A critical problem that IT Professionals face today is separating critical alerts and non-essential alerts. They are flooded with alerts, many of which do not warrant concern, or should be the center of focus in one scenario or environment and inconsequential in another. Data Driven Alert Management, a new feature of System Center 2016 Operations Manager, can come in handy while breaking through the clutter.
One typically sees such behavior if monitors or rules in a management pack haven’t been tuned to suit the specific scenario or environment dependent monitoring requirement. The default settings (configuration of monitors and rules) in a management pack have been designed to cater to wider set of customer monitoring requirements. Since each environment is different, the default settings of a management pack should be tuned to suit specific environment needs. The Management Pack Lifecycle article outlines the best practices to tune and customize a management pack.
The process to tune management packs comes with the following challenging tasks:
- Analysis of data from Ops DB
- Generation of reports to understand which management pack, monitors, rules, or sources have been generating a lot of noise (non-essential alerts)
- Modification of parameters associated with MP
With the inclusion of this feature one can get a single view to gather quick insights on data pertaining to alerts that are being generated at different levels: management packs, individual monitors and rules, or sources. It also empowers the user by providing the ability to take requisite actions from the same pane:
- Tuning the thresholds
- Disabling a monitor/rule
- Overriding parameters of a monitor/rule
Based on the requirement, the tuning can be done at different levels, as described below.
This feature, along with the management pack Updates and Recommendations feature completes the full Management Pack Lifecycle process.
The Tune Management Packs screen displays different Management Packs (MPs) and the counts of alerts associated with each; management packs are listed only if the total number of alerts associated with them exceeds a certain threshold. The threshold and the time period during which alerts were captured can be adjusted by using Identify Management Packs to Tune option. One can view relevant information pertaining to the listed MPs by selecting the properties option (this information is useful to understand the respective management pack). Based on the information at hand, one can decide which management pack seems to be noisy and must be tuned. One can then use Tune Alerts option to delve
deeper into the tuning process.
Once there, one can use the following information (listed in bullets below) along with the information available under View or edit settings of this Monitor/ Rule option to tune individual alerts:
- Alerts associated with the Management Pack
- Corresponding counts
- Severity of the corresponding alerts
- Priority of the listed alerts
- Source of the alerts (Monitor vs Rule)
- Name of the corresponding Monitor or Rule
Additionally, the tuning feature also lets users identify the sources of an individual alert, and associated counts per source. Alerts can be tuned per source as well as at different levels – for all objects of the target class, for a group, for a specific object of a class, and for all objects of another class.
Tuning involves enabling/ disabling individual alerts or overriding associated parameters such as priority, severity, etc.
The detailed steps to use this feature can be found under Data Driven Alert Management section of the corresponding Technet documentation.
You can find the System Center 2016 GA here.
We request you to try out Data Driven Alert Management feature in Operations Console. You can submit your feedback at our SCOM Feedback site.