Forum Discussion

Gary_Dewrell's avatar
5 years ago

Alert Rule Groups

I would like to see the concept of Alert Rule Groups.  I have a lot of alert rules.  We are an MSP and we host several different applications for customers in our  datacenters. 

Some alerts need to go to our infrastructure team, some to one of the application teams, and others might go to our support teams. I would love to have some type of grouping option in the alert rules page so help organize our many different alert rules. 

Thanks!

 

  • Anonymous's avatar
    Anonymous

    Just for organizational and visual focus purposes, yeah? No functional aspect to the group?

  • Just now, Stuart Weenig said:

    Just for organizational and visual focus purposes, yeah? No functional aspect to the group?

    For me it was just for visibility. I suppose you could have some wettings that could be set at the group level like in all other groups just to save time. 

  • Anonymous's avatar
    Anonymous

    Yeah, that's a good idea. Like an overall filter that is common on all the rules in the group. The thing that would be really tough would be RBAC rules. That might give admins the idea that it's ok to farm out alert rules. However, it's not because then anyone could thwart the alert routing by muxing up the priorities. 

    Would you want to see something that would enforce priorities to stay within a range, set at the group level?

  • You are making me think way too hard this early in the morning! :)/emoticons/smile@2x.png 2x" title=":)" width="20" />  
    I would have to defer to your great wisdom on this one. I see the potential for issues as you mentioned above. 

     

  • Anonymous's avatar
    Anonymous
    2 hours ago, Gary Dewrell said:

    your great wisdom

    Captain America Laughing GIF by mtv

  • We have generally attacked this issue with priority range conventions (so far, each client has been NNXXX where NN is the client number and XXX is the rule number (changing soon to NNXXXX). We have one script for a while to renumber rules into a new range, and we are working on a way to ensure standard rules are in place for all clients.  As @Stuart Weenignotes, Alert Rules are one of the monolithic areas for which we cannot delegate access -- having some way to partition them within the existing RBAC mechanism would be welcome (along with other monolithic settings, like escalation chain, etc.).  Being able to have alert templates that could then be filled in with group-level properties would be welcome. Being able to clone rules would be welcome. Being able to select multiple severities in one rule would reduce the need for cloning :). 

    Ultimately, as an MSP it is very hard to maintain consistency in rule design without scripting, which I assume is one of the main goals of this request.