Apologies in advance for the length here...... Precipitating this question\discussion is the 100+ plus alerts I have inherited in a production NPM environment. Where the Enterprise Infrastructure is across 25+ autonomous Districts with over 250+ unique US and International sites. Qty 6) pollers: 3k+ nodes\12k+ interfaces\8k+ volumes\20k+ elements All major SW Modules. At present the collection of NPM production alerts I am trying to manage are primarily 'simple', not 'custom' alerts. Of benefit to me (and I presume others as well) would be some way to easily identify\track details\specifics across the full scope of production alerts for elements buried beneath multiple drill downs such as: Alert recipients (due to consistent, ongoing MACs, I need to frequently revisit\revise this element across Alerts) Trigger conditions (identify constructs and logic, including 'Property to Monitor' specific conditions, etc.) Variable strings in use (per alert! these can change with Orion releases and 'break' alerts, best would be to be able to globally find\replace when such changes occur.) Alert suppression (i.e., details as above) Comments field (Used by us to track changes by Admin with date\timestamps, since there is no high level Admin logging details\timestamp in the toolkit at large.) Alert times (manage Weekday and Off Hours\Weekend time coverages) Alert Trigger Actions (in detail) Alert Reset Actions (in detail) Basically: deconstruct Alerts into a flat interface, or at the least, display the full unique Alert details in a single screen. Questions\Discussion point Does\has anyone created a unified Alert management interface to track details\specifics out of an enterprise level NPM Alert population? Or even a report to try and easily track Alert details? The benefit being solicited here avoids manually deconstructing the full scope of alerts to track details, in say, Access or Excel. Have I missed the toolkit GUI alert manager? I have reviewed Thwack for relevant content, and have an open ticket for this same request. Included here are possibly Alert (feature) enhancements, but I will let SW dig these out. Feature enhancements Alert GUI interface check box for "Include the generating alert name in the message body." Some way to track Admin changes: Author, date of last change, etc.. (Some way to log the changes made.) Some way to re-run the "Alert manager GUI" for updating alert changes, or better, be addressable in real time. Interact with Alerts globally or individually with a search constraint to make relevant variable changes. Some form of search function against the full scope of active alerts per detail field. Some central Customer portal URL of feature requests\ features\enahncements in development for future release to remove any question of past requests already tabled. (nice to have) some form of boolean tracking to generate a compilation Alert for repetitive alerts, based on unique condition #'s of alerts\timeframe. with resets. A bit of background I have already visited the SQL Server DB to see if this request is (easily?) actionable in a complex report. From what I can interpret the NPM alert as constructed is a SQL query in parts Designer inputs with: Client side table joins and targeting Stored procedures on the DB side. I.e., hereis the SQL statement pulled from a very simple, basic alert: "Alert me when a component goes into warning or critical state." Parsing this to deconstructed details of the Alert tab selections and drill downs (i.e., Trigger action message body) is pretty cryptic (to me). <?xml version="1.0" encoding="UTF-8"?> <AlertDefinitions><AlertDefinition AlertDefID="{5EB4B441-F3D6-4DF1-AA39-A59B4B5191AB}" AlertName="Alert me when a component goes into warning or critical state" AlertDescription="This alert will write to the event log when an component goes into warning or critical state and when an component comes back up again." Enabled="True" StartTime="12:00:00 AM" EndTime="11:59:59 PM" DOW="1,2,3,4,5,6,7" TriggerQuery="SELECT APM_AlertsAndReportsData.ComponentID AS NetObjectID, APM_AlertsAndReportsData.ComponentName AS Name FROM Nodes INNER JOIN APM_AlertsAndReportsData ON (Nodes.NodeID = APM_AlertsAndReportsData.NodeId) WHERE ( (Nodes.Status <> '2') AND ( (APM_AlertsAndReportsData.ComponentStatus = 'Critical') OR (APM_AlertsAndReportsData.ComponentStatus = 'Warning') ) )" TriggerQueryDesign="<QUERY><KIND>1</KIND><COMPLEX><TAG></TAG><CONNECTIVE>1</CONNECTIVE><CHECKED>1</CHECKED><SIMPLE><TAG></TAG><ALIAS></ALIAS><ADVANCED>0</ADVANCED><COMPARISON>5</COMPARISON><FUNCTION>0</FUNCTION><SORT>0</SORT><CHECKED>1</CHECKED><LEFTSIDEKIND>2</LEFTSIDEKIND><RIGHTSIDEKIND>1</RIGHTSIDEKIND><COMPARISONATTRIBUTES></COMPARISONATTRIBUTES><FUNCTIONATTRIBUTES></FUNCTIONATTRIBUTES><LEFTFIELDPATH>Network Nodes.Node Status.Node Status</LEFTFIELDPATH><RIGHTFIELDPATH></RIGHTFIELDPATH><LEFTVALUETYPE>0</LEFTVALUETYPE><LEFTVALUE></LEFTVALUE><LEFTCAPTION>Node Status</LEFTCAPTION><RIGHTVALUETYPE>8</RIGHTVALUETYPE><RIGHTVALUE>2</RIGHTVALUE><RIGHTCAPTION>Down</RIGHTCAPTION></SIMPLE><COMPLEX><TAG></TAG><CONNECTIVE>2</CONNECTIVE><CHECKED>1</CHECKED><SIMPLE><TAG></TAG><ALIAS></ALIAS><ADVANCED>0</ADVANCED><COMPARISON>0</COMPARISON><FUNCTION>0</FUNCTION><SORT>0</SORT><CHECKED>1</CHECKED><LEFTSIDEKIND>2</LEFTSIDEKIND><RIGHTSIDEKIND>1</RIGHTSIDEKIND><COMPARISONATTRIBUTES></COMPARISONATTRIBUTES><FUNCTIONATTRIBUTES></FUNCTIONATTRIBUTES><LEFTFIELDPATH>APM Component Monitors.Component Status</LEFTFIELDPATH><RIGHTFIELDPATH></RIGHTFIELDPATH><LEFTVALUETYPE>0</LEFTVALUETYPE><LEFTVALUE></LEFTVALUE><LEFTCAPTION>Component Status</LEFTCAPTION><RIGHTVALUETYPE>8</RIGHTVALUETYPE><RIGHTVALUE>Critical</RIGHTVALUE><RIGHTCAPTION>Critical</RIGHTCAPTION></SIMPLE><SIMPLE><TAG></TAG><ALIAS></ALIAS><ADVANCED>0</ADVANCED><COMPARISON>0</COMPARISON><FUNCTION>0</FUNCTION><SORT>0</SORT><CHECKED>1</CHECKED><LEFTSIDEKIND>2</LEFTSIDEKIND><RIGHTSIDEKIND>1</RIGHTSIDEKIND><COMPARISONATTRIBUTES></COMPARISONATTRIBUTES><FUNCTIONATTRIBUTES></FUNCTIONATTRIBUTES><LEFTFIELDPATH>APM Component Monitors.Component Status</LEFTFIELDPATH><RIGHTFIELDPATH></RIGHTFIELDPATH><LEFTVALUETYPE>0</LEFTVALUETYPE><LEFTVALUE></LEFTVALUE><LEFTCAPTION>Component Status</LEFTCAPTION><RIGHTVALUETYPE>8</RIGHTVALUETYPE><RIGHTVALUE>Warning</RIGHTVALUE><RIGHTCAPTION>Warning</RIGHTCAPTION></SIMPLE></COMPLEX></COMPLEX></QUERY>" ResetQuery="SELECT APM_AlertsAndReportsData.ComponentID AS NetObjectID, APM_AlertsAndReportsData.ComponentName AS Name FROM Nodes INNER JOIN APM_AlertsAndReportsData ON (Nodes.NodeID = APM_AlertsAndReportsData.NodeId) WHERE NOT ( (Nodes.Status <> '2') AND ( (APM_AlertsAndReportsData.ComponentStatus = 'Critical') OR (APM_AlertsAndReportsData.ComponentStatus = 'Warning') ) )" ResetQueryDesign="SIMPLE" SuppressionQuery="" SuppressionQueryDesign="<QUERY><KIND>1</KIND><COMPLEX><TAG></TAG><CONNECTIVE>1</CONNECTIVE><CHECKED>1</CHECKED></COMPLEX></QUERY>" TriggerSustained="0" ResetSustained="0" LastExecuteTime="9/8/2011 2:14:48 PM" ExecuteInterval="60" BlockUntil="9/8/2011 2:14:49 PM" ResponseTime="0" LastErrorTime="9/3/2011 5:39:07 PM" LastError="System.Data.SqlClient.SqlException: Timeout expired. The timeout period elapsed prior to completion of the operation or the server is not responding. at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection) at System.Data.SqlClient.SqlInternalConnection.OnError(SqlException exception, Boolean breakConnection) at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj) at System.Data.SqlClient.TdsParser.Run(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj) at System.Data.SqlClient.SqlCommand.FinishExecuteReader(SqlDataReader ds, RunBehavior runBehavior, String resetOptionsString) at System.Data.SqlClient.SqlCommand.RunExecuteReaderTds(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, Boolean async) at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method, DbAsyncResult result) at System.Data.SqlClient.SqlCommand.InternalExecuteNonQuery(DbAsyncResult result, String methodName, Boolean sendToPipe) at System.Data.SqlClient.SqlCommand.ExecuteNonQuery() at AlertingEngine.CheckAlert.UpdateRowsThatAreReset()" ObjectType="APM: Component" IgnoreTimeout="True"><AlertActions><AlertAction ActionDefID="{4449897B-5293-4402-86E9-CB3A59E386FF}" AlertDefID="{5EB4B441-F3D6-4DF1-AA39-A59B4B5191AB}" TriggerAction="True" ExecuteIfAcknowledged="True" TimeOffset="0" RepeatInterval="0" StartTime="12:00:00 AM" EndTime="11:59:59 PM" DOW="1,2,3,4,5,6,7" SortOrder="1" ActionType="NPMEventLog" Title="NetPerMon Event Log : Component ${ComponentName} on Application ${ApplicationName} on Node ${NodeName} is ${ComponentStatus}" Target="" Parameter1="NetPerMon Event Log: Component ${ComponentName} on Application ${ApplicationName} on Node ${NodeName} is ${ComponentStatus}" Parameter2="" Parameter3="" Parameter4="" NetObjectType=""/><AlertAction ActionDefID="{DB86F4B0-1372-4EE8-B887-4A2F9F5E1AE1}" AlertDefID="{5EB4B441-F3D6-4DF1-AA39-A59B4B5191AB}" TriggerAction="False" ExecuteIfAcknowledged="True" TimeOffset="0" RepeatInterval="0" StartTime="12:00:00 AM" EndTime="11:59:59 PM" DOW="1,2,3,4,5,6,7" SortOrder="1" ActionType="NPMEventLog" Title="NetPerMon Event Log : Component ${ComponentName} on Application ${ApplicationName} on Node ${NodeName} is ${ComponentStatus}" Target="" Parameter1="NetPerMon Event Log: Component ${ComponentName} on Application ${ApplicationName} on Node ${NodeName} is ${ComponentStatus}" Parameter2="" Parameter3="" Parameter4="" NetObjectType=""/></AlertActions></AlertDefinition></AlertDefinitions>

This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.

You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

Alert management interface or utility to track Alert details\specifics

Gerritt_Dunn over 12 years ago

Apologies in advance for the length here......

Precipitating this question\discussion is the 100+ plus alerts I have inherited in a production NPM environment. Where the Enterprise Infrastructure is across 25+ autonomous Districts with over 250+ unique US and International sites. Qty 6) pollers: 3k+ nodes\12k+ interfaces\8k+ volumes\20k+ elements All major SW Modules.

At present
the collection of NPM production alerts I am trying to manage are primarily 'simple', not 'custom' alerts. Of benefit to me (and I presume others as well) would be some way to easily identify\track details\specifics across the full scope of production alerts for elements buried beneath multiple drill downs such as:

Alert recipients (due to consistent, ongoing MACs, I need to frequently revisit\revise this element across Alerts)
Trigger conditions (identify constructs and logic, including 'Property to Monitor' specific conditions, etc.)
Variable strings in use (per alert! these can change with Orion releases and 'break' alerts, best would be to be able to globally find\replace when such changes occur.)
Alert suppression (i.e., details as above)
Comments field (Used by us to track changes by Admin with date\timestamps, since there is no high level Admin logging details\timestamp in the toolkit at large.)
Alert times (manage Weekday and Off Hours\Weekend time coverages)
Alert Trigger Actions (in detail)
Alert Reset Actions (in detail)

Basically: deconstruct Alerts into a flat interface, or at the least, display the full unique Alert details in a single screen.

Questions\Discussion point

Does\has anyone created a unified Alert management interface to track details\specifics out of an enterprise level NPM Alert population?
Or even a report to try and easily track Alert details?
The benefit being solicited here avoids manually deconstructing the full scope of alerts to track details, in say, Access or Excel.
Have I missed the toolkit GUI alert manager?
I have reviewed Thwack for relevant content, and have an open ticket for this same request.
Included here are possibly Alert (feature) enhancements, but I will let SW dig these out.

Feature enhancements

Alert GUI interface check box for "Include the generating alert name in the message body."
Some way to track Admin changes: Author, date of last change, etc.. (Some way to log the changes made.)
Some way to re-run the "Alert manager GUI" for updating alert changes, or better, be addressable in real time.
Interact with Alerts globally or individually with a search constraint to make relevant variable changes.
Some form of search function against the full scope of active alerts per detail field.
Some central Customer portal URL of feature requests\ features\enahncements in development for future release to remove any question of past requests already tabled.
(nice to have) some form of boolean tracking to generate a compilation Alert for repetitive alerts, based on unique condition #'s of alerts\timeframe. with resets.

A bit of background

I have already visited the SQL Server DB to see if this request is (easily?) actionable in a complex report.

From what I can interpret the NPM alert as constructed is a SQL query in parts Designer inputs with: Client side table joins and targeting Stored procedures on the DB side. I.e., hereis the SQL statement pulled from a very simple, basic alert: "Alert me when a component goes into warning or critical state." Parsing this to deconstructed details of the Alert tab selections and drill downs (i.e., Trigger action message body) is pretty cryptic (to me).

<?xml version="1.0" encoding="UTF-8"?>
<AlertDefinitions><AlertDefinition AlertDefID="{5EB4B441-F3D6-4DF1-AA39-A59B4B5191AB}" AlertName="Alert me when a component goes into warning or critical state" AlertDescription="This alert will write to the event log when an component goes into warning or critical state and when an component comes back up again." Enabled="True" StartTime="12:00:00 AM" EndTime="11:59:59 PM" DOW="1,2,3,4,5,6,7" TriggerQuery="SELECT APM_AlertsAndReportsData.ComponentID AS NetObjectID, APM_AlertsAndReportsData.ComponentName AS Name
  FROM Nodes INNER JOIN APM_AlertsAndReportsData ON (Nodes.NodeID = APM_AlertsAndReportsData.NodeId)
  WHERE
  (
   (Nodes.Status <> '2') AND
   (
    (APM_AlertsAndReportsData.ComponentStatus = 'Critical') OR
    (APM_AlertsAndReportsData.ComponentStatus = 'Warning')
   )
  )" TriggerQueryDesign="<QUERY><KIND>1</KIND><COMPLEX><TAG></TAG><CONNECTIVE>1</CONNECTIVE><CHECKED>1</CHECKED><SIMPLE><TAG></TAG><ALIAS></ALIAS><ADVANCED>0</ADVANCED><COMPARISON>5</COMPARISON><FUNCTION>0</FUNCTION><SORT>0</SORT><CHECKED>1</CHECKED><LEFTSIDEKIND>2</LEFTSIDEKIND><RIGHTSIDEKIND>1</RIGHTSIDEKIND><COMPARISONATTRIBUTES></COMPARISONATTRIBUTES><FUNCTIONATTRIBUTES></FUNCTIONATTRIBUTES><LEFTFIELDPATH>Network Nodes.Node Status.Node Status</LEFTFIELDPATH><RIGHTFIELDPATH></RIGHTFIELDPATH><LEFTVALUETYPE>0</LEFTVALUETYPE><LEFTVALUE></LEFTVALUE><LEFTCAPTION>Node Status</LEFTCAPTION><RIGHTVALUETYPE>8</RIGHTVALUETYPE><RIGHTVALUE>2</RIGHTVALUE><RIGHTCAPTION>Down</RIGHTCAPTION></SIMPLE><COMPLEX><TAG></TAG><CONNECTIVE>2</CONNECTIVE><CHECKED>1</CHECKED><SIMPLE><TAG></TAG><ALIAS></ALIAS><ADVANCED>0</ADVANCED><COMPARISON>0</COMPARISON><FUNCTION>0</FUNCTION><SORT>0</SORT><CHECKED>1</CHECKED><LEFTSIDEKIND>2</LEFTSIDEKIND><RIGHTSIDEKIND>1</RIGHTSIDEKIND><COMPARISONATTRIBUTES></COMPARISONATTRIBUTES><FUNCTIONATTRIBUTES></FUNCTIONATTRIBUTES><LEFTFIELDPATH>APM Component Monitors.Component Status</LEFTFIELDPATH><RIGHTFIELDPATH></RIGHTFIELDPATH><LEFTVALUETYPE>0</LEFTVALUETYPE><LEFTVALUE></LEFTVALUE><LEFTCAPTION>Component Status</LEFTCAPTION><RIGHTVALUETYPE>8</RIGHTVALUETYPE><RIGHTVALUE>Critical</RIGHTVALUE><RIGHTCAPTION>Critical</RIGHTCAPTION></SIMPLE><SIMPLE><TAG></TAG><ALIAS></ALIAS><ADVANCED>0</ADVANCED><COMPARISON>0</COMPARISON><FUNCTION>0</FUNCTION><SORT>0</SORT><CHECKED>1</CHECKED><LEFTSIDEKIND>2</LEFTSIDEKIND><RIGHTSIDEKIND>1</RIGHTSIDEKIND><COMPARISONATTRIBUTES></COMPARISONATTRIBUTES><FUNCTIONATTRIBUTES></FUNCTIONATTRIBUTES><LEFTFIELDPATH>APM Component Monitors.Component Status</LEFTFIELDPATH><RIGHTFIELDPATH></RIGHTFIELDPATH><LEFTVALUETYPE>0</LEFTVALUETYPE><LEFTVALUE></LEFTVALUE><LEFTCAPTION>Component Status</LEFTCAPTION><RIGHTVALUETYPE>8</RIGHTVALUETYPE><RIGHTVALUE>Warning</RIGHTVALUE><RIGHTCAPTION>Warning</RIGHTCAPTION></SIMPLE></COMPLEX></COMPLEX></QUERY>" ResetQuery="SELECT APM_AlertsAndReportsData.ComponentID AS NetObjectID, APM_AlertsAndReportsData.ComponentName AS Name
  FROM Nodes INNER JOIN APM_AlertsAndReportsData ON (Nodes.NodeID = APM_AlertsAndReportsData.NodeId)
  WHERE NOT
  (
   (Nodes.Status <> '2') AND
   (
    (APM_AlertsAndReportsData.ComponentStatus = 'Critical') OR
    (APM_AlertsAndReportsData.ComponentStatus = 'Warning')
   )
  )" ResetQueryDesign="SIMPLE" SuppressionQuery="" SuppressionQueryDesign="<QUERY><KIND>1</KIND><COMPLEX><TAG></TAG><CONNECTIVE>1</CONNECTIVE><CHECKED>1</CHECKED></COMPLEX></QUERY>" TriggerSustained="0" ResetSustained="0" LastExecuteTime="9/8/2011 2:14:48 PM" ExecuteInterval="60" BlockUntil="9/8/2011 2:14:49 PM" ResponseTime="0" LastErrorTime="9/3/2011 5:39:07 PM" LastError="System.Data.SqlClient.SqlException: Timeout expired. The timeout period elapsed prior to completion of the operation or the server is not responding.
   at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection)
   at System.Data.SqlClient.SqlInternalConnection.OnError(SqlException exception, Boolean breakConnection)
   at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj)
   at System.Data.SqlClient.TdsParser.Run(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj)
   at System.Data.SqlClient.SqlCommand.FinishExecuteReader(SqlDataReader ds, RunBehavior runBehavior, String resetOptionsString)
   at System.Data.SqlClient.SqlCommand.RunExecuteReaderTds(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, Boolean async)
   at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method, DbAsyncResult result)
   at System.Data.SqlClient.SqlCommand.InternalExecuteNonQuery(DbAsyncResult result, String methodName, Boolean sendToPipe)
   at System.Data.SqlClient.SqlCommand.ExecuteNonQuery()
   at AlertingEngine.CheckAlert.UpdateRowsThatAreReset()" ObjectType="APM: Component" IgnoreTimeout="True"><AlertActions><AlertAction ActionDefID="{4449897B-5293-4402-86E9-CB3A59E386FF}" AlertDefID="{5EB4B441-F3D6-4DF1-AA39-A59B4B5191AB}" TriggerAction="True" ExecuteIfAcknowledged="True" TimeOffset="0" RepeatInterval="0" StartTime="12:00:00 AM" EndTime="11:59:59 PM" DOW="1,2,3,4,5,6,7" SortOrder="1" ActionType="NPMEventLog" Title="NetPerMon Event Log : Component ${ComponentName} on Application ${ApplicationName} on Node ${NodeName} is ${ComponentStatus}" Target="" Parameter1="NetPerMon Event Log: Component ${ComponentName} on Application ${ApplicationName} on Node ${NodeName} is ${ComponentStatus}" Parameter2="" Parameter3="" Parameter4="" NetObjectType=""/><AlertAction ActionDefID="{DB86F4B0-1372-4EE8-B887-4A2F9F5E1AE1}" AlertDefID="{5EB4B441-F3D6-4DF1-AA39-A59B4B5191AB}" TriggerAction="False" ExecuteIfAcknowledged="True" TimeOffset="0" RepeatInterval="0" StartTime="12:00:00 AM" EndTime="11:59:59 PM" DOW="1,2,3,4,5,6,7" SortOrder="1" ActionType="NPMEventLog" Title="NetPerMon Event Log : Component ${ComponentName} on Application ${ApplicationName} on Node ${NodeName} is ${ComponentStatus}" Target="" Parameter1="NetPerMon Event Log: Component ${ComponentName} on Application ${ApplicationName} on Node ${NodeName} is ${ComponentStatus}" Parameter2="" Parameter3="" Parameter4="" NetObjectType=""/></AlertActions></AlertDefinition></AlertDefinitions>