PDA

View Full Version : Alert based on age of event?

kehall
15-10-2008, 22:03
Is it possible to have a condition in the main criteria "event.age" or something similar - that way you can send alerts based on triggers that have been active for e.g. 90secs or greater? This could cut down on alerts where a problem is very short lived (e.g. too many processes for 30 seconds).

Keith
Alexei
16-10-2008, 09:56
You may use escalations for this, just do not define any actions for the first step or first N steps.
kehall
16-10-2008, 11:58
Thanks... Unfortunately this doesn't work as expected...

I created a new alert:
Enabled escalations
Set period to 300 secs
Enabled recovery message
Set Condition Trigger severity = Average

Action step from 2, to 2, period 0... send message to single user, no conditions.

No other actions..

I turned off a service to produce an Average event, then turned it back on after about 120 seconds.

No email during that time... so that bit is ok.

However, 300 seconds after the original event I notice Actions in Events showing "in progress" and I get an email (not right as the fault status is no longer true)!

Now Date/Time : 2008.10.16 - 10:30:28
Event Date/Time: 2008.10.16 - 10:25:26 (age 5m )
Trigger : Windows Time Service not running
Status : ON
Value : 0
Severity: Average


Not only that, but 300+120 seconds later I get another email (but it wasn't the recovery message as that has a different subject line)

Now Date/Time : 2008.10.16 - 10:32:26
Event Date/Time: 2008.10.16 - 10:27:26 (age 5m )
Trigger : Windows Time Service not running
Status : OFF
Value : 0
Severity: Average


So it's not doing what is required.

If it were possible to set a condition in the action "where status = off" then that would stop the first email I think, but then I think the 2nd email would be sent... I don't think the recovery message should be sent unless a problem message had been sent out.

To be honest, IMHO the recovery message should be immediate not delayed, so not sure why it's delaying an 'OK' status email too?

Thoughts?

Regards,

Keith.
kehall
18-10-2008, 13:48
Just wondering if there is a workaround or whether it is a bug, feature enhancement or what, please? :)

At the moment without more control on the condition of actions and escalations etc, emails are flying in all the time and thats a problem because you become immune to "proper" issues then!

Keith