Forum Discussion

Ryan_B's avatar
Ryan_B
7 years ago

Alert tuning instances that do not yet exist (Regex?)

I am working with the built in Cisco_UCS_FaultTable datasource. This reads in a fault table, and generates instances for each entry in the alert table on the device automatically and sets the severity as an integer.

Some of the Cisco set severities are poor, and need to be tuned.  I normally would go to the group in LogicMonitor containing the devices, and then go to alert tuning tab, and add a new alert threshold. I cannot do that here, because I do not want to adjust ALL instances that come from the fault table datasource, and I cannot tune alerts on instances that do not exist.

I know I could clone the Cisco_UCS_FaultTable datasource, and filter out instances I did not want-- but I want to see them, just adjust whether they create a warning, alert, or critical status. Cloning is also unsustainable as the datasources are no longer linked to upstream.

In an ideal world, I could apply tuning at the device group level and use a regex over instances, and say if instance_name ~ license, then set warning (currently licensing issues are considering critical by Cisco). It does not seem this is possible.

Has anyone ran into this before?

  • Joe_Tran's avatar
    Joe_Tran
    Icon for Advisor rankAdvisor
    7 years ago

    I would attempt to build a PropertySource (I'm a novice at Java and Groovy) to grab the license information you want to regex over and build dynamic groups based on said property. Tune Alert Thresholds at the group level as you suggested. 

  • Steve_Francis's avatar
    Steve_Francis
    Former Employee
    7 years ago

    There is no way to apply regex expressions to instances that don't exist, as you note.

    I ran into a similar problem recently, which I solved by adding in a groovy complex datapoint that takes the instance name or description or what-have-you, tests it against a regular expression that is set as a property (so you can set it at group levels, and have it be inherited), and if it matches, evaluates the alert as normal, and if it doesn't, returns a value that makes the alert not trigger.

    Like in this case, testing agains an interface description, and using a property interface_description_alert_enable to contain the regex:

    :

    instance = instanceProps.get("auto.intdescription");
    filterText=taskProps.get("interface_description_alert_enable");

    if (!(filterText) || (instance) && instance.find(filterText) ) { 

      return stuff that you want to alert on }

    else { return a value that wont trigger an alert }

    LMK if you have questions.