The Auvik alert watchdog automatically discovers alerts that are causing too much noise and need tuning.
Once a noisy alert is discovered, the watchdog will automatically:
- Disable an alert for 24 hours on the affected entity (network, device, interface, service, or component) when it triggers five times within 24 hours.
- Disable a device alert for 24 hours when a device component triggers 25 or more alerts within 24 hours — e.g., if a number of device interfaces trigger more than 25 packet discard(s) alerts within 24 hours, the alert is disabled for the device, not the specific interface(s).
If either of these scenarios occur, you’ll receive a notification telling you the alert’s been disabled via the specific alert’s mapped notification channel. You’ll then have 24 hours to update the alert definition, which will re-enable it.
If the alert isn’t updated within 24 hours, it’ll be automatically re-enabled with the same definition—which could cause the alert to cycle between being enabled and disabled temporarily.
If the noise persists after editing the alert definition, please contact our Technical Support team for assistance.
Purging noisy alerts
After analysis, the alerts we’ve discovered to be the noisiest are:
- Auvk collector disconnected
- Configuration polling
- High broadcast traffic
- High CPU utilization
- High interface utilization
- High memory utilization
- High storage utilization
- Packet discard(s)
- Packet error(s)
- Printer offline
- Printer - low paper
- Printer - out of paper
- Printer - paper jammed
For these specific alerts, historical alert data older than six months will be aged out periodically. As a result, if you access Auvik alerts through an integrated tool or open an old alert email, the link to the alert could lead to a 404 page.
Purging alerts, won’t affect the underlying data Auvik uses to create alerts, which will still be accessible until its retention expires.