cancel
Showing results for 
Search instead for 
Did you mean: 

Identify top threshold alerts based on its occurrences.

TushR
05 Base Camper

Identify top threshold alerts based on its occurrences.

Dear Team,

 

Can we check which threshold alerts have max occurences?

I can see dispatched messages in "DIspatch Central" but I want to identify the alerts which are triggered alot.

 

Lot of alerts are configured and in order to reduce the alerts, first I want to check which one is max occurrence so that I can change its criteria or change its configuration.

 

Thanks,

tushR

1 ACCEPTED SOLUTION

Accepted Solutions
David_Sun
Expert

Re: Identify top threshold alerts based on its occurrences.

Hi tushR,


To count the number of occurances of a particular threshold condition or analyst rule, you can use the combine function of display.

Usually the same alert is sent to Probsum record as well so we can utilize this record to get the total of the alerts by conditions/rules.

Create a new display with PROBSUM record, and enable the META field .combineRowCount in the Data Field Name list, as below:

 

combine3.PNG

 

then in the Combines window, enable the Combine by Fields, and select Only Show Combines Data and Add as the Combine Operations, then select RuleName field as the Combine field, as below:

combine.PNG

 

Then click Ok to run it, the CombineRowCount field will show the total for each Threshold condition or Analyst rule. Example as below:

 

combine2.PNG

 

You can also adjust the combine by adding Site and Node so it will show the counts by Site and Node.

 

Hope this helps. If you need further assistance please log a support case, our support team will be able to help.

 

Thanks.

View solution in original post

4 REPLIES 4
David_Sun
Expert

Re: Identify top threshold alerts based on its occurrences.

Hi tushR,


To count the number of occurances of a particular threshold condition or analyst rule, you can use the combine function of display.

Usually the same alert is sent to Probsum record as well so we can utilize this record to get the total of the alerts by conditions/rules.

Create a new display with PROBSUM record, and enable the META field .combineRowCount in the Data Field Name list, as below:

 

combine3.PNG

 

then in the Combines window, enable the Combine by Fields, and select Only Show Combines Data and Add as the Combine Operations, then select RuleName field as the Combine field, as below:

combine.PNG

 

Then click Ok to run it, the CombineRowCount field will show the total for each Threshold condition or Analyst rule. Example as below:

 

combine2.PNG

 

You can also adjust the combine by adding Site and Node so it will show the counts by Site and Node.

 

Hope this helps. If you need further assistance please log a support case, our support team will be able to help.

 

Thanks.

View solution in original post

Shoaib_Dilawar
12 Sherpa

Re: Identify top threshold alerts based on its occurrences.

If you create a display that does a combine on Analyst Name and Condition Name and then show CombineRowCount, you can get an idea of # of occurences for each trehsold/rule.


If my reply answered your question please click on the 'Accept as Solution' button to help others find the answer.
Thanks,
Shoaib
TushR
05 Base Camper

Re: Identify top threshold alerts based on its occurrences.

@David_Sun 

 

Thank you for your suggestion.

 

I tried your solution in my environment but no data appeared in display(PrognosisAutomationProblemSummary).

It is not showing any data because of my threshold configuration.

 

Lets turn it around, how would I identify the max occurrence condition based on messages sent through dispatch manager.

I could able to do it by message text(MSG) of DISPMSG but I have set parameters in dispatch alerts so can't combine it based on Message Text(MSG).

 

Thanks,

tushR

David_Sun
Expert

Re: Identify top threshold alerts based on its occurrences.

Hi tushR,


Yes the "Problem" message destination will need to be configured in each condition in order to get the alert in the Probsum record.  Most out of box thresholds have multiple destinations (Dispman, Snmp and Problem), this will be helpful in cross checking the  alerts in case any one of snmp/dispman has issue sending the alert.

 

The  DISPMSG record does not have the combineCount meta field so the combine method is not applicable. If we would use this record to count, a custome solution will need to be built.
So the easier way would be add Problem destination into threshold conditions and then use the combine feature in display.