12 Replies Latest reply on Nov 3, 2015 7:19 PM by matifbutt81

    Orion Advanced Alerts: Alert based on Team (group)?

    phelpsy

      Ok,

       

      Background:

       

      We have the user groups of the application. The groups are defined as per below

      • Lab: Devices have "Lab" in the name (node name)
      • Storage: Devices have "SAN" in the name (node name)
      • Networks: Every other managed device, no single reference word in the node name.

       

      Each group wants to be able to receive email based alerts for their devices only, doesn't want to receive the alerts for devices they don't manage and don't want to have to do anything special when adding a new device into NPM.

      If we use the advanced default alert "Alert me when an interface goes down" as an example.

       

      Trigger Condition

      ...Trigger Alert when all the following Apply

           Interface Status is equal to Down

      I can add a condition to only alert on SAN or Storage devices by using the the contains variable for example

           field Node Name contains SAN

      But there is no "not contains" variable, so for our network team we cannot exclude nodes with SAN or Storage in the Node Name.

      We've looked at Creating an alert suppression condition

       

      ...Suppress Alert when all of the following apply

           field Node Name contains SAN

       

      As an example, but not sure if it's working.

       

      Is there a better or cleaner way I should be doing this? if so can someone point out how? Any assistance would be appreciated.

        • Re: Orion Advanced Alerts: Alert based on Team (group)?
          cvinka

          I know you don't want to do anything special when adding new nodes, but I think that by creating a custom field for the Equipment with a dropdown of the three types you would have much more control.  If you are putting special text in the node name you are already doing something extra when adding them.  Once you build the new field you can create three alerts, one for each team that will send only to them all based on the contents of that custom field.  You would also be able to setup limitations later on if you do not wish them to see certain equipment in the summaries.

          • Re: Orion Advanced Alerts: Alert based on Team (group)?
            njoylif

            have you looked at Alert Central - its free.

            you could put system name in subject and search and assign based on the key words you are looking for.  That is really what AC was designed for.

            • Re: Orion Advanced Alerts: Alert based on Team (group)?
              zackm

              Trigger Condition

              ...Trigger Alert when all the following Apply

                  Interface Status is equal to Down

              I can add a condition to only alert on SAN or Storage devices by using the the contains variable for example

                  field Node Name contains SAN

              You are so close!

               

               

              Here you go:

              Trigger Alert when ALL of the following apply:
                  Interface Status is equal to Down
                  Node Name contains SAN
              Trigger Alert when NONE of the following apply:
                  Node Name contains LAB
              

               

              As a general rule, I do not personally use alert suppression. I would much rather receive a false positive and fix my alert than to not receive a real alert. (just a personal preference)

               

              As a best practice however, cvinka is ABSOLUTELY correct. Creating a custom property is the best way to accomplish what you are looking for here and makes a much more scalable product in the long run. ie; With a custom property intact, you won't have to worry about how to limit out all of the other network devices that are not SAN or LAB.

               

              Also, what happens in a few years when a massive naming schema change happens at your organization? You don't want to set yourself up for a massive alert/reporting overhaul in the future based off of host names that are easily changed (read: accidentally messed up) in the web console.

              1 of 1 people found this helpful
                • Re: Orion Advanced Alerts: Alert based on Team (group)?
                  Andy McBride

                  I second the warning about using the suppression tab. The problem  is that suppression conditions are always evaluated independently of the trigger condition and kills the trigger. So in your example if any node in the entire database has "SAN" in its name then the trigger would be suppressed. The alert would never fire no matter what the trigger condition is. 

                • Re: Orion Advanced Alerts: Alert based on Team (group)?
                  Ballzo

                  I recently was asked to do this to get alerts to regional groups. In the past I had tried using the systemname field to separate systems but the systemnames did not always follow our naming standard so what I did was create a new custom field named department. Then create an alert for each department.

                   

                  12-3-2013 1-32-09 PM.png

                  1 of 1 people found this helpful
                  • Re: Orion Advanced Alerts: Alert based on Team (group)?
                    mattoz

                    We also use a custom property, called DeviceType.  We use that to direct alerts (some alerts look for devicetype = prod server, others switch/router/whatever), and also to filter views and resources.  So for example, we can run a report showing low disk space on prod servers by filtering out devicetype = NonProd Server.

                     

                    It's much, much more flexible and powerful than naming convention (although we still use st/ss/sp in server names, mostly for AD purposes).

                     

                    For example, say you stand up a new server named spmynewserver.  Set devicetype to non-prod, and you can still take it down or reboot it without triggering an alert.  When it's ready to go live, just set devicetype = prodserver.  You could do the same with any device.

                    • Re: Orion Advanced Alerts: Alert based on Team (group)?
                      phelpsy

                      Hi all,

                       

                      Thank you for your help. I do agree with the use Custom Property, but the only reason I don't want to use it is I was tasked to build the Solarwinds for our teams. I will not be an end user of the server, and I'm trying to account against user Error. I also share the concerns in regard to a change in the naming standards, but I've been advised (internally)that is an separate issue to worry about.

                       

                      I've taken @zackm 's suggestion for now and are in the process of implementing into our instance. Will let you know how it works out.

                      • Re: Orion Advanced Alerts: Alert based on Team (group)?
                        matifbutt81

                        hello-

                         

                        I need some help with setting up alerts , anyway I can migrate alerts from orion 2011.2.1 to sw orion 2015.1.2, I just created all the VMs under Windows node , now I need to ceate alerts , I am running into issue that if I assign the alert its going for every node in the group not just windows only.