This page last changed on Sep 24, 2009 by mmcgarry.

Condition Set

An alert condition specifies a resource metric value or event that will initiate the alert firing process.

The condition types you can choose when you define a alert vary by resource type and HQ version. If a condition type is not supported by your version of HQ or is not valid for the target resource, it will not appear as an option.

To define a condition, choose one of the following condition types, and supply required parameter values.

  • Metric condition -  To base the alert on the value of a metric that HQ collects for the resource:
    1. Metric - Select a metric from the selector list.  Only currently enabled metrics are listed.  (If the metric you're looking for is not listed, see the note below.)
    2. Define the rule for evaluating the metric value.  You can:
      • Compare metric value to a specified value. Select a comparison operator:  >(greater than), <(less than), =(equal to), or != (not equal to), and enter the absolute value, or
      • Fire upon change in metric value.  Click value changes.
      • Compare to metric value to baseline, in HQ Enterprise only. Select an operator:  >(greater than), <(less than), =(equal to), or != (not equal to), and choose "Baseline Value" from the pulldown. Baselining must be enabled. For more information, see Baselines.*
To Enable Collection of a Metric

If you want to base a metric condition on a metric that is not currently collected, you have to enable collection of that metric. To do so, update the metric collection settings for the resource type (choose Monitoring Defaults from the Administration tab), or for the specific resource (click Metrics on the Monitor tab for the resource).

  • Inventory Property Condition - To define a condition that is triggered when the value of an inventory property for resource changes, select an inventory property.  The pulldown contains only those inventory properties that are valid for the type of the resource to which the alert applies.
  • Control Action Condition - When you define an alert for a resource that supports control actions, you can define a condition that is triggered when a particular control action is performed. If desired, you can base the condition on a control action with a particular result status: "in progress", "completed", or "failed".  Pulldowns allow you to select a control action that the resource supports, and a result status if desired.
  • Events/Log Level Condition - To define a condition that is triggered by a log event, select a message severity level ("error", "warn", "info", "debug", "all") and optionally a match string. The condition is satisfied each time a message of the selected severity that contains the match string (if one was specified) is written to a log file that HQ is tracking. Log tracking must be enabled for the resource. To determine the log files that HQ monitors for the resource, see the Configuration Properties section of the resource's Inventory tab. The log files that HQ monitors for a resource are defined using the server.log_track.files property. For configuration instructions, see  see Log Tracking.
  • Config Changed... Condition - This type of condition is triggered by a change to a configuration file that HQ is configured to monitor for the resource. To limit the condition to a single file, enter its filename in the "match filename" field.  If you don't specify a filename, a change to any file monitored will trigger the alert.  To determine the log files that HQ monitors for the resource, see the Configuration Properties section of the resource's Inventory tab. The files that HQ monitors for a resource are defined using the server.config_track.files property. The maximum length for filename entered is  25 characters.  For configuration instructions, see Configuration Tracking.

Define Additional Conditions*

In HQ Enterprise, you can define up to three conditions for an alert. To add another condition, click Add Another Condition and specify whether both the new condition and the preceding one must be satisfied for the alert to be triggered ("AND") or only one must be satisfied ("OR").

Define Recovery Alert Behavior*

To designate the alert you're defining as a recovery alert, select the primary alert definition from the pulldown.

A recovery alert condition should detect when the condition that fired the primary alert is no longer true. When a recovery alert fires, it marks the primary alert "Fixed", and the primary alert definition is re-enabled. The primary alert definition should be configured to Generate one alert and then disable alert definition until fixed, as described below. For more information, see Recovery Alerts.

Enable Actions

You can make the condition absolute - (one strike you're out) or fire after the condition occurs repeatedly.  Choose either:

  • Each time conditions are met.  The alert fires upon a single occurrence of the condition, or
  • Once every __ times conditions are met within a time period of __ minutes. This option configures an alert to fire when the condition(s) occur multiple times over a period of time.  Enter the number of  occurrences and period of time.
Option removed in 4.1

In versions of HQ Enterprise previous to 4.1, you could configure an alert definition to fire when its conditions have meet met continuously for a specified portion of an period of time. The option - "When conditions are exceeded for x within a time period of y minutes" - was removed in HQ 4.1.

Enable Action Filters

An action filter can be used to control alert firing and alert actions.

Disable an Alert Definition upon Firing

Click Generate one alert and then disable alert definition until fixed to disable the alert definition after firing and reenable it when the alert that triggered it is marked "Fixed".

This option eliminates redundant firing for the same problem. If you do not choose this option, the alert will fire repeatedly as long as the triggering condition is still true.  

In HQ Enterprise this configuration option -  used in conjunction with recovery alerts -  automates the process of disabling and re-enabling an alert definition.  Result:  (1) no redundant alerts for the same problem, and (2) you don't have manually "fix" an alert triggered by a transient problem.  For more information, see Recovery Alerts.

Disregard Control Actions for Related Alerts.

The Disregard control actions that are defined for related alerts option appears on New Alert Definition pages for resources that support control actions. This option only applies when:

  1. The current alert definition will include an alert action
  2. The resource associated with the alert is a member of an application
  3. There are other members of the same application with alerts that fire control actions (ideally the same control action)

Under these circumstances, this configuration option ensures that if multiple alerts are fired within a short period for resources that are members of the same application, only one control action will be executed. For example, this would prevent a server from being restarted several times in a short period of time for the same alert conditions. For instance, you might have an alert with an action to restart a Tomcat server if the JVM Free Memory got too low and another alert with an action to restart the same server if the JVM Active Thread count got too high. If both alerts fired at the same time and they were filtering control actions, only 1 restart control action would be executed and not two.

Option removed in 4.2

Versions of HQ previous to 4.2 also had a Filter notification actions that are defined for related alerts option to prevent multiple notification when alerts fire for resources on the same platform. In HQ 4.2, the option was removed. HQ 4.2 provides enhanced functionality for global control of notification volume.  For more information, see Set a Notification Throttle.


fb_ok.gif (image/gif)
Document generated by Confluence on Apr 20, 2010 15:01