A crucial task when managing any monitoring system is to work through the many alerts that are generated and ensure that the 'noisy' ones are filtered out and the over-zealous ones have their thresholds modified. This process is known as alert tuning and when implemented properly, it will deliver alerts that are actionable and worth knowing about.
In this chapter, we explain what alert tuning is in the context of OpsMgr and the importance of having a process-driven alert management strategy. We will discuss the different built-in alert resolution states and we'll demonstrate how to configure new custom resolution states to suit your business requirements.
Later in the chapter, we'll show you some tips and tricks using scripts, custom tasks, and built-in tools to ensure tuning alerts in your OpsMgr environments is a relatively easy and straight-forward process. We then close out the chapter with some pointers on how to manage your overrides through the authoring and reporting workspaces.
Here's an overview of what you'll learn about:
- Alert resolution states
- Working with alerts generated by monitors and rules
- Using the Health Explorer
- Creating custom tasks to tune alerts
- Managing overrides
One of the most common complaints that I hear from customers when I ask them about their existing monitoring solutions or OpsMgr deployments is that there's too many alerts in the console and it's hard to decipher which ones are important and which should be ignored. This situation is compounded further when email alerting is configured and it's not uncommon for staff to simply create a rule in their email client that moves all emails sent from the monitoring solution into a subfolder (or direct to deleted items) and then completely ignore them.
If a monitoring solution is let get to this point, then it quickly becomes useless. With a proper alert management/tuning strategy for OpsMgr in place, you'll quickly see the true benefits of this awesome product and it will definitely save you some time when troubleshooting and resolving issues.
Alert tuning is an ongoing administration process in OpsMgr and when you modify an alert (for example, tweaking thresholds or disabling it completely), you're creating a change that's referred to as override. Overrides can only be saved in unsealed management packs and managing these override management packs through a consistent naming convention and sorting process will ensure the efforts you put into alert tuning can be easily migrated between different management groups. This can be very useful in a scenario where you have a separate management group for testing in which you can pre-tune alerts and see their impact before importing them into the production management group.