Overwhelmed by Alerts?

  • Article

A big thank you to everyone who stopped by and asked us questions at the Microsoft Management Summit and the Dynamics Convergence conferences during the last 2 weeks.

In this post I’m going to talk about one area that we received feedback on at the conferences.

Some people told us they wanted to see even more alerts than they were currently seeing – this post is not for you. Other people told us they were seeing too many alerts – this post is for you!

Before starting, check the Improving Default Monitoring blog posting, this will help you make changes and workaround common issues seen with the default monitoring in Essentials 2010.

There are three main things that affect the number of alerts you see:

  1. The current health of your IT environment
  2. The number of Management Packs installed
  3. The quality of the Management Packs

Essentials is designed to help you proactively monitor your environment and keep it running smoothly. As part of this, we want to help you identify issues that are not causing an outage now, but may in the future. Sometimes, for some environments, the alerts generated can seem a little overwhelming.  

To reduce the risk of being overwhelmed by alerts, you can use the following approach:

  1. Introduce Management Packs slowly
  2. Use the Most Common Alerts Report
  3. Create Overrides
  4. Provide feedback

Introduce Management Packs Slowly

Essentials 2010 includes a feature to help identify some key management packs that should be installed in your environment. Start by installing these management packs and performing any tweaking to suit your needs before selecting additional management packs to install.

This will help you control the number of alerts and will also allow you to review the knowledge articles included with each alert for guidance on how resolving alerts. If after reviewing an alert you determine that it is not one you want to take action on in your environment, you can use an Override to disable the alert. See the section below for instructions on creating overrides. 

Use the Most Common Alerts Report

In the Reporting workspace, in the Microsoft ODR Report Library is the Most Common Alerts report. Reviewing this report will reveal the alerts you see most frequently. Using this information you can focus your efforts – either using the alert knowledge to troubleshoot the root cause, or if desired, identifying alert(s) to Override to disable monitoring. To run the Most Common Alerts report:

  1. Go to the Reporting workspace
  2. Select the Microsoft ODR Report Library
  3. Run the Most Common Alerts report

Create Overrides

Overrides allow you to make changes to rules that can help reduce the number of alerts you receive. Through an override you can:

  • Disable a rule/monitor
  • Change the thresholds

The screenshot below shows a monitor that is being selected to have an override applied. Using the override it is possible to either disable the monitor, or change the configuration of the monitor.

image

Disable a Rule/Monitor

It is possible to disabling monitoring of particular rules, and this will reduce the number of alerts you see. In Essentials it is possible to disable a rule on all computers, or just groups of computers, and this provides additional flexibility for you, allowing you to receive an alert on one computer but not another. 

Follow these steps to disable a rule or monitor using an Override. Note, the steps are in the Operations Manager documentation, and step 1 does not apply in Essentials.

Change the Thresholds

By using an override to change the thresholds for a rule you can alter when an alerts are generated. This is helpful if you find that an alert is generated sooner they you’d like.

Follow these steps to change the thresholds for a rule or monitor using an Override. Note, the steps are in the Operations Manager documentation, and step 1 does not apply in Essentials.

Provide Feedback

Feedback on Management Packs helps us to make improvements to them and increase their relevance for your environment. There is a very simple way to provide us feedback on Management Packs – enable Operation Data Reporting (ODR). Our Privacy statement includes information on the data collected and includes a link to sample reports. To enable ODR:

  1. Go to the Administration workspace
  2. Select the Settings node
  3. Double click the Privacy setting
  4. Select the Operational Data Reports tab
  5. Select “Yes, send operational data reports to Microsoft” and click OK

You can also provide feedback in the Management Packs forum.

Management Packs receive updates at various times, and when updating management packs we include feedback from you to improve the monitoring. In Essentials 2010, when there is an update available for a management pack that you have installed, you will receive a notification.

Additional Resources

Some of these are written for Operations Manager, however they typically also apply to Essentials since Essentials uses the same monitoring engine and Management Packs as Operations Manager.

Improving Default Monitoring – A guide to resolving common alerts seen during a default installation of Essentials 2010.

Management Packs forum – get help from Management Pack authors, MVPs and other knowledgeable folks in the community.

By Example guides for “tuning” specific Management Packs

4 Tips for Proactive Management Pack Tuning – advice on steps to reduce alerts before you see them

Troubleshooting Alert Storms – in addition to the topics above, also includes guidance on alert suppression