This page last changed on Jul 14, 2009 by mmcgarry.

Topics marked with * relate to HQ Enterprise-only features.

The New Alert Definition page allows you to define the properties and condition set for an alert definition. After you define the alert properties and condition set, and save your changes, you can define actions for HQ to perform when an alert is fired.

Navigate to the New Alert Definition Page

To access the New Alert Definition page,

  1. Select a resource.
  2. Click the Alert tab.
  3. Click Configure.
  4. Click New.

Define Alert Properties

  • Name - Name assigned by the user creating an alert definition. A fired alert is identified, in the HQ user interface and alert notifications, by the alert definition name and a timestamp. An alert definition name should clearly communicate the nature of the problem. For example, "Down" for an alert on availability, or "Low Memory" for an alert on free memory.
  • Description - Description entered by the user creating the alert definition.
  • Priority - The severity of the problem, as defined by the person creating the alert definition:  "Low", "Medium", or "High".  A consistent policy for defining an alert definition priority makes it easier to triage problems appropriately.  An alert's priority is shown in HQ pages that present alert status and in alert notifications. You can sort alerts by priority in HQ Enterprise's  Alert Center or Operations Center.
  • Active - The current enabled/disabled status of the alert definition. Alerts only fire for enabled alert definitions. When an alert definition is disabled, HQ does not evaluate its condition or fire alerts for it.

Define Alert Condition Set

The options for defining alert conditions and firing rules vary by the type of resource to which the alert applies, and your version of HQ.

Condition Set

An alert condition specifies a resource metric value or event that will initiate the alert firing process.

The condition types you can choose when you define a alert vary by resource type and HQ version. If a condition type is not supported by your version of HQ or is not valid for the target resource, it will not appear as an option.

To define a condition, choose one of the following condition types, and supply required parameter values.

  • Metric condition -  To base the alert on the value of a metric that HQ collects for the resource:
    1. Metric - Select a metric from the selector list.  Only currently enabled metrics are listed.  (If the metric you're looking for is not listed, see the note below.)
    2. Define the rule for evaluating the metric value.  You can:
      • Compare metric value to a specified value. Select a comparison operator:  >(greater than), <(less than), =(equal to), or != (not equal to), and enter the absolute value, or
      • Fire upon change in metric value.  Click value changes.
      • Compare to metric value to baseline, in HQ Enterprise only. Select an operator:  >(greater than), <(less than), =(equal to), or != (not equal to), and choose "Baseline Value" from the pulldown. Baselining must be enabled. For more information, see Baselines.*
To Enable Collection of a Metric

If you want to base a metric condition on a metric that is not currently collected, you have to enable collection of that metric. To do so, update the metric collection settings for the resource type (choose Monitoring Defaults from the Administration tab), or for the specific resource (click Metrics on the Monitor tab for the resource).

  • Inventory Property Condition - To define a condition that is triggered when the value of an inventory property for resource changes, select an inventory property.  The pulldown contains only those inventory properties that are valid for the type of the resource to which the alert applies.
  • Control Action Condition - When you define an alert for a resource that supports control actions, you can define a condition that is triggered when a particular control action is performed. If desired, you can base the condition on a control action with a particular result status: "in progress", "completed", or "failed".  Pulldowns allow you to select a control action that the resource supports, and a result status if desired.
  • Events/Log Level Condition - To define a condition that is triggered by a log event, select a message severity level ("error", "warn", "info", "debug", "all") and optionally a match string. The condition is satisfied each time a message of the selected severity that contains the match string (if one was specified) is written to a log file that HQ is tracking. Log tracking must be enabled for the resource. To determine the log files that HQ monitors for the resource, see the Configuration Properties section of the resource's Inventory tab. The log files that HQ monitors for a resource are defined using the server.log_track.files property. For configuration instructions, see  see Log Tracking.
  • Config Changed... Condition - This type of condition is triggered by a change to a configuration file that HQ is configured to monitor for the resource. To limit the condition to a single file, enter its filename in the "match filename" field.  If you don't specify a filename, a change to any file monitored will trigger the alert.  To determine the log files that HQ monitors for the resource, see the Configuration Properties section of the resource's Inventory tab. The files that HQ monitors for a resource are defined using the server.config_track.files property. The maximum length for filename entered is  25 characters.  For configuration instructions, see Configuration Tracking.

Define Additional Conditions*

In HQ Enterprise, you can define up to three conditions for an alert. To add another condition, click Add Another Condition and specify whether both the new condition and the preceding one must be satisfied for the alert to be triggered ("AND") or only one must be satisfied ("OR").

Define Recovery Alert Behavior*

To designate the alert you're defining as a recovery alert, select the primary alert definition from the pulldown.

A recovery alert condition should detect when the condition that fired the primary alert is no longer true. When a recovery alert fires, it marks the primary alert "Fixed", and the primary alert definition is re-enabled. The primary alert definition should be configured to Generate one alert and then disable alert definition until fixed, as described below. For more information, see Recovery Alerts.

Enable Actions

You can make the condition absolute - (one strike you're out) or fire after the condition occurs repeatedly.  Choose either:

  • Each time conditions are met.  The alert fires upon a single occurrence of the condition, or
  • Once every __ times conditions are met within a time period of __ minutes. This option configures an alert to fire when the condition(s) occur multiple times over a period of time.  Enter the number of  occurrences and period of time.
Option removed in 4.1

In versions of HQ Enterprise previous to 4.1, you could configure an alert definition to fire when its conditions have meet met continuously for a specified portion of an period of time. The option - "When conditions are exceeded for x within a time period of y minutes" - was removed in HQ 4.1.

Enable Action Filters

An action filter can be used to control alert firing and alert actions.

Disable an Alert Definition upon Firing

Click Generate one alert and then disable alert definition until fixed to disable the alert definition after firing and reenable it when the alert that triggered it is marked "Fixed".

This option eliminates redundant firing for the same problem. If you do not choose this option, the alert will fire repeatedly as long as the triggering condition is still true.  

In HQ Enterprise this configuration option -  used in conjunction with recovery alerts -  automates the process of disabling and re-enabling an alert definition.  Result:  (1) no redundant alerts for the same problem, and (2) you don't have manually "fix" an alert triggered by a transient problem.  For more information, see Recovery Alerts.

Disregard Control Actions for Related Alerts.

The Disregard control actions that are defined for related alerts option appears on New Alert Definition pages for resources that support control actions. This option only applies when:

  1. The current alert definition will include an alert action
  2. The resource associated with the alert is a member of an application
  3. There are other members of the same application with alerts that fire control actions (ideally the same control action)

Under these circumstances, this configuration option ensures that if multiple alerts are fired within a short period for resources that are members of the same application, only one control action will be executed. For example, this would prevent a server from being restarted several times in a short period of time for the same alert conditions. For instance, you might have an alert with an action to restart a Tomcat server if the JVM Free Memory got too low and another alert with an action to restart the same server if the JVM Active Thread count got too high. If both alerts fired at the same time and they were filtering control actions, only 1 restart control action would be executed and not two.

Option removed in 4.2

Versions of HQ previous to 4.2 also had a Filter notification actions that are defined for related alerts option to prevent multiple notification when alerts fire for resources on the same platform. In HQ 4.2, the option was removed. HQ 4.2 provides enhanced functionality for global control of notification volume.  For more information, see Set a Notification Throttle.

Save the Alert Definition

After defining alert properties and conditions, click OK to save the alert definition. The alert definition is created, and complete if you do not want to configure any alert actions. The Alert Definition page appears. This page allows you to edit the alert properties and conditions, and add alert actions, as desired.

Define Alert Actions

You can use the tabs at the bottom of the Alert Definition page to set up one or more actions to be performed when the alert fires. See the "Create or Edit Alert Actions" section on the associated help page for instructions.

Note: Defining actions for an alert definition is optional.

Related Information

fb_ok.gif (image/gif)
Document generated by Confluence on Apr 20, 2010 15:01