Forum Discussion

Nick's avatar
Nick
7 years ago

Ability to set Alert Rules & SDT based upon ‘Tags’ (Auto/Custom/System properties)

Ability to set Alert Rules & SDT based upon ‘Tags’ (Auto/Custom/System properties)

As an MSP with service desk we are looking to automate & dynamically assign alerts and incidents as much as possible, to this end we would like the ability to set either Alert Rules &/or SDT based upon ‘Tags’ (Auto/Custom/System properties) – this would enable dynamism within alert notification & allocation?

The main case scenarios for this are; 

  • Cloud devices (AWS/Azure) there are times when certain VM's, WebApps etc only need to send alerts during specific time periods, such as from 0830 to 1800hrs, outside of these hours no alert notification to be sent. Whilst manually setting SDT on individual devices is available it is not dynamic,

so if a secondary 'Tag' was applied to Cloud VM, Webapp, etc and in turn that this can be shown within the devices Info page (Auto/Custom/System properties) and then have the ability within SDT &/or Alert rule configuration to select these so that we can associate a specific alert notification schedule/allocation based upon the 'Tag' - in effect making the process dynamic as the customer/MSP team would define within their cloud administration secondary 'Tags' on devices they want specific alerting times/allocation setting up on - given the dynamism & fluidity of Cloud based system provision and requirements the current model is not flexible enough and increases the admin burden within LogicMonitor.

  • Alert Rule application based upon Multiple ‘Tags’ (Auto/Custom/System properties) – There is already the ability to set ‘Tags’ at customer group &/or device levels; to enable more dynamism, being capable of setting ‘Alert Rules’ based upon ‘tags’ and multiple ‘tags’ in layers will allow the distribution of alert notifications to teams based upon service level/contract & device/datapoint importance. Customers invariably have devices/systems/services of differing importance and need actions/notification accordingly.

    For example; Different (Auto/Custom/System properties) can be set at ‘Group’ & ‘Device’ levels – ‘Tag 1’ (customer/service desk team group – Platforms, Cloud, Networks, Apps), ‘Tag 2’ Criticality (High, Medium, Low) based upon service level & customer requirements. ‘Alert Rule’ config would be created with the option of selecting ‘Tag 1’ & then ‘Tag 2’ and then applying an escalation chain. Notifications are then sent to the correct team/individual who can then act accordingly.
  • Joe_Tran's avatar
    Joe_Tran
    Icon for Advisor rankAdvisor
    7 years ago

    Is there a use case that won't be satisfied by creating dynamic device groups that use a custom query that populate the group based on a custom query for your desired tags? Since SDTs and Alert Rules already have the ability to work at group levels, it sounds like it should work for you.

  • Nick's avatar
    Nick
    7 years ago
    On 3/23/2018 at 9:20 PM, Joe Tran said:

    Is there a use case that won't be satisfied by creating dynamic device groups that use a custom query that populate the group based on a custom query for your desired tags? Since SDTs and Alert Rules already have the ability to work at group levels, it sounds like it should work for you.

    Hi Joe,

    Whilst this may work in some circumstances it would not allow for the layering of action based upon alert rule/chain, requirement across multiple devices over multiple Cloud tech, cloud/Geo-location & Technology groupings within a defined customer group structure. The ability to apply SDT & Aert Rules based upon selectable custom properties, 'Tags', (if under customer group with tag 1 Or If under customer group with tag 1 & tag 2 etc) would give a logical option for lightest touch on admin and a form of automation. I am looking at this to help with AWS & Azure, (application of secondary tags via cloudwatch/on VM's etc based upon criticality or ?), with the follow-on of this within/across hybridised environments.  

    I hope that I have put enough up here for the train of thought to be followed as I do not want to bore everyone with several paragraphs,:)/emoticons/smile@2x.png 2x" title=":)" width="20"> more than willing to discuss at length offline.