2 Replies Latest reply on Mar 15, 2013 3:21 PM by nicole pauls

    What is the intent of Alert Central?


      I've got the On-Call, calendar, group escalation stuff.  But as far as how alerts are handled, there are none of the dampening features in NPM alerts.  NPM alerts would remove themselves regardless if acknowledged if the condition that created it went away.  AC doesn't have this functionality, so it seems that Advanced Alerts are still needed in NPM this system just replaces the "Alerts" page in NPM sans alert removal.


      Email alerts is new but is missing any message dampening features and no NPM integration.


      What I've been hoping for is a centralized tool for accepting events, syslog messages, and traps, and generate actionable alerts.  To do this effectively, you need a full featured correlation language like Simple Event Correlator.  (SEC - open source and platform independent event correlation tool).


      If the goal is instead to keep action systems in NPM, syslog, traps  So be it.  I'll build this with Syslog-NG and SEC.  This may be like the Roadmap question.




        • Re: What is the intent of Alert Central?
          Dave Alger

          Alert Central has a long way to go and I'm sure that there are many new features coming in future versions.


          In a nutshell, Alert Central currently tries to solve two general problems facing most IT teams.

          1. Take all the endless alerting emails coming from various systems and possibly going to different email accounts and intelligently route them (to the right people or the trash can)
          2. Create centralized On-Call calendars for each team so that the people who get notified can change based on the time an alert is received


          If you are getting so many alert emails that nothing seems alarming anymore than I think Alert Central is for you.  Alert Central can use complex rules to match and route pretty much any email so users can start making the garbage alerts disappear while making sure the more critical ones get to the right people.  It is easy for someone on-call to click on the Close button when getting a notification email at 2 AM that they know doesn't require action (if it happens enough they can modify their routing rules to make future things like that route to the trash)


          As for the future, Alert Central is just getting started.  The community drives the road map as they do with other SolarWinds products so that more you participate here the better.  I would like to see better Orion integration that extends to different modules like NPM and as long as you continue to post good feedback those are the things most likely to be addressed in future versions.


          Great question and thanks for being an active member of the Thwack community.

          • Re: What is the intent of Alert Central?
            nicole pauls

            To add to what davealger said, I think where Alert Central fits, and what it's intent is right now, is more like #2 - to escalate actionable alerts.


            We have discussed/are considering features like de-duplication and some kind of outage correlation (related to your dampening statement), but more for the purpose of not excessively alerting, rather than correlating events from disparate sources to draw more intelligent conclusions. The other thing (collecting events from log sources and traps) sounds more like what Log & Event Manager does, or is intended to do. It is a bit of an overlap, but what we build in Alert Central will be much more limited (or less flexible) than what you'd see in an event management system, since it's theoretically further down the funnel toward incident handling away from incident generation/detection.


            More thoughts are always welcome, of course, these threads are always really useful for helping us make sure our product strategy continues to work when the rubber meets the road in the real world.