2 Replies Latest reply on May 21, 2013 8:40 PM by death-nite

    Mapping Escalation to Events / Custom properties

    death-nite

      I love the ability to escalate per group and notification per user basis, but feel we are missing the matching business level service requirements.

       

      Let me explain.

      In our system we have created a custom property on the nodes which is called "SLA Catagory" and "Management Group"

      This is a drop down box (thank you) which has hard coded selections of:

      Priority1

      Priority2

      Priority3

      Priority4

      etc

      If we wish the device to be Alerted on then we select an item from the drop down box for a Priority.

       

      In the Alert Manager we have a Custom Property (drop down box) which monitors the "up/down" status of the node where "SLA Catagory" = Priority1

      This removes any other requirement on what type of vendor it is. It makes the process very transparent. These custom properties are shared to Alert Manager, which can use this information to route the alert the correct team.

       

      In Alert Manager the "SLA Catagory" = Priority1 and "Management Group" = "Server" Triggered Action is to:

           1. Send Alert to "Servergroup@company.com"

           2. if the alert has not been acknowledged in 30 minutes (T+30 minutes) then Send Alert to "escalationgroup@company.com"

       

      In Alert Manager the "SLA Catagory" = Priority2  "Management Group" = "Network" Triggered Action is to:

           1. Send Alert to "Networkgroup@company.com"

           2. if the alert has not been acknowledged in 60 minutes (T+60 minutes) then Send Alert to "escalationgroup@company.com"

      (etcetra ... )

       

      I am struggling to find how we can map that function in Alert Central. All escalation functions timings are mapped to a group only with no ability to change the timing based upon severity.

      In the case a DC asset is down, well then tell a bunch of groups as everyone should know and escalate immediately

      In the case a Small Site asset is down, well then tell a single team during business hours and never escalate.

      The main focus is not to cry wolf, we wish to get the right notifications to the right groups at the right time with the right Priority

       

      We require the Escalation Policy to be broken out from Group functions and mapped to an alert either in routing (or similar).

       

      Has anyone else figured out how to do this in its current form?

        • Re: Mapping Escalation to Events / Custom properties
          nicole pauls

          You're right - the only thing you can do based on properties (severity, object, custom properties, anything in the alert/email) is ROUTE the alert to a group, there's no post-conditions within the escalation policy that further use properties to escalate. So the "workaround" would be to create multiple groups with different configuration/escalation policies/timing and route the alerts differently at that step.

           

          So,

          1. Create a Network Group and a Server Group (and an "Everyone" group, I'm guessing, since you said it's a small team and in some cases everyone wants to be notified)
          2. In your source for whatever handles those alerts
            1. If alert object = DC, send to "Everyone" group
            2. If alert custom property/severity = priority 1, send to "server group"
            3. If alert custom property/severity = priority 2, send to "network group"
          3. In your groups
            1. Within "Everyone" group, set escalation policy to "notify everyone in the group"
            2. Within "Server" group, set escalation policy to "notify everyone in the group" then after whatever period of time "notify a specific user" of your escalation user
            3. Within "Network" group, set escalation policy to "notify everyone in the group", then after whatever period of time "notify a specific user" of your escalation user
            • Re: Mapping Escalation to Events / Custom properties
              death-nite

              Ya, I did try a method like this but in our instance the routing table became huge. Considering our manta is about streamlining workflows to become more lean this was something that was unsustainable.

              We have 6 Priority levels over 9 Teams. We are an ASX50 company so we have a very large IT team.

               

              Ive ended up reverting to using the Escalation method in the Advanced Alert Manager, which sends an email to the AC. Not elegant but a lot cleaner.

               

              We sort of need the escalation method moved from the Advanced Alert Manager over to AC.

               

              I understand the outcome where Alert Manager takes care of the ALERTS, and AC takes care of the notifications. But at this stage AC cant quite replace this.

               

              We are piloting AC in earnest as we believe that the workflow currently proposed is needed. In this day of mobility and borderless access, the ability to manage and allocate alerts is paramount.