I love the ability to escalate per group and notification per user basis, but feel we are missing the matching business level service requirements.
Let me explain.
In our system we have created a custom property on the nodes which is called "SLA Catagory" and "Management Group"
This is a drop down box (thank you) which has hard coded selections of:
If we wish the device to be Alerted on then we select an item from the drop down box for a Priority.
In the Alert Manager we have a Custom Property (drop down box) which monitors the "up/down" status of the node where "SLA Catagory" = Priority1
This removes any other requirement on what type of vendor it is. It makes the process very transparent. These custom properties are shared to Alert Manager, which can use this information to route the alert the correct team.
In Alert Manager the "SLA Catagory" = Priority1 and "Management Group" = "Server" Triggered Action is to:
1. Send Alert to "Servergroup@company.com"
2. if the alert has not been acknowledged in 30 minutes (T+30 minutes) then Send Alert to "firstname.lastname@example.org"
In Alert Manager the "SLA Catagory" = Priority2 "Management Group" = "Network" Triggered Action is to:
1. Send Alert to "Networkgroup@company.com"
2. if the alert has not been acknowledged in 60 minutes (T+60 minutes) then Send Alert to "email@example.com"
(etcetra ... )
I am struggling to find how we can map that function in Alert Central. All escalation functions timings are mapped to a group only with no ability to change the timing based upon severity.
In the case a DC asset is down, well then tell a bunch of groups as everyone should know and escalate immediately
In the case a Small Site asset is down, well then tell a single team during business hours and never escalate.
The main focus is not to cry wolf, we wish to get the right notifications to the right groups at the right time with the right Priority
We require the Escalation Policy to be broken out from Group functions and mapped to an alert either in routing (or similar).
Has anyone else figured out how to do this in its current form?