Filtering alarms
You can filter the set of alarms output by using the filtered_alarms.txt file.
About this task
You can filter the set of alarms that are generated by the Analytics server for any resource, metric group and metric.
Procedure
Example
The following are examples of filters:
wild,*,*,*,forward
Forward all alarms -> no other rule will be read after.
wild,,,,forward
Forward all alarms -> no other rule will be read after. (same as the previous example - null equals all pass)
wild,*,NTPROCSSRGroup,*,forward
Forward all metrics in the metric group NTPROCSSRGroup.
wild,*,NTPROCSSRGroup,%*,forward
Forward all metrics that begin with the percent symbol (%) AND are in the metric group NTPROCSSRGroup.
regex,*,NTPROCSSRGroup,%.*,forward
Same as the previous example, but uses regular expressions instead of wildcards.
wild,*,NTPROCSSR*,*,discard
Discard all alarms that are emitted from metrics in the metric group NTPROCSSRGroup.
wild,*,*,*Space_Available*,forward wild,*,*,*,discard
Forward alarms with metric names that contain Space_Available only.
wild,brayz1*,UNIXDISKGroup,*,forward wild,*,*,*,discard
Forward alarms with resource names that start with brayz1 and resource group in UNIXDISKGroup only
wild,brayz1*,UNIXDISKGroup,Inodes_Used,forward wild,*,*,*,discard
Forward alarms with resource names that start with brayz1 and resource group in UNIXDISKGroup and metric name Inodes_Used only
wild,router-sw49.tut.com,ResptimeGroup,Maxresponsetime,delta,1000,discard wild,router-sw49.tut.com,ResptimeGroup,Maxresponsetime,delta,2000,minor wild,router-sw49.tut.com,ResptimeGroup,Maxresponsetime,delta,3000,major wild,router-sw49.tut.com,ResptimeGroup,Maxresponsetime,critical
Gradually increases the severity of the alarm as the deviation between the actual and expected values increases. If the delta of the actual and expected value is less than or equal to 1000 the alarm is discarded . If this condition is not met, Predictive Insights checks the remaining lines and sets the severity to the appropriate value depending on which condition is met. For example, if the delta of the actual and expected values is greater than 2000 but less than 3000, the condition in the third line of the example is met and the alarm severity is set to major.
wild,router-nw57.tut.com,ResptimeGroup,Maxresponsetime,actual_only,50,minor
Set the severity of the alarm to minor if the actual value of the Maxresponsetime metric is less than or equal to 50.
wild,router-nw57.tut.com,ResptimeGroup,Maxresponsetime,actual_expected,100,minor
Set the severity of the alarm to minor if both the actual value and expected value of the Maxresponsetime metric is less than or equal to 100.
-
wild,*,*,*Totalbytes,expected_only,10000000,warning
If a metric name that ends with Totalbytes has a value less than or equal to 1,000,0000, set the severity of the alarm to warning.