Showing results for 
Search instead for 
Did you mean: 
Create Post

Orion Alerting: Why all and any are good, but none—not so much

Level 19


Orion’s Advanced Alert Engine is a powerful way to set up alerts on possible events in your network.  A big part of what makes it so powerful is the ability to create a wide variety of logical statements via the user interface.  So if you want an alert when a node goes down, but not if that node is named Stan, Kyle, or Cartman, then you can set up a trigger condition that will evaluate each down node and if it matches your conditions, the alert is fired.  If not, then it lets the event pass without a remark. 

What’s happening on the back end of the advanced alert engine is that it’s running a SQL Query.  The trigger condition that you create is actually generating that SQL Query.  The alert engine then executes that query every X minutes, and if it evaluates to true, it fires.

One thing that sometimes trips up users is the way the trigger conditions are constructed.  Each trigger has at least one Condition Group.  The Condition Group is a set of statements that are evaluated together.  Each Condition Group has one of the following logical operators that define how the different statements are treated:  All, Any, None, and Not All.





All and Any are fairly straightforward.  All roughly means “AND”.  If I say,

Trigger if all of the following are true:

Node is Down

Node Name is Kenny

then the whole statement is true only when a node named Kenny is in a Down state. 

Any roughly means “OR”.  If I say

Trigger if any of the following are true:

Node is Down

Node is Warning

then the whole statement is true if a node is in a Down or Warning state.  My recommendation to users is that you stick to All and Any.  They are simple, and I can’t think of a logical statement that you cannot accomplish using all or any.

What about None or Not All?  What do they mean, and why did you include them if you don’t think we should use them?  Well, second part first.  We included them because the control that the advanced alert engine uses to turn your statements into SQL Queries is something we license, and it came with all four logical operators, even though we only wanted two of them. 

What do they mean?  None is roughly the same as saying “not any” or “not a single one”.  If you have a series of statements where None is the operator then the engine will look at each statement under it and if any of those individual statements is true, it will construe the whole Condition Group as false.




Trigger if none of the following are true:

Node is Up

Node Name is Chef

This alert will trigger when node is in any state other than up, unless the node is named Chef.  Note that you could just as easily create an alert with an all that accomplishes the same thing:  Node is not Up and Node Name is not Chef. 

Finally, Not All is roughly the same as saying “at least one is false”.

Trigger if not all of the following are true:

Node is Up

Node Name is Chef

With the logical operator changed, this alert will now trigger any time a node is in any state other than up, but it will also trigger if the node name is anything other than Chef, which would make this alert pretty much useless.

There’s a more formal and detailed explanation in the Orion Admin Guide called Understanding Condition Groups.  My advice is stick to All and Any.  Every time I’ve seen anyone try to use None or Not All, they get unexpected results and end up more frustrated than satisfied.   


About the Author
"I was a victim of a series of accidents, as are we all..." (Kurt Vonnegut, The Sirens of Titan). I was accidentally born as a Cajun from a small town in south Louisiana. Really far south. In fact, if you live south of where I grew up, then we are probably blood relatives. That it was an accident is indisputable because I grew up to be a geek reading science fiction and fantasy novels in a place where most people considered those genres only marginally more acceptable than the Communist Manifesto or the Satanic Bible (no offense to communists or Satanists).   I went to college to be an English major and accidentally stumbled across a psychology text among my girlfriend’s books and immediately fell in love with the cognitive psychology chapter. I loved it so much that I stuck with it until I got a Ph.D. from Rice University studying human memory. Note that this is cognitive psychology, not therapy or abnormal psychology. This is not an invitation to tell your non-SolarWinds troubles to me on Thwack.   Although I applied to many, many different universities in the U.S. and Canada, I ended up at LSU in Baton Rouge, which was more of a cosmic joke than an accident given that I’d been trying to escape the state all my life. I taught there as a professor for about 5 years before I realized that I was deeply bored and couldn’t imagine doing the same thing for 30+ years, which is what professors do. I realized that I wanted to get into the tech world because that’s where the other geeks were. Cognitive psychologists are fine folks, but you can’t count on them to take Battlestar Galactica or Buffy the Vampire Slayer seriously or to know an MMORPG from an RTS.   So I left LSU to work as a usability engineer for Compaq, which was possible only through the accident of a former colleague for Rice already working at Compaq. From there, I bopped through a series of jobs in the tech industry (IBM, BMC Software, NetIQ). I ended up at SolarWinds because I took a job at Winternals Software in Austin, only to have it bought by Microsoft a few months later. That our CEO was looking for product managers in Austin at just the moment that Microsoft was eliminating Winternals was just the latest happy accident. And that, my friends, was how I've ended up as the SVP of Product Strategy at SolarWinds. After 7 great years, I've moved on to other pursuits, but participation on thwack was a highlight of my time with SolarWinds.