6 Replies Latest reply on Jun 27, 2013 1:18 AM by superfly99

    Help Regarding Alerts

    naeemfirdous

      I have configured the following alert and it works well but when ever i add the alert suppression condition all the alerts gets suppressed.

       

      Trigger query
      SELECT DISTINCT Volumes.VolumeID AS NetObjectID, Volumes.FullName AS Name FROM Nodes INNER JOIN Volumes ON (Nodes.NodeID = Volumes.NodeID) WHERE ( ( (Volumes.VolumeSize >= 322119397376) AND ((NullIf(VolumeSize,-2)-NullIf(VolumeSpaceUsed,-2)) <= 16106127360) AND (Nodes.Group_Tag = 'SUN')) OR ( (Volumes.VolumeSize <= 320116583424) AND (Volumes.VolumePercentUsed >= 94.98634) AND (Nodes.Group_Tag = 'SUN')) )
      Reset query
      Reset action(s):
      Suppression query
      SELECT Count(*) AS Supress FROM Volumes WHERE ( (Volumes.VolumeType = 'RAM') OR (Volumes.VolumeDescription LIKE '%/rmanbackupfortape%') OR (Volumes.VolumeDescription LIKE '%/cdrom/sol_10_1009_sparc%') )

       

      Capture.PNG

      Capture1.PNG

        • Re: Help Regarding Alerts
          boomshine

          I think it is because you chose "any" of the three conditions on your suppression alert tab.

           

          If you want the alert to be suppressed IF the three conditions are met, you should change "any" into "all"

          • Re: Help Regarding Alerts
            Leon Adato

            "Suppress" is the Alert item I wish would go away. It does not work the way ANYONE things it is supposed to. Specifically, the rules in THAT tab do not cross-reference the rules in the trigger tab.

             

            Meaning, in your example, if ANY volume ANYWHERE in your environment has a volume type of RAM, or a description of (whatever) then your alert will be suppressed. All. The. Time.

             

            Yeah, it's that stupid.

             

            And it's made worse in your case because of the "if ANY" rather than "if ALL" option.

             

            You use it for a type of GLOBAL suppression. like:

            If node caption = "Internet Router"

            AND node status = "down"

             

            In that case, your alert would be suppressed if the "Internet Router" was Down.

             

            But otherwise, it's a completely useless option.

             

            What you want is to add another condition group to your trigger, which is the "none" (the reverse of any) and "not all" (the reverse of all). Put your items in there with the following configuration:

             

            if ALL

                 if NONE

                      Type is RAM

                      Label is <blahblah>

                      Label is <blahblah>

                 if ANY

                      if all

                           tag is SUN

                           total space  is > <whatever>

                           percent space is < <whatever>

                      if all

                           tag is SUN

                           total space  is > <whatever>

                           percent space is < <whatever>

             

            What you are saying is if

            • None of the "if NONE" options are individually true
            • AND EITHER your first "if any" or your second "if any" block is true

            ...then trigger the alert.

             

            Hope that makes sense.

            1 of 1 people found this helpful
              • Re: Help Regarding Alerts
                naeemfirdous

                So the Alert suppression parameters do not work ? Is this a bug in the application or its purpose is completely different from what we are thinking ?

                Thanks for the work around you mentioned and i applied the approach given by you, i think it works a few days of monitoring would give a better idea if its working fine.

                  • Re: Help Regarding Alerts
                    Leon Adato

                    It's not that suppression doesn't work, it's that suppression works in a way that people don't expect.

                     

                    As I said in my reply, It suppresses your alert if ANY machine, ANYWHERE in your SolarWinds installation has parameters that fit that criteria. It is independant of the alert trigger.

                     

                    To put this in more concrete (if simplified) terms:

                    I want an alert that triggers when a node is down, but suppresses if the node name is "serverABC"

                     

                    My trigger is

                    if all conditions are true

                         if node status is equal to down

                    My suppression is

                    if all conditions are true

                         if node caption is equal to serverABC

                     

                    Now, a few days later the node "router123" goes down. But you don't get an alert.

                     

                    Why?

                     

                    Because you have a node that has a caption of "serverABC", so the suppression trigger was true.

                     

                    Of course, serverABC wasn't down! But the SolarWinds alert setup doesn't work like that. For as long as you have a node named "serverABC" - regardless of whether it is up or down and regardless of whether serverABC is the device that triggered the alert - you are not going to get an alert.

                     

                    Hope that makes more sense.

                  • Re: Help Regarding Alerts
                    superfly99

                    adatole wrote:

                     

                    "Suppress" is the Alert item I wish would go away. It does not work the way ANYONE things it is supposed to. Specifically, the rules in THAT tab do not cross-reference the rules in the trigger tab.

                     

                     

                     

                    I totally agree. That tab needs to be re-written or removed.