This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

Alert organizing question

Since SolarWinds suggest using OOB alerts at template and you cannot modify them anyway, do you think it's a good idea to disable all of the OOB alerts that you may use, make copies of them, and then apply the copied alerts to the environment?  The SW best practice is to use OOB alerts as templates so I'm thinking of disabling all of the alerts and using any of them I need as templates.  This would allow anyone coming after me to modify the alerts as needed while keeping all of the original alerts in their original state.

  • feltonlewis​ That's pretty much how we do it. Make a copy of the alerts we need to use, then modify those copied alerts to fit our needs. We only use the alerts we need, and everything else is disabled.

  • Yes. Very yes. My primary reason (but not only) for saying so is that most customization that you make to the OOB alert configurations are lost every time you upgrade Orion. For example, if you put useful information (please do) in the alert message field, most upgrades will reset this to the default, and you'll have to redo every alert configuration.

  • We have always disabled all of them and then copied the ones we want to use. We also came up with a naming scheme for them so for example if it's a SAM alert it is indicated in the name and then there is an associated number with it so we can match up a SAM template with an alert name.

    Also in the alert actions we always include the alert name somewhere in the alert. This was done so that later down the road when someone sends you the email alert they received you can match it up with an alert.

    Once you get several hundreds of alerts built going to different teams its a great time saver.

  • bobmarley​ We do something very similar with the naming convention too.

    pastedImage_0.png

  • We use a company-specific suffix on our alert configurations. When using a prefix, sorting by alert name becomes much less helpful unless you are already filtering by object type, etc.

  • We do as well. We are running a shared instance of Solarwinds that supports multiple companies.

  • Luther -

    So in your image, each number corresponds to a prefix number corresponds to a different module within SW is that correct?  And what is the suffix for?

  • feltonlewis​ Before rebuilding our latest Orion environment, we had previously had several hundreds of alerts. While I wanted to have all of our alerts streamlined and using custom properties, I also wanted a better way to sort through and identify them. I ended up going with a prefix number and a suffix number to help keep them in categories. I do not like how the default "Group By" options display the alerts, breaking simple groups down into overly specific sub-groups. I do, however, like the simplicity of the "Manage Custom Properties" page, where it groups by the most simplistic of categories. (Alerts, Apps, Groups, Nodes, Ints, etc..)

    Basically, yes, the idea was to just keep similar alert types grouped together. (all node alerts with the a prefix in the range of 100-199, interface alerts start with 200-299, and so on).

    The suffix was mainly just for me when I need to go in and update the alerts, or make any major changes. I prefer to keep old alerts for reference rather than delete or change them altogether. So, whenever I need to update/change an alert, I simply copy it, make my changes, and increase the suffix.

    Group By Object - Manage Alerts

    pastedImage_1.png

    Group By Object - Manage Custom Properties

    pastedImage_2.png

    It's nothing more than a personal preference. I'm sure there are much better ways to do this, but it was simple enough, and works for us, so I went with it.

    Thank you,

    -Will

  • I reread you post.  I see you're using the suffix for versioning.

  • @wluther So you make a copy of teh OOB alert then edit it and use it??? So you dont use any OOB alerts?