Tag:"alert rules" | LogicMonitor

Is there a way to configure an Alert Rule to only match websites OR resources?
If I have a group under Resources called Production, and I have a group under Websites called Production, because LM only matches things based on Text, there doesn’t seem to be any way to specify which of those I want to match. This also means that if I ever rename a group, I will break the alert rule since the text will no longer match, but that’s a different issue. I wanted to make a catch-all group for resources and one for websites, for anything that isn’t being picked up by an alert rule. But I want them to go to different places which doesn’t seem like it’s possible, unless I’m overlooking something. Thanks.
Solved
Kelemvor
12 months ago Place Product Discussions
99Views
19likes
3Comments
Customer Story - Banking
Customer Story: This US credit union is the largest community-owned financial institution in the US Northwest, offering mortgage loans, savings accounts, auto loans, and more. Industry:Banking Challenge The IT team needed to mitigate “911 events” within their infrastructure. With minimal visibility, each of these events caused the entire team to drop everything to investigate the issue, leading to inefficient work and valuable time spent troubleshooting instead of larger projects. Solution Simple, high-level executive dashboards displayed critical information about the health of the environment, with the ability to drill down on a specific issue. Alert rules and escalation chains improved alert routing to select teams for quick resolution. Business Outcomes 90% reduction in alert noise within 6 months More time spent on innovative projects instead of troubleshooting Improved visibility into network health across the organization Interested in sharing a story about your infrastructure monitoring, processes improvements, or any other successes since implementing LogicMonitor? We’d love to hear it! Feel free to comment below or reach out to us atinnercircle@logicmonitor.comto share your voice.
ashlyn_warblow
2 years ago Place Inner Circle News
80Views
22likes
0Comments
Alert Rule Syntax
Hi, Because LM uses Text-based matching, I know it’s picky about how you configure alert rules with regards to /s and *s in the Group field. I just want to make sure I understand this right. I pulled a list of every alert we’ve gotten for the last year, and compared that to our list of Alert Rules, and found some problems. I noticed we have some things setup incorrectly in our portal and we might be missing alerts. Scenario: Let’s say I have a group called Production Servers. Inside that group I have groups for Web Servers, App Servers, and Database Servers. Let’s also say each of those sub groups have other sub-groups inside of them. Each of the groups has servers in them. If I have an alert rule set with group “Production Servers”, will that find servers that are in the Production Servers group but not in the sub groups? If I have an alert rule set with group “Production Servers*”, will that find servers that are in the Production Servers group AND in any of the sub groups? If I have an alert rule set with group “Production Servers/*”, will that only find servers that are in the sub groups, but not servers that are in Production Servers? Are there any other variations on that I should keep in mind? Thanks!
Kelemvor
12 months ago Place Product Discussions
70Views
5likes
3Comments
Alert Rules Priority Value Duplicates
Is it acceptable for alert rules to have the same priority value if they differ in other properties, such as Group, LogicModule, Instance, or Datapoint? Additionally, can I increase the default alert rule limit from 100 to 1000? If so, will this change affect any alerts that have already been triggered?
agonzalez
6 months ago Place Product Discussions
60Views
4likes
3Comments
Can we get the ability to better control alerts rules (not limited to cloning)?
The ability to clone an alert rule would be fantastic, but being able to create an escalation chain from within an alert rule, so you don’t have to go back and forth, would be fantastic. Can’t tell you how many times I’ve created a rule and get down to the bottom and realize I forgot to make the chain first. It’s incredibly annoying (though I do know i can just save, create the chain, and come back and edit, but I’d like to just be able to do it all on one popup).
Jason_MTSI
2 years ago Place Feature Requests
35Views
17likes
1Comment
How to validate your Alert Rule & Escalation Chain
You must have set up your Alert Rules & Escalation Chains hoping that it is setup correctly. What if it was not set up accurately and it does not Alert the right group or even worse it does not alert at all? The worst thing is for you not to receive an alert when a device is down or let's say you have a disk which is filling up due to logs which have been set to a verbose mode which one of your teammates did not change the level back after troubleshooting. In this article, you will be guided how to setup an effective Alert Rule & Escalation chain. In addition, we will show you how to deliver a live alert without creating any impact to the system in question. Before diving into the troubleshooting steps, below are the difference between Alert Rules and Escalation Chains. Alert Rules are used to tag the respective Escalation Chains when a certain device reaches the defined severity level. You could define this Alert Rule to use an Escalation chain only when a certain data point is reached. Escalation Chains are used to set the delivery method for Alerts. This could be set to deliver your alerts via email, sms, ticketing systems, custom HTTP integrations, etc.You may also set your Escalation Chain to be routed to different groups of people during different times/days. This is useful for different sets of standby engineers for a 24x7 operation. Alert Rules & Escalation Chains are very powerful if used correctly. To begin, we will first create an Escalation Chain. For this example, i will create it for Windows devices. We recommend enabling rate limit as you will not want to receive a flood of alerts. By doing so, it limits the maximum number of Alerts delivered in the defined time. If you are wondering, i created 3 stages for different delivery methods (email, Hipchat & voice). The duration that it takes to move from one chain to the other is defined within the Escalation Interval of the Alert Rule. This is an optional section where we have the ability to route alerts to different people depending on the time and day. It is quite simple, just select the days & timing for the respective stages. This section below for the creation of Alert Rules requires good planning.Alerts are triggered based on on the priority level. It will start from the lowest to the highest number. It should start with the most granular to the most number of wildcards. A common use case is: Create an Alert rule to send Interface related Alerts to the network team Create an Alert rule to send hardware or performance Alerts to sysadmin team Create an Alert rule to send Exchange Alerts to the messaging team Create an Alert rule to send all other alerts to the sysadmin team Another essential portion which we need to focus on is the Group which it is applied to. We get this question asked countless times. It’s an easy fix but it is knowing what to fix. If you set it to * it will apply to all groups - which is great. However, we know that we can’t apply the Alert rule to all devices. We might need to apply different alert rules to a different type of devices (e.g: Server, Switches, Routers, WAN Links, etc). Let's say you have a router “wan01” which resides in the group “Infrastructure -> Critical -> Networking -> Routers -> WAN”. If you apply the Alert Rule to “Infrastructure/Critical/”, your device will not pick up this Alert Rule as it resides in subtree. The fix is simple, just apply the Alert Rule to “Infrastructure/Critical/*”. This will Apply to all subgroups under Critical. Now, once you have set that up, I'm sure you would like to verify if that if the Alert Rule is picked up by the datasource or instance in question. To do so, navigate to the datasource or instance in question. Click on the COG button and it will show you the Alert Rule, Escalation Chain and delivery method for each stage. This is how you can determine if your Alert Rule or Escalation chain is picked up. The next thing is to validate the delivery of an Alert. Yes, we could click on the “Send Test Alert”. I’m sure we prefer to have an actual alert to see how it works. My favourite datasource to use is the Ping datasource with the PingLossPercent datapoint. To trigger an alert, we could change this value to “>=0”. What this will do is to send an Alert when the Ping Loss is more than or equal to 0. To do so, it’s quite easy too.Click on the pencil icon within the line of PingLossPercent. Click on the + sign as this will create an instance level threshold. What you want to do is to set the value to 0 for critical. You should receive the Alerts quite soon after. Once you have received the alerts and verified its all working, remember to remove it as you dont want to get flooded with alerts. I hope this article has provided you with sufficient information on how to setup an alert, test and trigger the Alerts.
Rick_Bath
8 years ago Place Archive
33Views
0likes
0Comments
Allow Multiple LogicModule Selection for Alert Rules
My organization originally committed to only creating tickets for CRITICAL level alerts, but naturally marching orders came down to create ticketsat WARNING with vastly different set of ticket parameters. The kicker--do this only for specific LogicModules. I figured this was easy enough, until I saw that I wasn't able to select multiple LogicModules for any given alert rule. These LogicModules varied names and datapoints. Creating a glob expression that is not going to cause someone to go cross-eyed would be herculean feat. So instead of adding multiple alert rules with the same set of parameters--level, escalation chain, device/website groups--save LogicModule, please add the ability to configure alert rules to accept multiple configured LogicModules.
Joe_Tran
7 years ago Place Archive
26Views
0likes
3Comments
Export Alert rules using API or Reports
Hi, We would like to have a way of exporting all alert rules configuration. Would be great to have build in option for exporting or new Report type or API.
Max
8 years ago Place Feature Requests
17Views
0likes
2Comments
Description in Alert Rules
Hi, I was hoping that you could add the ability to add a description for alert rules. This will make it much faster to understand and document what each alert rule is supposed to accomplish. Thank you, Jeremy
Jeremy_Schulthe
8 years ago Place Archive
9Views
1like
1Comment
Make Instance Groups searchable/filterable
Hello, We'd like to request some more usage for instance groups. Right now, it's just not very useful to group instances on a datasource. We have shared devices with datasources belonging to different teams and we have to create dashboards and alarm rules regarding those. Right now, we have to use the wildcard filter in a "creative" way to have shared devicealerts and dashboards from different teams configured. It would be really helpful if the instance-group namecould be used in Filters. Use-Case: * To configure alert rules for shared devices for different teams, we can group all datasource-instances in instance groups named "teamname" and then filter on "teamname", this works even when we use "*" for device/devicegroup, as long as instancegroup "teamname" is persistent over multiple shared devices. * To have dashboards for shared devices on a per-team base, we can filter for the teamname when creating those dashboards. This also works with "*" as device/devicegroup query, so instances on new devices will be added automatically. Regards, Bastian
Bastian_Jeske
8 years ago Place Archive
7Views
3likes
2Comments