How can we help?

Creating Alerts using Alerting 2.0

Follow

Note: For alerting purposes, devices now include interfaces, components and anything else associated with the physical device. This allows users to create rich alert definitions with any data available to the device, including interfaces.

In legacy alerts, if you had 10 interfaces in a single device you wanted to alert on, you had to explicitly include the 10 interfaces and you’d receive up to 10 alerts if any or all of the interfaces met the alert conditions. With Auvik’s new alerts, users can now just ask the device if any or all of its interfaces meet a certain condition in one alert with a single notification outlining any or all of the interfaces.

This means less noise from individual interfaces and a natural grouping of interfaces by their device. It also allows for more compound alerts using both device and interface conditions in the same alert.

Creating an Alert

Create new alerts from the Manage Alerts > New Alerts screen.

To create a new custom alert, click on the Add Alert button from the Manage Alerts > New Alerts page. Unlike legacy alerts, there is no need to select the type of alert (e.g. collector, device, service); instead, the choices you make while building the alert will dynamically add and remove additional options.

alert2button.png

Create New Alert: Define Alert Details

The first section of the Create New Alert workflow will fill in some basic information and specify the scope and severity of the new alert.
alert2create1.png

Alert Enabled

A toggle to specify if this alert is enabled (blue) or disabled (grey).

Alert Name

Provide a short, but descriptive name.

Alert Description

This description is used to help identify and provide more context about what this alert definition is about. This will be referenced within the Auvik portal and can provide context while editing the alert in the future. An additional field named Trigger Message will allow a dynamic message which you’ll see as part of notifications for triggered alerts.

Apply Alerts to the Following Organizations

Alert definitions can be applied to any group of sites in your account hierarchy. If you have a multi-site with three child sites, you could define an alert at the multi-site and choose to only apply it to two of the three child sites.

Apply Alerts to the Following Organizations

Details

This site and all children

Keep the default setting if you’d like this new alert to be applied to the current site you’re viewing and all of it’s children. If this is done at the global site level, then the alert will be applied to every site in the account hierarchy.

Specific organizations

Switch to this setting if you’d like to be able to pick and choose which sites this alert should apply to. You can choose any site at and below the level of the account hierarchy you’re currently viewing and by default all of those sites will be selected. Select or deselect sites as appropriate until you’ve applied the new alert to all the desired sites.

Additionally, use the Auto Apply toggle to specify if this alert should be automatically applied to future new sites that are added to the parent site. When completed with the desired settings, click the Save button to return to the alert definition workflow.

For convenience, Super Admin users are allowed to apply alerts to all sites, even if they don’t have traditional role/site permissions defined under Manage Users. This provides Super Admins no other access to those sites, except to be able to select/deselect them in this workflow.

alert2select2.png

Apply Conditions To

A dropdown named Apply Conditions to allows users to select the scope of this alert definition. The list of options will increase post-Beta to include services.

Apply Conditions To

Details

Collectors

Create conditions to alert on your Auvik collectors.

Devices

Create conditions to alert on desired devices.

Interfaces on a device

Create conditions to alert on any or all interfaces on desired devices.

Advanced (allows mixed expressions)

Create an alert using both device and interface properties.

Device Selection

For Devices and Interface on a device type of alert definitions, users need to define the applicable devices.

 

Device Selection

Details

All Devices

The alert will be applied to all devices in this site.

Devices with this tag

User can select a tag that has already been created which represents a defined group of devices based on the properties of that tag. The site level at which an alert exists will further limit the device selection to the parent and any child sites.

Devices that match these conditions

User can specify the specific conditions which specify a list of devices to use with this alert. This is similar to the user experience of building a tag (see Managing & Creating Tags > Creating Tags).

Severity

Similar to legacy alerts, there are four severity options --Informational, Warning, Critical and Emergency. Clicking the Add button beside the desired severity will add a new section to the workflow and allow you to continue.

Create New Alert: Trigger Conditions

This next section of the workflow allows you to specify the actual conditions you’re looking to alert on. By using boolean AND/OR clauses, you can string together various conditions and define a timing element so the alert doesn’t necessarily trigger immediately.

alert2create3.png

Condition Builder

Use the condition builder to specify the parameters of the alert by utilizing AND/OR boolean statements and various properties of devices.

  • Use + Add Rule to add a new rule to a boolean group. A rule is a device condition you want either to be true or false. For example, Memory Utilization >= 90 is a rule. All rules within a boolean AND/OR group are subjected to that boolean logic. E.g. two rules under a “All conditions must be true (AND)” group specify that both rules must result true for this alert to be successful.

  • Use + Add Group to create a new boolean group. You can chain together multiple boolean clauses each containing different rules. This allows you to create rich boolean statements like (A AND (B OR C) AND NOT D).

  • For advanced (mixed expressions), you can add condition blocks (click + Add Condition Block) to represent device or interface conditions. For each condition block, set the context of that block to either For devices, For ALL interfaces, or For ANY interface. You can add rules and groups to each condition block as described above to create an alert which looks for both device and interface conditions to be true.

alert2create5.png

For the Beta, the following are a list of available device properties:

  • Operational Status

  • Managed Status

  • CPU Utilization

  • Memory Utilization

  • Device Storage Utilization

  • Software Version Has Changed

  • Firmware Version Has Changed

  • Device Name

  • Interface

  • CPU

  • Disk

  • Fan

  • Temp

  • Memory

  • Power supply

  • VM Name

  • Snapshot age

  • Snapshot size

  • Component State

For the Beta, the following are a list of available interface properties:

  • Interface Packet Discards, Total

  • Interface Packet Errors, Total

  • Interface Packet Discards, Received

  • Interface Packet Errors, Received

  • Interface Packet Discards, Transmitted

  • Interface Packet Errors, Transmitted

  • Percentage of Packets Being Broadcasted

  • Total Packets Sent and Received

  • Interface Utilization Percentage

Alert Delay

Alerts which immediately trigger with no delay can cause noise when a condition momentarily flaps or a one-off occurrence self-heals before a user even sees an alert.

In addition to an alert definition’s trigger condition, users can use the Alert Delay setting to introduce certain timing elements which will cause an alert to not trigger until the timing element has been fulfilled.

No Delay

If an immediate alert trigger is desired, the no delay option will create an alert and notification as soon as the trigger condition is met. This may be the desired behaviour, but can lead to a rapid succession of alerts if a device flaps or may result in an alert which self-heals before you even see the notification. To avoid these situations, use one of the following delay settings.

alert2create6.png

Time Delay

Users can simply pick a time in minutes that their alert condition should remain true before any notification is sent. When something first matches the alert’s trigger condition, a timer will begin to make sure that condition holds true for the specified time before creating an alert. If the specified condition no longer matches before the timer reaches the desired alert delay value, then no alert and notifications are created. When this happens, the timer resets and we start over.

For example, let’s say you have some interfaces you want to keep an eye on for packet discards. You know some of a device’s interfaces sometimes have a heavy load and packet discards can sometimes spike, but you don’t consider it a problem until at least one interface on the device has spiked over 100,000 and stays that way for at least 5 minutes. When creating a packet discard alert with a condition threshold of >= 100,000, simply specify a 5 minute alert delay value.

alert2create7.png

Occurrence Delay

Pick an occurrence threshold and a time period to specify the alert condition needs to happen so many times within a specified period before any notifications are sent. The system will keep track of the number of polls within the specified time period where the condition is true. If the count does not exceed the occurrence threshold then no alert and notifications are created. When this happens, the timer resets and you start over.

For example, let’s say you have some interfaces you want to keep an eye on for packet discards. You know some of a device’s interfaces sometimes have a heavy load and packet discards can sometimes spike, but you don’t consider it a problem until at least one interface on the device has spiked over 100,000 and continues to spike at least 75% of the time over 15 minutes. When creating a packet discard alert with a condition threshold of >= 100,000, simply specify 75% of occurrences during a 15 minute period.

alert2create8.png

Trigger Message

The Trigger Message is the summary of the alert you’ll see in notifications when an alert has first been triggered. It is independent of the Clear Message which is used when an alert clears. You can specify references to various properties of the device (such as the make and model of the device) to create dynamic messages to allow you to identify and troubleshoot quickly when seeing an alert’s notification.

For the Beta, you can only specify Collector, Device & VMware properties in the Trigger Message. Interface, Service & other properties will be available post-Beta.

.

For creating alert notifications, go to Creating Alert Notifications using Alerting 2.0

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request