Search 85,948 posts and 653 resources contributed by 43,576 members or post a topic.

Already Joined? Sign in
Advanced Alert Management - My Arch Nemesis

Page 1 of 1 (5 items) | RSS

rated by 0 users
Answered (Verified) This post has 2 verified answers | 4 Replies | 1 Follower | 218 Views


498 Posts
Points 1,707
byrona posted on Fri, Feb 5 2010 11:37 AM
rated by 0 users

I have once again found myself with an interesting use case for which I can't find a good solution.  Advanced Alerts has once again taken me out back and beaten the $%&* out of me.

I have a generic Advanced Alert set to notify my NOC anytime an application component goes down.  I need my NOC to be aware of all of these.

I also have several cases where I have specific people/customers that want a notification when specific application components go down.  Crafting advanced alerts to accomplish this is not a problem.

The problem is that I end up in a situation where only one application component goes down but I end up with several alerts in the All Triggered Alerts view.  Having a bunch of Triggered Alerts showing up for a single incident is less than favorable.

The only thing I could think of that would solve this particular problem would be to have an option on any given Advanced Alert to have it NOT show up in the All Triggered Alerts view.

Any advice to help me with my plight would be greatly appreciated!!!

------------------------------------
Byron Anderson
IT Project Manager
Monitoring & Standards Specialist

  • | Post Points: 3

Answered (Verified) Verified Answers


14 Posts
Points 72
Answered (Verified) quantus replied on Fri, Feb 5 2010 3:02 PM
rated by 0 users
Verified by MarieB

I think I have a similar situation but I could see this getting really complex if the conditions get more complicated than what I have. Here's what I do:

If I understand correctly, you have this situation presently:

Alert 1: ANY app goes down. Action: Notify NOC team

Alert 2: App A goes down. Action: Notify Team A

Alert 3: App B goes down. Action: Notify Team B

What I do looks like this:

Alert 1: ANY app goes down. Action: Notify NOC team. Supress if App= App A, B

Alert 2: App A goes down. Action: Notify Team A AND NOC team.

Alert 3: App B goes down. Action: Notify Team A AND NOC team

etc.

As long as you have only one team per app plus the NOC team, this is pretty straightforward, just add another suppression condition to the first alert every time you add a new specific app alert.

Solarwinds: NPM SLX--Netflow SLX--IPSLA--NCM
Hardware: Cisco Catalyst--Nexus--FWSM--ACE--IDSM--WAAS--PiX-Unity
Environment: z/OS Mainframe--Wintel Distributed/Virtualized--MPLS WAN--IPSec VPN

  • | Post Points: 25

498 Posts
Points 1,707
Answered (Verified) byrona replied on Mon, Feb 8 2010 2:12 PM
rated by 0 users
Verified by MarieB

quantus:

I think I have a similar situation but I could see this getting really complex if the conditions get more complicated than what I have. Here's what I do:

If I understand correctly, you have this situation presently:

Alert 1: ANY app goes down. Action: Notify NOC team

Alert 2: App A goes down. Action: Notify Team A

Alert 3: App B goes down. Action: Notify Team B

What I do looks like this:

Alert 1: ANY app goes down. Action: Notify NOC team. Supress if App= App A, B

Alert 2: App A goes down. Action: Notify Team A AND NOC team.

Alert 3: App B goes down. Action: Notify Team A AND NOC team

etc.

As long as you have only one team per app plus the NOC team, this is pretty straightforward, just add another suppression condition to the first alert every time you add a new specific app alert.

As an important note, you don't actually want to use the suppress tab in this case as if you do you will not receive any alerts to the NOC team for anything so long as App A and/or B is down.  Instead you need to build this into the alert criteria.

------------------------------------
Byron Anderson
IT Project Manager
Monitoring & Standards Specialist

  • | Post Points: 21

All Replies


14 Posts
Points 72
Answered (Verified) quantus replied on Fri, Feb 5 2010 3:02 PM
rated by 0 users
Verified by MarieB

I think I have a similar situation but I could see this getting really complex if the conditions get more complicated than what I have. Here's what I do:

If I understand correctly, you have this situation presently:

Alert 1: ANY app goes down. Action: Notify NOC team

Alert 2: App A goes down. Action: Notify Team A

Alert 3: App B goes down. Action: Notify Team B

What I do looks like this:

Alert 1: ANY app goes down. Action: Notify NOC team. Supress if App= App A, B

Alert 2: App A goes down. Action: Notify Team A AND NOC team.

Alert 3: App B goes down. Action: Notify Team A AND NOC team

etc.

As long as you have only one team per app plus the NOC team, this is pretty straightforward, just add another suppression condition to the first alert every time you add a new specific app alert.

Solarwinds: NPM SLX--Netflow SLX--IPSLA--NCM
Hardware: Cisco Catalyst--Nexus--FWSM--ACE--IDSM--WAAS--PiX-Unity
Environment: z/OS Mainframe--Wintel Distributed/Virtualized--MPLS WAN--IPSec VPN

  • | Post Points: 25

498 Posts
Points 1,707
byrona replied on Mon, Feb 8 2010 9:35 AM
rated by 0 users

Thanks, this is a good solution, probably the best I will get.

Unfortunately as things grow I expect to have somewhere in the realm of 50-100 apps at which point this may be a bit of a mess.

------------------------------------
Byron Anderson
IT Project Manager
Monitoring & Standards Specialist

  • | Post Points: 3

43 Posts
Points 88
kbrewer replied on Mon, Feb 8 2010 9:48 AM
rated by 0 users

Another option would be to be able to setup views of with subsets of the active Alerts, rather than just All Active Alerts.

Ken Brewer Network Engineer USG Corporation

  • | Post Points: 1

498 Posts
Points 1,707
Answered (Verified) byrona replied on Mon, Feb 8 2010 2:12 PM
rated by 0 users
Verified by MarieB

quantus:

I think I have a similar situation but I could see this getting really complex if the conditions get more complicated than what I have. Here's what I do:

If I understand correctly, you have this situation presently:

Alert 1: ANY app goes down. Action: Notify NOC team

Alert 2: App A goes down. Action: Notify Team A

Alert 3: App B goes down. Action: Notify Team B

What I do looks like this:

Alert 1: ANY app goes down. Action: Notify NOC team. Supress if App= App A, B

Alert 2: App A goes down. Action: Notify Team A AND NOC team.

Alert 3: App B goes down. Action: Notify Team A AND NOC team

etc.

As long as you have only one team per app plus the NOC team, this is pretty straightforward, just add another suppression condition to the first alert every time you add a new specific app alert.

As an important note, you don't actually want to use the suppress tab in this case as if you do you will not receive any alerts to the NOC team for anything so long as App A and/or B is down.  Instead you need to build this into the alert criteria.

------------------------------------
Byron Anderson
IT Project Manager
Monitoring & Standards Specialist

  • | Post Points: 21
Page 1 of 1 (5 items) | RSS

© 2003 - 2010 SolarWinds, Inc. All Rights Reserved.

Who is SolarWinds?

SolarWinds is rewriting the rules for how companies manage their networks. Guided by a global community of network engineers, SolarWinds develops simple and powerful network management software and network monitoring software for networks of all sizes. SolarWinds also offers a network certification program to become a SolarWinds Certified Professional (SCP).

What is thwack?

thwack, SolarWinds online community site, was designed by network engineers, for network engineers. thwack is a vibrant, growing community of more than 30,000 IT pros who share a passion for technology.

Explore Resources, Answers, Templates, and Advice

Download Free Networking Tools

Learn More About SolarWinds Products