This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

Creating Custom Alert

I am attempting to create a custom alert for 7 specific objects.  In the beginning of the process, the 7 objects are present in the "show list" scope.  However, when I get to the final summary it shows:

"This alert would be immediately triggered on 55 object(s) in alert scope... If this behavior is not expected, try to  adjust the trigger condition."

I have have tried repeatedly to adjust the trigger condition to no avail.  How can I get the alert to trigger on the 7 objects specifically?

  • Hi ,

    Are you able to share the trigger condition?  That will help for us to figure out what's happening.

  • Greetings  

    Sure:

    Alert on: Node

    Trigger alert when: At least one child condition must be satisfied (OR)

    Node >>> Firewall >>> is equal to >>> Firewall_DPS

    Node >>> Status >>> is equal to >>> Down

    * (Note: tried all other options as well, but this was the only one that reduced the number of triggered objects down to 55 objects on the Summary page)

  •  It needs to be an AND not an OR. Maybe try "Instance". you will be able to search for specific nodes by clicking "Select objects", like this:

    rmullal_0-1589936400315.png

  • Prior to reading your response, I believe I had figured out a solution that could work.  Per the screen capture below, I 22 detected objects, and when I arrive at the summary page it shows: This alert would be immediately triggered on 22 objects, which is what I expect to see.  Now my question is, after I click "submit" is it normal for me to receive 22 email notifications?  Or is there still something wrong with the functionality of this alert? 

    I have spent a considerable amount of time editing some of the old alerts, but I didn't expect to get slammed with all of the email notifications after I submit the changes made.

    dbradley1_0-1590013076828.png

  •  Change it to an AND and get rid of what I crossed out:

    rmullal_0-1590021972136.png

    Let me know if that helps.

  • Hi ,

    is correct for the removal of the extra line.  To answer your other question about receiving alerts immediately after configuring this: yes, that is normal behavior.

  •   I tried the recommended changes and now this is what I see on the summary of alert configuration page:

    dbradley1_0-1590079374798.png

    Shouldn't I be seeing the same number of objects (I.e., 22) from the "show list" on the trigger condition page?  I notice each time the trigger condition is changed, the number of triggered objects on the summary of alert page changes.  This was the reason why I had it set to "OR" as indicated in my previous response.  As that was the only way that I could get the number of child object to remain the same. 

  •  When you had the OR you were saying "trigger an alert when Node Prison_Facility is equal to WDC *OR* when a node is down" (all nodes in your environment). 

    if you just want the alert to trigger when a WDC node is down you would want an AND.

    The "this alert would be immediately triggered on X objects"  is just letting you know "hey, if you press submit, these alert's trigger actions will be fired"

    on the trigger condition page, that is just showing you the SCOPE of the alert, it's not saying it will trigger the alert, it's just letting you know "these are the objects/nodes/devices that can be triggered if this trigger condition is met"

    So, if no WDC nodes are down, you should expect to see "this alert would be immediately triggered on 0 objects"

    I hope this makes sense, let me know.

  •    Quick question:  does it matter which scope of alert I select?  I notice both of these options show the correct number of child objects (22).  However, after making the correct changes to the custom alert below. We rebooted one of the child objects (i.e., node), but it did not trigger an email notification as expected.  I later went to the trigger actions page, and executed a test on the same node, and we successfully received the email notification.  Any ideas as to why this would happen?   

    dbradley1_0-1590149064218.png

    dbradley1_1-1590149225591.png

  • If you only rebooted, Orion probably didn't catch it. i believe the default polling interval is 120 seconds. i would expect most devices to be able to reboot and come back online within that time frame. can you bring it down for 3 minutes to test?

    Also, do you have anything checked on this box?

    rmullal_0-1590157792693.png