I recently began a Solarwinds implementation from the ground up for a client and their was interest in using Alert Central. The client has multiple monitoring solutions in place and would like to create a better workflow for their notifications. I am trying to get a better understanding for how people are implementing Orion as a source and setting up the groups that would receive notifications from Orion. As it stands today I have roughly 6 groups. I was planing on making a main group to route to (Network Opps) that would consist of the users that would typically be working on the alerts. The other groups would consist of users that work on the applications being monitored as the organization has multiple in house developed apps that are constantly being developed and tweaked. My goal would be to filter appropriate emails pertaining to a group and provide them with an escalation setup in case a notification is not reviewed in a timely manner. What i have ran into thus far is the creation of two or more filters per server or application whenever i want push notifications for a particular server being monitored. Is their a best practice for setting up filters to limit the amount of filters being setup?
Another complaint I have from the users thus far is how generic the source Orion alerts are within alert central. The users can't distinguish what the alert is stating. An example of this is a WPM alert which was triggered for a url that was not responding. The alert that was sent to the user and stated the source was from Orion, the object lists the host-name of the server and the particular URL being monitored, which I detailed. Severity has always said Warning for all alerts being triggered (any way to make this more responsive to the monitor triggered.) and who was notified is stated. The first thing the user did was email me and ask what does this mean. The monitoring for this particular example is strictly just up or down. I do have some URL's being monitored that identify what is in the body of the web page but even than it doesn't state if the monitored triggered is for the url being down or a specific param.
Since their is next to no documentation on best practice and absolutely no assistance from Solarwinds support I am putting this out on the forum to see what others are doing with the product.
Would it be best to use Advanced Alert Manager to build out custom alerting and relay that into alert central via the alert central email? If I do this is their was way to then push the source emails from Orion through Advanced Alert Manager?
Any insight on best practice for building multiple groups and routing to each group with Orion as the source would be greatly appreciated.