's not saying it will trigger the alert, it's just letting you know "these are the objects/nodes/devices that can be triggered if this trigger condition is met"

So, if no WDC nodes are down, you should expect to see "this alert would be immediately triggered on 0 objects"

I hope this makes sense, let me know.

View solution in original post

11 Replies
Level 12

@dbradley1 It needs to be an AND not an OR. Maybe try "Instance". you will be able to search for specific nodes by clicking "Select objects", like this:

rmullal_0-1589936400315.png

 

0 Kudos
Level 9

@rmullalPrior to reading your response, I believe I had figured out a solution that could work.  Per the screen capture below, I 22 detected objects, and when I arrive at the summary page it shows: This alert would be immediately triggered on 22 objects, which is what I expect to see.  Now my question is, after I click "submit" is it normal for me to receive 22 email notifications?  Or is there still something wrong with the functionality of this alert? 

I have spent a considerable amount of time editing some of the old alerts, but I didn't expect to get slammed with all of the email notifications after I submit the changes made.

 

dbradley1_0-1590013076828.png

 

0 Kudos
Level 10

Hi @dbradley1,

@rmullalis correct for the removal of the extra line.  To answer your other question about receiving alerts immediately after configuring this: yes, that is normal behavior.

Level 12

@dbradley1 Change it to an AND and get rid of what I crossed out:

rmullal_0-1590021972136.png

Let me know if that helps.

0 Kudos
Level 9

@rmullal  I tried the recommended changes and now this is what I see on the summary of alert configuration page:

dbradley1_0-1590079374798.png

Shouldn't I be seeing the same number of objects (I.e., 22) from the "show list" on the trigger condition page?  I notice each time the trigger condition is changed, the number of triggered objects on the summary of alert page changes.  This was the reason why I had it set to "OR" as indicated in my previous response.  As that was the only way that I could get the number of child object to remain the same. 

0 Kudos
Level 12

@dbradley1 When you had the OR you were saying "trigger an alert when Node Prison_Facility is equal to WDC *OR* when a node is down" (all nodes in your environment). 

if you just want the alert to trigger when a WDC node is down you would want an AND.

The "this alert would be immediately triggered on X objects"  is just letting you know "hey, if you press submit, these alert's trigger actions will be fired"

on the trigger condition page, that is just showing you the SCOPE of the alert, it's not saying it will trigger the alert, it's just letting you know "these are the objects/nodes/devices that can be triggered if this trigger condition is met"

So, if no WDC nodes are down, you should expect to see "this alert would be immediately triggered on 0 objects"

I hope this makes sense, let me know.

View solution in original post

Level 9

@rmullal @martin001  Quick question:  does it matter which scope of alert I select?  I notice both of these options show the correct number of child objects (22).  However, after making the correct changes to the custom alert below. We rebooted one of the child objects (i.e., node), but it did not trigger an email notification as expected.  I later went to the trigger actions page, and executed a test on the same node, and we successfully received the email notification.  Any ideas as to why this would happen?   

dbradley1_0-1590149064218.png

dbradley1_1-1590149225591.png

 

 

0 Kudos
Level 12

If you only rebooted, Orion probably didn't catch it. i believe the default polling interval is 120 seconds. i would expect most devices to be able to reboot and come back online within that time frame. can you bring it down for 3 minutes to test?

Also, do you have anything checked on this box?

rmullal_0-1590157792693.png

 

0 Kudos
Level 9

@rmullalNothing was checked in the "condition must exist" box.  I will run another test and take the node down for a longer period of time.  Update to follow.

0 Kudos
Level 10

Hi @dbradley1,

Are you able to share the trigger condition?  That will help for us to figure out what's happening.

0 Kudos
Level 9

Greetings @martin001 

Sure:

Alert on: Node

Trigger alert when: At least one child condition must be satisfied (OR)

Node >>> Firewall >>> is equal to >>> Firewall_DPS

Node >>> Status >>> is equal to >>> Down

* (Note: tried all other options as well, but this was the only one that reduced the number of triggered objects down to 55 objects on the Summary page)

0 Kudos