Does this frustrate anyone else?

Question

The alert id isn’t the same as the alert id. No attempt is even made to explain the different IDs:

mike_moniz · Accepted Answer

Yeah. The LMx# ID is tied to the specific device datasource instance that is alerting. So an alert for Server01’s C: drive free space will always have the same LMx# alert id each time. Even for alerts that occur years apart. The 3rd letter will depends on the alert type. D=device, S=website, A=Collector, etc.

The DS# ID is tied to the specific situation and time. So for example a warning alert that occurred at 1am. This ID changes although if the alert situation changes, for example if the alert changing from warning to error then the ID changes. I think because the system kinda clears the warning and then alerts and error, but will pass previous alert state.

I guessing this is because it’s useful for the GUI show alerts the way it does. It does mean that neither ID is useful for linking to tickets. The LMx# id is too long-term and the DS# is too short. You kinda have to either let LM to the tracking via ##EXTERNALTICKETID## or setup the ticketing/integration system o have complex logic to track alerts and keep it’s own state of each alert and it’s ticket.

patrick_friar · Answer

@Mike Moniz&nbsp;the unique DS# is more useful internally than externally as it can be referenced in our backend logs when investigating issues with specific alerts, the associated LMD can be checked to verify during these searches as well as in alert frequency reporting, etc.While I don’t have any hard data on the design I would think that using LM-generated IDs in ticketing systems might lead to some very sporadic behavior and ultimately cause more of a headache, hence allowing the ticketing systems to follow their own ID schema.

stuart_weenig · Answer

Yeah, I knew about the differences. Just two frustrations: 1) if there’s a different ID for the recurrence, why can’t there be a recurrence count and bundling of alerts by the LMx ID (and alerting based on recurrence count). 2) Did you know that the tokens are swapped? ##ALERTID## has the DS alert number and ##INTERNALID## has the LMx ID?

Where’s the documentation on this?

mike_moniz · Answer

I understand. The issue is that you need to be able to map alerts to tickets, and tickets to alerts. Generally you do that by some sort of mapping. For example alert 873 = ticket 235. But LM doesn’t have an alert id that you can map. The ticketing system has to rely on LM keeping it informed on alert changes (which it does not always do, but much better than before) or separately tracking alert states.

Just imagine how much work LM would need to do if the ticket number changes every time its state changes. If the ticket number changes ween the ticket is open, pending, waiting for customer, etc. I once spent over a month working with a 3rd party integration/glue product to implement logic to deal with this. But it is doable and if possible best to try to use ##EXTERNALTICKETID## when possible.

stuart_weenig · Answer

We actually don’t pass directly to our ticketing system, so the external ticketid token is basically useless. If we could use the API to come back in and set the externalticketid on an alert, that would be awesome. As it is, we currently just modify the note on the alert to contain the real external ticket id.

david_bond · Answer

@Stuart Weenig&nbsp;Both are important.The LMD number (or LME, or LMS etc. depending on the alert type) is what we (Panoramic Data Limited) calls the “Problem Signature” and relates to the INSTANCE/DATAPOINT tuple.&nbsp; For example “Downlink throughput on Bandwidth Router 5’s GE1/0 interface”.This can reliably be used as the identifier&nbsp;for the Incident.&nbsp; That way, if the bandwidth keeps spiking, you don’t keep opening new tickets, you just update the old one.The DS (etc.) id is unique to the alert NOTIFICATION and will not be repeated.&nbsp; This can be used to tag the Comment that you add to the ticket, each time you get a bandwidth spike.LogicMonitor’s built in “Integrations” are useless for this, of course - they just keep spamming incidents into the ITSM without a care in the world.&lt;Incoming advert&gt;Our AlertMagic system fixes all this - just point it at your ServiceNow / AutoTask / Cherwell / Dynamics etc. system and it does the rest.If you’re interested, give me a yell via Linked In or fill in some details here:&nbsp;https://alert.magicsuite.net/David

Forum Discussion

Does this frustrate anyone else?

9 Replies

Related Content

Is anyone else getting issues creating Bandwidth Reports on Switches?

How is everyone else handling network interface ID changes?

Anybody else disabling Meraki instances by default?

Does anyone have any experience with monitoring Windows Processes?

Anyone doing PostFix monitoring?

Recent Discussions

ESX Host Services?

Issues with Set-LMWebsiteGroup

What not to do when developing code

REST API 503 errors

Anyone else have issues logging into these new forums with Firefox?