Hello guys, this is something about a simple and easy concept which I believe most of us might know but still posting this, thinking that it may help new comers in solar winds.
Why do you need a mechanism of controlling the alert without modifying the actual alert conditions/actions?
Some times we create trigger conditions/reset conditions with a view of present requirements only but some times we may require to modify it like to exclude/include the objects. For example - Let say I have 10 nodes and I want node down alert on 5 only. Then the simplest approach I will pick is to use node names using OR condition in trigger logic of the alert. But after few days I may realize that that list is increasingly growing now I have to modify the alert which will re-trigger the action for all the objects which already have an active alert for that alert at that time, that will cause the noise to my monitoring team. Which I want to remove.
There are many ways to control the alert on each and every object. One simplest way is to use "Custom Property". Let me tell you what I did and then you can take its reference from this according to your scenarios.
I created a Custom Property named as "Alerts" and I putted 5 Keywords to recognize all types of alerts on a node can apply.
Keyword - "BMCDL"
B - Boot/Node Reboot
M - Memory
C - CPU
D - Down/Node DOwn
L - Latency/Response Time
Note : I have not considered keywords for Interface, Application and Volume because this will not help in my case as whatever the conditions I am going to apply on a node will impact all its child's i.e. all volumes, applications and all interfaces. SO its better to keep these objects separate.
Create alerts for all the above parameters and put filtering conditions as below - along with fault condition -
Node Reboot : If node custom properties "Alerts" Contains "B"
Memory : If node custom properties "Alerts" Contains "M"
CPU : If node custom properties "Alerts" Contains "C"
Node Down : If node custom properties "Alerts" Contains "D"
Latency : If node custom properties "Alerts" Contains "L"
If you want to exclude a node from any of the alert then simply remove that keyword from its custom property like- If I want a node not to be alerted for Node Down then I will remove "D" keyword from its "Alerts" custom property so it will become "BMCL" instead of "BMCDL". In this way I can control the un-necessary noise created by modifying the alert every time for new objects to be included.