Forum Discussion

Kelemvor's avatar
Kelemvor
Icon for Expert rankExpert
7 months ago

Can't tell if past alerts were during an SDT or not?!

I consider this a bug, but maybe it's WAD and needs to be reevaluated.

When an alert occurs during an SDT, the "IN SDT" field for that alert gets set to True.  This is good because the alert is during an SDT.  The problem is that once the alert clears, even if it's still in an SDT, the IN SDT field gets changed to False.  This is not good.  Because it does this, there is no way to run a report on alerts for the week/month/whatever and tell which ones were during an SDT and which ones weren't.

Example:

We do patching every month and this causes some of our websites and servers to go down, and CPUs to spike, while things are installing and rebooting.  We set these to an SDT because we know it's going to happen.  When we go to run our monthly alert reports, we see lots of errors for uptime, ping, CPU, etc from the checks that ran during the reboot.  We don't need to investigate these because they were during SDT which means they were expected.  When I set the IN SDT field to False in the report, assuming it's going to then show me only the alerts that occurred outside of an SDT, that's not what I get.  I get EVERY alert because that field gets set to False for every alert when it clears.

I don't understand what the rationale is for doing this as it removes very important functionality for anyone who runs reports after-the-fact.  Simply leaving the IN SDT field alone, when the alert clears, would solve this problem.  If the alerts cleared while in an SDT, leave the field as True.  If the alert cleared wile not in an SDT, leave the field as False.  That way I can tell, and run reports on, which alerts were expected and which were not.

Thanks

  • I still suggest filing a Feature Request in the LM portal. I do know they do see them, they even get an internal tracking ID, and LM has reached out to me about them in the past. Doesn't mean they will take action on it but the more people that file them, perhaps the more likely they will at some point.

    I haven't checked this in years. But find a device that generated an legit alert while it was not in SDT. Put that device in SDT right now and run the report. It will show that the past alert is IN SDT when it was not in SDT at the time of the alert. This is because LM does not track SDT to the alert, just report on the current SDT state at the time of your report. So there is no field to leave alone.

    • Anonymous's avatar
      Anonymous

      It is a good idea to go ahead and submit the request. They have been rolling out "Product Board" which is an enterprise level software solution to handle feature requests. One of the reasons we moved to a new community platform is because it should make integrating with PB easier (though it's obviously not ready yet). 

      I did recently see ConnectWise's feature request system and it's fantastic. Customers can view the list of issues simply by logging into the support portal. They can upvote issues and see the current vote count. Issues you've upvoted always show up a the top, but you can see that there are other issues that have many more customers asking for, justifying not fulfilling a feature right away. There are email notifications when a FR has a status change. LM will get there someday.

  • Yeah, I reported about this years ago. Suggest submitting as a feature request as mentioned. The issue is that the SDT state is not stored with the alert so it's not as simple as just leaving it alone (but wouldn't think it would be all that hard to add). It only reports if the SDT is set at the time of the report (so can cause false positives). Ended up mostly reporting out of the ticketing system since tickets are not generated during SDT.

    • Kelemvor's avatar
      Kelemvor
      Icon for Expert rankExpert

      I've had 3 or 4 people from LM tell me that this problem gets reported all the time and they've been hearing about it for years.  You even said you reported it years ago.   This is why I have 0 faith in submitting a "Feature Request" because it just goes into a black hole.

      If I run a report on alerts, while an active alert is in an SDT, there is a field called IN SDT that will show True.  When the alert clears, something then sets that field to False.  It seems like it they'd just leave that field alone, it would do exactly what the field is called, and report if the alert occurred while the device was IN SDT.  Maybe there's no behind the scenes, but if that field was left as True if the SDT was still active when the alert cleared, then we could report on it very easily.

      Ah well.  I won't hold my breath.

      • Anonymous's avatar
        Anonymous

        I have 0 faith in submitting a "Feature Request" because it just goes into a black hole.

  • Anonymous's avatar
    Anonymous

    LM definitely considers this WAD, so it'll have to be a feature request and wait. Many have complained about this.