Imdad_Salih
Joined 8 years ago
User Profile
User Widgets
Contributions
Alert Troubleshooting 101
One of the most common support cases we face every day is 'why am I receiving this alert', this article would explain to you the steps on how to determine why are you receiving the alerts. 1) Understand the alert received 2)Checking on validity via raw data and threshold 3)Checking on delivery 1) Understanding the alert received The first step when you receive an alert either via email, textor via any ticketing system is to understand the alert. Understand an alert is to look at which device is the alert for, which datapointand value of the alert. For example in an email alert message, it would appear as per below. LogicMonitor Alert: Host: ##HOST## Host Group: ##GROUP## Datasource: ##DATASOURCE## Datapoint: ##DATAPOINT## Description: ##DSIDESCRIPTION## Value: ##VALUE## Level: ##LEVEL## Start: ##START## Duration: ##DURATION## Reason: ##DATAPOINT## ##THRESHOLD## ##ALERTID## 2) Checking on validity via raw data and threshold Next, once you determined the alert source, you need to understand why this alert is triggered. This can be done by first looking at the threshold that is set for that particulardatapoint.After checking the threshold you can go to the raw data tab of the datapoint to check if it meets the threshold being sent. For example In this case, a critical alert was received and a threshold of 80 90 95 and an alert will only be triggered if you have 20 consecutive polls that fall within this range. Now the next step would be to check on the RAW DATA tab to determine if this condition was met. Judging from the raw data above if you look at the values all the 20 polls have met the threshold level of 80 90 95, but to determine the level of the alert it would be the last poll since the last poll was 96.67 will falls to the range of a critical alert thus a critical alert was send. 3) Checking on delivery The last process is to check the alert rule and escalation chain to see if it was applied to the correct rule and escalation chain. To do so you can go thealert tuning tab and check on the alert routing for that particular instance and datapoint. Here you can see that the Alert Rule applied is Critical - Default and the Alert Chain/Escalation Chain isCritical - Default. Under the Alert Chain is the list of email address that will receive a notification, when the threshold is met.1View0likes0CommentsWhat is regex and how to use it in LogicMonitor
Our Tech Support team occasionally received some customer's questions related toRegEx usage within LM environment, Regex can be complicated if you do not know how to use it, however, it can be a very useful tool for you here in LM. I am going to cover 4 topics in this article, they are: 1) Basic general examples on Regex 2) Regex text match for HTTP Datasource 3) Using Regex for dynamic groups 4)Using Regex to filter out results from Datasources 1) Basic general examples on Regex How to use ^' and ‘$’ Below teaches you how to use the symbols ^ and $. These symbols are to indicate start or end of the string. “^Hello" matches any string that starts with "Hello". “Percentage used$” matches a string that ends in with “Percentage used". “^def$" a string that starts and ends with "def" - effectively an exact match comparison. “Percentage Used" a string that has the text “Percentage Used" in it. You can see that if you don't use either of these two characters, you're saying that the pattern may occur anywhere inside the string -- you're not "hooking" it to any of the edges. How to use '*', '+', and ‘?' In addition, the symbols '*', '+', and '?', denote the number of times a character or a sequence of characters may occur. What they mean is: "zero or more", "one or more", and "zero or one." Here are some examples: “ab*" matches a string that has an a followed by zero or more b's ("ac", "abc", "abbc", etc.) “ab+" same, but there's at least one b ("abc", "abbc", etc., but not "ac") “ab?" there might be a single b or not ("ac", "abc" but not "abbc"). “a?b+$" a possible 'a' followed by one or more 'b's at the end of the string: Matches any string ending with "ab", "abb", "abbb" etc. or "b", "bb" etc. but not "aab", "aabb" etc. How to use Braces { } You can also use bounds, which appear inside braces and indicate ranges in the number of occurrences: “ab{2}" matches a string that has an a followed by exactly two b's ("abb") “ab{2,}" there are at least two b's ("abb", "abbbb", etc.) “ab{3,5}" from three to five b's ("abbb", "abbbb", or “abbbbb") --- Note that you must always specify the first number of a range (i.e., "{0,2}", not "{,2}"). Also, as you might have noticed, the symbols '*', '+', and '?' have the same effect as using the bounds "{0,}", "{1,}", and "{0,1}", respectively. Now, to quantify a sequence of characters put them inside parentheses: “a(bc)*" matches a string that has an a followed by zero or more copies of the sequence "bc" “a(bc){1,5}" one through five copies of "bc." How to use '|' OR operator There's also the '|' symbol, which works as an OR operator: “hi|hello" matches a string that has either "hi" or "hello" in it “(b|cd)ef" a string that has either "bef" or "cdef" “(a|b)*c" a string that has a sequence of alternating a's and b's ending in a c How to use Period (‘.') A period ('.') stands for any single character: “a.[0-9]" matches a string that has an a followed by one character and a digit “^.{3}$" a string with exactly 3 characters How to use Bracket Expressions "[ ]" Bracket expressions specify which characters are allowed in a single position of a string: “[ab]" matches a string that has either "a" or "b" (that's the same as "a|b") “[a-d]" a string that has lowercase letters 'a' through 'd' (that's equal to "a|b|c|d" and even "[abcd]") “^[a-zA-Z]" a string that starts with a letter “[0-9]%" a string that has a single digit before a percent sign ",[a-zA-Z0- 9]$”a string that ends in a comma followed by an alphanumeric character You can also list which characters you DON'T want -- just use a '^' as the first symbol in a bracket expression (i.e., "%[^a- zA-Z]%" matches a string with a character that is not a letter between two percent signs). In order to be taken literally, you must escape the characters "^.[$()|*+?{\" with a backslash ('\'), as they have special meaning. On top of that, you must escape the backslash character itself in PHP3 strings, so, for instance, the regular expression "(\$|A)[0-9]+" would have the function call: ereg("(\\$|A)[0-9]+", $str) (what string does that validate?) Just don't forget that bracket expressions are an exception to that rule--inside them, all special characters, including the backslash ('\'), lose their special powers (i.e., "[*\+?{}.]" matches exactly any of the characters inside the brackets). And, as the regex manual pages tell us: "To include a literal ']' in the list, make it the first character (following a possible '^'). To include a literal '-', make it the first or last character, or the second endpoint of a range." --------------------------------------------------------- 2) Regex text match for HTTP Datasource Below is an example of a regex text match case I attended before. In this case, thedatasource will look for the specific text in that webpage and will return a 1 of the text exist or return a 0 if there are no text. --------------------------------------------------------- 3) Using Regex for dynamic groups You can create a group that filters out a specific range of IP address based on the Regex given: /monthly_2017_04/Pic3.png.5cfeea779bc77c9b10050a0d15d9d810.png" rel=""> Based on this expression it filters out 7 devices. Using a regex calculator to test this expression. However do note in Lm it must be formatted as join(system.ips,",") =~ “10\\.15\\.20[01]\\." \\ we do not accept just a single \ --------------------------------------------------------- 4)Using Regex to filter out results from datasources You can use regexMatch to filter out different types of windows services so that you do not need to display all the unwanted services that are not required. ---------------------------------------------------------23Views2likes0Comments