Data driven alert management

To drive towards improved accuracy of issues detected and alerted for infrastructure services and application monitored by System Center - Operations Manager, the Tune Management Packs feature is available to highlight the management packs and its workflows, which generate a high volume of alerts.

Now you can get better visibility with the alerts being generated in your environment through the console as opposed to having to run reports or utilize custom scripts to expose this data. For monitors and rules from a management pack that are generating a significant volume of alerts, you can directly review the configuration of the rule or monitor, review which monitored objects are generating the alert volume, or modify its configuration by setting an override without having to navigate to the Monitoring or Authoring view.

By default, the view is scoped to present 30 or more alerts that have been generated during the past 90 days.

Review alerts to tune

  1. Sign in to the computer with an account that is a member of the Operations Manager Administrators role.

  2. In the Operations console, select Administration.

  3. In the navigation pane, select Tune Management Packs under Management Packs.

  4. This view gives you an overall picture of the alerts generated (by alert count) by management packs in your management group for the specified duration.

  5. To get more information on a specific management pack, select that particular management pack and, this will enable the “Properties” and “Tune Alerts” actions in the Tasks pane.

  6. To review properties of the selected management pack, select Properties from the Tasks pane. The Management Pack General Properties dialog will appear for the specified management pack.

  7. To review additional information for the alerts generated by the selected management pack, select Tune Alerts from the Tasks pane. The Alerts view window will appear, which displays the following properties for each alert type:

    a. Alert Name - the alert display name from rule or monitor that generated the alert
    b.Count - how many alerts were created over the period of time by the rule/monitor
    c. Severity - indicates the degree of impact based on the issue identified
    d. Priority - indicates how quickly to respond in order to resolve the issue identified
    e. Monitor / Rule - indicates if the alert was generated by a rule or monitor
    f. Monitor / Rule Name - the name of the monitor or rule that generated the alert

  8. For each alert type you can select View or Edit settings of this monitor or View or Edit settings of this rule depending on the alert type selected, View or Override Sources, or Overrides action from the Tasks pane.

Selecting View or Edit settings of this monitor or View or Edit settings of this rule, will open the properties dialog of the particular alert type selected.

If you wish to get more information on the different sources which have generated multiple alerts for a specific alert type, then you can select View or Override Source. This will open a dialog that displays the different sources which have generated a specific alert along with the count for each source. In this view, you can understand which source or sources are generating a lot of alerts and from here, you can disable the monitor or rule or override a specific parameter for that monitored object, or view the overrides already configured for that workflow.

If you need to configure the override against a different target, you can select Overrides, and target the configuration change against a all objects of class, a group, objects of another class, specific object of class, or objects of another class. The override functionality and the View or Edit settings of monitor/rule are consistent in behavior with the other methods you can apply overrides in the console.

The alert level information and the source level information will provide you more insight into the alerts being generated in your environment, and with the other methods available in Operations Manager to evaluate alert volume, you can determine where you need to make further changes to improve monitoring and alert accuracy.

Change view settings

The following procedure describes how you can configure the frequency and the minimum number of alerts to filter in the Tune Management Packs view.

  1. Sign in to the computer with an account that is a member of the Operations Manager Administrators role.

  2. In the Operations console, select Administration.

  3. In the navigation pane, select Tune Management Packs under Management Packs.

  4. From the Actions pane, select Identify Management Packs to Tune.

  5. In the Identify Management Packs to Tune dialog, do the following:

    a. Specify the date and time range by typing it in manually in the Display alerts from and To fields or use the Date and Time control to modify the date range.
    b. Specify the minimum number alerts generated by workflows in a management pack that you wish to see by specifying or entering a number.

  6. In the Identify Management Packs to Tune dialog, select OK to save your changes.

Next steps