3 Replies Latest reply on Mar 24, 2014 8:20 PM by Adam Boyd

    Advanced Alerts Question.




      Is it possible while using advanced alerts to have different escalation times associated to specific servers.


      For example we are happy to have an escalation email 10mins after original alert for a critical server but for non critical we could easily push that out to 20mins.


      As the advanced alert is global is this possible to have different escalations depending on the server? Or how would I go about achieving this?





        • Re: Advanced Alerts Question.

          Good day,


          Unfortunately, for now you can't specify escalation rules inside a group based on alert's properties.

          To set up different escalation time, based on server IP (name or other 'object' properties), you need to create two groups. In one of them, escalation will take 10 min, in another one - 20 min.

          Next you'll have to go to Settings -> Manage Orion Sources and set up routing to groups in the next way:

          - by default they'll routed to Group1, where escalation is 20 min (not critical)

          - in case 'object' contains the name of your Critical sever (s), alert will be routed to Group 2 and escalation will be 10 min.


          • Re: Advanced Alerts Question.
            Zak Kahl

            I agree with Olha, that I don't think it would be possible in same alert.


            Another solution would be just to add a custom property to the servers (critical, non-critical).  Then just make a copy of existing alert, edit each alert and add custom property to identify the server in question.  Then have escalations on each alert set to what you are wanting (10 mins, 20 mins).


            Hope this helps


            • Re: Advanced Alerts Question.
              Adam Boyd

              Anthony, we use custom properties to achieve this in our environment. The custom property is called Technology_Group_Email, and it can contain a single address or multiple addresses. Basically what we do is, if a node is down the alert will trigger. If the alert is not acknowledged within a certain amount of time (10min) then our other rule which is delayed (10min) will grab the email addresses within the custom property and send to everyone on the list. Hope this helps!