How can we help?

Managing Alerts using Alerting 2.0

Follow

Existing alert definitions can be sorted and filtered to find the right one. Select one or more alert definitions to perform a number of actions on them.

New Alerts Management

Beta users will see both the existing Manage Alerts > Alerts and a new Manage Alerts > New Alerts in the lefthand navigation. Users can manage legacy alerts as they always have, while the new page allows users to create new Beta alert definitions and to manage them in a similar fashion.

alert21.png

Similar to legacy alerts, users can navigate to any point in their account hierarchy to view, create and manage the alert definitions relevant to that site. Users can sort the table’s columns and filter the list using various properties using the Search Alerts text box.

Column

Details

Alert Name

The given name of the alert definition.

Severity

Shows the severity of the alert definition.

Status

Indicates whether the alert definition is currently Enabled or Disabled.

Description

The general description of the alert definition. This is useful to help differentiate alert definitions from each other while managing a lot of them. This is set in the Create New Alert workflow in the Alert Description field and is different than the Trigger Message and Clear Message which are the user-customizable messages users can see on the trigger and clear of an alert in various notifications.

Entities Applied To

Lists the entities this alert has been applied to. This could be Collectors, All Devices, a specific Tag, or specific entities.

Permission Access Level

Displays the site the alert was created at, which implies the level of permission required to edit the alert. Since alert definitions can be applied to different sites a user may not have access to, this provides an indication why the user may not be allowed to edit the alert.

By selecting a checkbox beside an alert definition’s name, users can either view, edit, delete, enable/disable or clone the selected alert definition.

Action Button

Details

View

Display the selected alert definition in a read-only view.

Edit

View and be able to edit the selected alert definition.

Delete

Delete one or more selected alert definitions. You will be prompted to make sure you want to proceed. If you delete an alert definition it will be permanently removed.

Enable/Disable

Enable or Disable one or more selected alert definitions. Disabled alert definitions will remain in your list, but will no longer generate alerts and notifications.

Clone

Clone a selected alert to create a new alert definition using the parameters of the chosen alert as default. This is convenient if you have an existing alert with many of the settings you need for a new alert, but you just want to tweak one or two things for a separate alert.

All Alerts View

Triggered alerts, whether from legacy alert definitions or new alert definitions, will continue to appear in the existing All Alerts page. Click on the row to view the Alert Details, or select a checkbox to perform any actions. V2 alerts cannot be dismissed manually but that will be addressed shortly.

alerts22.png

Note: The Pause action button does not apply to Beta alerts (Check out Alert Delay for more details on how we’ve replaced the Auto Pause functionality).

A new field named Source in the Alert Details view will specify if this alert was created from a Legacy or New alert definition.

alerts23.png

We recommend naming your alert definitions accordingly, so you can easily identify new Beta alerts from your legacy alerts (e.g. Beta_Infrastructure Device Offline). If it’s ever unclear where a specific alert came from, just refer to this Source field in the alert details view.

Alert Definition Auditing

User actions to create, enable/disable and delete alerts are captured in the Audit Log. Additionally, edits of individual fields in the alert definition will appear in the Audit Log as well.

Managing Alerts in Multiple Sites and Creating Variants

Navigate to any site within your account hierarchy to view the alert definitions that have been applied to that site. Whether the alert definition was created at the site you’re viewing or at a parent site and then applied to the current site, it will be displayed here.

Editing Alert Definitions

Alert definitions don’t strictly follow a hierarchy in terms of sites inheriting other site’s alert definitions. Instead, an alert definition can be applied to any or all sites that is desired, even if it means skipping levels in the account hierarchy.

An alert definition can only be edited from the site of which it was created (mentioned in the aforementioned Permission Access Level column). When an alert definition is edited, the changes are applied to all sites that it is applied to.

Note: When any aspect of an alert definition is edited it is completely reset in terms of active alerts, Alert Delay timers and any other in-progress states. Due to aspects of the alert definition changing, like the trigger condition, Alert Delay timing elements, and clear conditions, any change to the alert definition will invalidate it.

For example:

  • If an alert definition for a specific site is 4 minutes into an Alert Delay timer (see Creating Alerts) set for 5 minutes and you change the alert definition by changing the Alert Delay timer value, the alert definition is invalided so the timer and other aspects are reset.

  • If an alert has been triggered and is active, but you then change the trigger condition, clear condition, notification channels, or any other aspect of the alert definition, it is invalidated and the active alert will be closed.

Creating Variants for Specific Sites

Sometimes there will already be an alert definition applied at a parent site, but you decide a child site should have a slightly different version or even that the child site should have another similar alert that runs in parallel to the original.

It’s easy to create variants of existing alert definitions by selecting the alert definition in the Manage Alerts > New Alerts table and clicking the Clone action button.

alerts24.png

Start by navigating to the site where you want the different alert definition behaviour to start. For example, if you have an alert definition created at the global site level which is applied to all sites, but you want a multi-site and it’s children to have a different version of the alert, then navigate to that multi-site.

Select the alert definition of interest by clicking the checkbox to the left of it. Now click the Clone button to open an alert definition edit screen with the fields pre-populated based on the selected alert definition.

Now make any changes to the parameters of the alert definition (Check out Creating Alerts for more details), including setting which child sites this variant alert definition should be applied to. Any or all of the child sites can be selected --they don’t all have to be subjected to this new variant alert defined at the parent site.

Before saving this variant alert, if you’re immediately ready for this alert definition to be active, be sure to enable the alert definition using the toggle at the top of the page. If you’d rather make other adjustments to this or other alert definitions first, then leave the toggle off and you can always make the alert definition active later by using the Enable action button on the alert definition table (Manage Alerts > New Alerts) or by editing the alert definition again.

Examples

Say we have a few organizations set up in our global level site and each of those companies have several children sites. Let’s say we want to alert if memory utilization is >= 80%. We could set up a new alert definition at the global level site (Check out Creating Alerts) and apply it to all organizations and sites, then:

Create a Variant to run in Parallel

Quickly create a variant alert definition for CPU utilization by cloning the memory utilization alert at the global level site. An easy change of the trigger condition, while keeping all other settings, will get this new alert definition up and running fast. Both the memory and CPU utilization alerts would run in parallel for all sites under the global level site.

Create a Variant to Replace One or More Sites

Change the sensitivity of the memory utilization alert definition for a specific organization and it’s children while keeping other organizations and their sites the original value (>=80%).

Navigate to the organization we want to create the variant alert for, select the memory utilization alert definition and click the Clone action button. Change the trigger condition to >=60% and apply the alert to all the children sites belonging to this organization.

Finally, return to the global level site and edit the original memory utilization alert definition to now exclude the organization and its children from the original alert. Now the original memory utilization alert definition will run at >=80% for all organizations and site except for the one we created the variant alert for >=60%.

Check out Beta Activities - Creating Your First Alerts article for more examples.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request