1 Reply Latest reply on Apr 11, 2017 7:03 AM by Richard Phillips

    Control the alerting without modifying the Alert.

    nks7892

      Hello guys, this is something about a simple and easy concept which I believe most of us might know but still posting this, thinking that it may help new comers in solar winds.

       

      Why do you need a mechanism of controlling the alert without modifying the actual alert conditions/actions?

      Some times we create trigger conditions/reset conditions with a view of present requirements only but some times we may require to modify it like to exclude/include the objects. For example - Let say I have 10 nodes and I want node down alert on 5 only. Then the simplest approach I will pick is to use node names using OR condition in trigger logic of the alert. But after few days I may realize that that list is increasingly growing now I have to modify the alert which will re-trigger the action for all the objects which already have an active alert for that alert at that time, that will cause the noise to my monitoring team. Which I want to remove.

       

      Logic

      There are many ways to control the alert on each and every object. One simplest way is to use "Custom Property". Let me tell you what I did and then you can take its reference from this according to your scenarios.

      I created a Custom Property named as "Alerts" and I putted 5 Keywords to recognize all types of alerts on a node can apply.

       

      Keyword -  "BMCDL"

      B - Boot/Node Reboot

      M - Memory

      C - CPU

      D - Down/Node DOwn

      L - Latency/Response Time

       

       

      Note : I have not considered keywords for Interface, Application and Volume because this will not help in my case as whatever the conditions I am going to apply on a node will impact all its child's i.e. all volumes, applications and all interfaces. SO its better to keep these objects separate.

       

       

      Method:

      Create alerts for all the above parameters and put filtering conditions as below - along with fault condition -

       

      Node Reboot : If node custom properties "Alerts" Contains "B"

      Memory : If node custom properties "Alerts" Contains "M"

      CPU : If node custom properties "Alerts" Contains "C"

      Node Down : If node custom properties "Alerts" Contains "D"

      Latency : If node custom properties "Alerts" Contains "L"

       

       

      If you want to exclude a node from any of the alert then simply remove that keyword from its custom property like- If I want a node not to be alerted for Node Down then I will remove "D" keyword from its "Alerts" custom property so it will become "BMCL" instead of "BMCDL". In this way I can control the un-necessary noise created by modifying the alert every time for new objects to be included.