Products documentation

User Tools

Site Tools

You are here: Welcome to Redpeaks Wiki » products » Supported versions » Redpeaks V7.0 » Redpeaks User guide » Settings » Alarm rules
products:promonitor:latest:userguide:administration:alarmrules

Table of Contents

Alarm rules

Alarm rules allow to filter and redirect alarms toward existing plugins.

By example, you could do the following:

  • Send all SAP jobs alarms to Bob by email
  • Send internal alarms to Redpeaks admin by email
  • If non office hours, send system CRITICAL alerts by SMS
  • Decrease alert severity for non production systems
  • Discard non CRITICAL alerts from JAVA stacks of customer X
  • Send all alarms from customer A to ServiceNow plugin
  • Send all alarms from customer B to ScienceLogic SL1 plugin

Configuration

Activation

  • By default, alarm rules are not active
  • All generated alerts are propagated to all active plugins
  • Use the activation button to enable alarm rules processing.

Warning:

  • If alarm rules are enabled, but no rules are defined, no alerts will be propagated to any plugin.
  • You should at least define a rule that will take care of the default propagation of the alerts.

Rules definition

  • Created rules will be organized in a table in a predefined order.
  • Rules will be processed in the order displayed in the table
  • You can move a rule up or down
  • Press Add button to create a new rule.
  • Set a meaningful name and a description to define your rule

Stop on first match:

  • If enabled, the alarm won't be processed by the next rule if it matches current rule filters.
  • Useful if you want to restrict or prevent the propagation of some alerts

The configuration of the rule consists of setting following parameters:

  • Plugins: Where the alarm will be sent if matches all filters
  • Schedule: Define when the rule is active
  • Severities: What serverities to handle
  • Filter: What alarm parameters are expected
  • Action: What is going to be done with the alarm if all filter matches

Plugins

  • Select the list of plugins that will be used to propagate the alert if it matches the rule filters
  • Unless the selected action is Reject, each plugin from the list will receive the alarm.

Schedule

  • Define when the rule is active
  • You can define a time window within the day, some day of the week or a specific date
  • Dates field can remain empty
  • By example, you can use this option to send an alert by SMS to the support team during non office hours.

Severities

  • Define the alarm severities to match
  • Process only alarms with a matching severity
  • You can by example process only MAJOR and CRITICAL alarms

Filters

  • Filter will be applied on alarm parameters
  • Only the alarms that matches the filter will be processed by the Action
  • The filter will apply on one or several components:
    • Group: The group of the system for which the alarm is generated.
    • System SID
    • Stack type: ABAP/JAVA/SYBASE/HANA/BO
    • System tag: The tag associated to the group
    • Module: The module ID of the alarm
    • Alarm tag: The tag associated with the alarm
    • Alarm message: The message itself
    • Alarm count: The number of times the alarm has been triggered since first raised time. Reset to 1 when cleared.
    • Agent: The agent from which the alarm is coming from
  • The filter will compare the component value of the alarm with a value, by using following comparators:
    • Equals: Strictly equal to a given value (case insensitive)
    • Matches with: A way to check that value contains at least some part of text (see example below)
    • Different than: Is strictely different than a given value
  • The filter will evaluate the rules in the predefined order, using the selected operator
    • AND: All rule must be true
    • OR: At least one rule must be true

  • Matches with examples
Operation Filter value Comment
contains ABC Matches if value contains text 'ABC'
contains any ABC, DEF, GHI Matches if value contains at least one of the coma separated text
contains all ABC + DEF Matches if value contains all coma separated text
excludes !ABC Matches if value does not contain 'ABC'
excludes all !ABC, !DEF Matches if value does not contain any of the coma separated text
Regexp .*ABC.*DEF$ Matches if value contains ABC and ends with DEF

Actions

  • Defines how to process the alert if it matches all above filters, including schedules and severities:
    • Process: Simply propagate the alert to the selected plugins
    • Reject: Discards the alert
      • If you want the alarm to be completely rejected, you must enable: Stop on first match
    • Send to: Send the alert to the specified recipient (Needs to be associated with email plugin)
    • Transform: Modifies the content of the alarm

Transform:

  • Allows to modify the alarm severity

Transform syntax:

  • severity+X : Increase the level of severity by X
  • severity-X : Decrease the level of severity by X
  • severity=X : Set the level of severity to X

Note: More transform capabilities to come.

products/promonitor/latest/userguide/administration/alarmrules.txt · Last modified: by rbariou