First published on TECHNET on Oct 18, 2016
A critical problem that IT Professionals face today is separating critical alerts and non-essential alerts. They are flooded with alerts, many of which do not warrant concern, or should be the center of focus in one scenario or environment and inconsequential in another. Data Driven Alert Management, a new feature of System Center 2016 Operations Manager, can come in handy while breaking through the clutter.
One typically sees such behavior if monitors or rules in a management pack haven’t been tuned to suit the specific scenario or environment dependent monitoring requirement. The default settings (configuration of monitors and rules) in a management pack have been designed to cater to wider set of customer monitoring requirements. Since each environment is different, the default settings of a management pack should be tuned to suit specific environment needs. The Management Pack Lifecycle
outlines the best practices to tune and customize a management pack.
The process to tune management packs comes with the following challenging tasks:
Analysis of data from Ops DB
Generation of reports to understand which management pack, monitors, rules, or sources have been generating a lot of noise (non-essential alerts)
Modification of parameters associated with MP
With the inclusion of this feature one can get a single view to gather quick insights on data pertaining to alerts that are being generated at different levels: management packs, individual monitors and rules, or sources. It also empowers the user by providing the ability to take requisite actions from the same pane:
Tuning the thresholds
Disabling a monitor/rule
Overriding parameters of a monitor/rule
Based on the requirement, the tuning can be done at different levels, as described below.
This feature, along with the management pack
Updates and Recommendations
feature completes the full Management Pack Lifecycle process.
Tune Management Packs
screen displays different Management Packs (MPs) and the counts of alerts associated with each; management packs are listed only if the total number of alerts associated with them exceeds a certain threshold. The threshold and the time period during which alerts were captured can be adjusted by using
Identify Management Packs to Tune
option. One can view relevant information pertaining to the listed MPs by selecting the properties option (this information is useful to understand the respective management pack). Based on the information at hand, one can decide which management pack seems to be noisy and must be tuned. One can then use
option to delve
deeper into the tuning process.
Once there, one can use the following information (listed in bullets below) along with the information available under
View or edit settings of this Monitor/ Rule
option to tune individual alerts:
Alerts associated with the Management Pack
Severity of the corresponding alerts
Priority of the listed alerts
Source of the alerts (Monitor vs Rule)
Name of the corresponding Monitor or Rule
Additionally, the tuning feature also lets users identify the sources of an individual alert, and associated counts per source. Alerts can be tuned per
as well as at different levels –
for all objects of the target class
for a group
for a specific object of a class
for all objects of another class
Tuning involves enabling/ disabling individual alerts or overriding associated parameters such as priority, severity, etc.
The detailed steps to use this feature can be found under
Data Driven Alert Management
section of the corresponding Technet documentation.
You can find the System Center 2016 GA
We request you to try out Data Driven Alert Management feature in Operations Console. You can submit your feedback at our
SCOM Feedback site