SevOne logo
You must be logged into the NMS to search.

Table of Contents (Start)

Create and Edit Thresholds

The Threshold Editor enables you to create and edit thresholds.

To access the Threshold Editor from the navigation bar, click the Events menu, select Configuration, and then select Threshold Browser to display the Threshold Browser. On the Threshold Browser, click New Threshold at the top of the page or click a threshold name in the list.

images/download/attachments/163972602/createandeditthresholds-version-1-modificationdate-1693242509908-api-v2.png

The Threshold Editor enables you to define a threshold. When you finish the threshold definition, click one of the following buttons.

  • When you edit a threshold, click Save to save the threshold changes.

  • Click Save as New to create a copy of the threshold.

Tab 'General Settings'

The General Settings tab enables you to define the basic threshold settings.

  1. Select the Enable check box to make the threshold active. Disabled thresholds appear in light text on the Threshold Browser.

  2. When you edit a threshold that was created from a policy, click the Created By link to display the Policy Editor where you can edit the policy.

  3. Click the Technology Type drop-down and choose from technology types, Flow or Metric.

    1. Flow - select technology type, Flow, to create a threshold that triggers based on flow data.

      for Technology Type, Flow

      images/download/attachments/163972602/createAndEditFlowThresholds-version-1-modificationdate-1693242509917-api-v2.png

      • In the Name field, enter a unique name for the threshold.

      • Click the Device drop-down and select the device that contains the interface to trigger the threshold.

      • Click the Interface drop-down and select the interface to trigger the threshold.

      • Click the Severity drop-down and select the severity to display on the Alerts page when the threshold triggers an alert.

      • If the threshold does not inherit a schedule from its parent policy, click the Schedule [ edit ] link to display a pop-up that enables you define the times and/or dates for the threshold to run. Please refer to section Schedule below.

      • When Use Device Work Hours check box is selected, thresholds outside of the selected/configured work hours will be ignored. Also, it will not create new alerts or increment the existing alerts outside of the work hour policy based on the device's local time.

        • If a NetFlow device is not mapped to a SevOne device for a threshold, the threshold will not be restricted to alert at any time.

        • If an error occurs in obtaining the device Work Hours, no time restrictions are put on the threshold by system. i.e., if the system is unable to apply the device Work Hours successfully, alerts are not suppressed. Alert(s) will be generated at any time.

        • At present, use of device Work Hours does not apply to alerts generated via traps and/or the API. It only applies to threshold-based alerts .

      • Click the Email [ edit ] link to display a pop-up that enables you to define email options. You can email the alerts that a threshold generates to any valid email address. Please refer to section Email below.

      • Click the Trap Destinations [ edit ] link to display a pop-up that enables you to select where to send traps from the threshold.

        • Select the System Default check box to associate all of the System Default Trap Destinations with this threshold. For details, please refer to section Trap Destination Associations in SevOne NMS System Administration Guide.

        • Select the Device Default check box to associate all Trap Destinations that have been assigned to the devices related for this threshold. For details on trap destinations you define for the device, please refer to Edit Device page.

        • Select the Threshold Specific check box to enable threshold-specific trap destinations. After enabling the check box, select the Trap Destinations from the list below to associate it with this threshold and for the traps destinations to receive the traps.

      • Select the Append Condition Message check box to append the custom messages defined for each condition in the trigger message from the Trigger Conditions tab and in the clear message from the Clear Conditions tab.

      • In the Description field, enter the description of the threshold. This appears only when you define the threshold.

      • Click the Aggregated view drop-down and select the FlowFalcon view to use in FlowFalcon reports in which to display the data that triggered the threshold.

        If Top Applications with Protocol is chosen for field Aggregated view, Service Alerts and Service Profiles fields become available.

        Select Service Alerts check box to choose one or more Service Profiles from the drop-down list.

        One threshold can point to multiple service profiles. The service profiles can be found from Administration > Flow Configuration > Protocols and Services > tab Service Mapping.

        images/download/attachments/163972602/protocolsAndServicesEnabledAggrPort-version-1-modificationdate-1693242509914-api-v2.png

        IMPORTANT

        From Administration > Flow Configuration > FlowFalcon View Editor > tab FlowFalcon Views > select the row with Top Applications with Protocol in the Name column. In the right-panel, you will see:

        • field View Name contains Top Applications with Protocol. Do not change the view name as fields Service Alerts and Service Profiles will not be available when configuring the threshold.

        • table Fields In View contains a row with Bandwidth in Field Name column. If Bandwidth is removed from Fields In View table for Top Applications with Protocol, fields Service Alerts and Service Profiles will not be available when configuring the threshold.

        images/download/attachments/163972602/flowFalconViewEditorForTopApplicationsWithProtocol-version-1-modificationdate-1693242509911-api-v2.png

      • Click the Filter drop-down and select the filter to use in the FlowFalcon report associated with the threshold.

      • Click the Direction drop-down and select the flow direction to trigger the threshold.

    2. Metric - select technology type, Metric, to create a threshold that triggers based on any data except flow data.

      for Technology Type, Metric

      images/download/attachments/163972602/createandeditthresholds-version-1-modificationdate-1693242509908-api-v2.png

      • In the Name field, enter a unique name for the threshold.

      • In the Device Group field, select one or more device group/device type in which the device is a member.

        • After at least one condition has been created, the device group drop-down is disabled.

        • Multiple Threshold conditions may only be created across a single device.

      • In the Device field, select the device to trigger the threshold.

        • After at least one condition has been created, the device drop-down is disabled.

        • Multiple Threshold conditions may only be created across a single device.

      • Click the Severity drop-down and select the severity to display on the Alerts page when the threshold triggers an alert.

      • If the threshold does not inherit a schedule from its parent policy, click the Schedule [ edit ] link to display a pop-up that enables you define the times and/or dates for the threshold to run. Please refer to section Schedule below.

      • When Use Device Work Hours check box is selected, thresholds outside of the selected/configured work hours will be ignored. Also, it will not create new alerts or increment the existing alerts outside of the work hour policy based on the device's local time.

        • If an error occurs in obtaining the device Work Hours, no time restrictions are put on the threshold by system. i.e., if the system is unable to apply the device Work Hours successfully, alerts are not suppressed. Alert(s) will be generated at any time.

        • At present, use of device Work Hours does not apply to alerts generated via traps and/or the API. It only applies to threshold-based alerts .

      • Click the Email [ edit ] link to display a pop-up that enables you to define email options. You can email the alerts that a threshold generates to any valid email address. Please refer to section Email below.

      • Click the Trap Destinations [ edit ] link to display a pop-up that enables you to select where to send traps from the threshold.

        • Select the System Default check box to associate all of the System Default Trap Destinations with this threshold. For details, please refer to section Trap Destination Associations in SevOne NMS System Administration Guide.

        • Select the Device Default check box to associate all Trap Destinations that have been assigned to the devices related for this threshold. For details on trap destinations you define for the device, please refer to Edit Device page.

        • Select the Threshold Specific check box to enable threshold-specific trap destinations. After enabling the check box, select the Trap Destinations from the list below to associate it with this threshold and for the traps destinations to receive the traps.

      • Select the Append Condition Message check box to append the custom messages defined for each condition in the trigger message from the Trigger Conditions tab and in the clear message from the Clear Conditions tab.

      • In the Description field, enter the description of the threshold. This appears only when you define the threshold.

Schedule

The alert engine runs every three minutes to retest all thresholds. The Schedule pop-up enables you to define specific time spans for when you want to enable or disable the alert engine to test the threshold. If you do not define a schedule, the alert engine tests the threshold every three minutes until you disable the threshold.
images/download/attachments/163972602/schedulingThreshold-version-1-modificationdate-1693242509905-api-v2.png

Tab 'Periodic'

The Periodic tab enables you to define a regularly occurring time span to either enable or disable the threshold.

  1. Select one of the following options.

    • Select Disable During This Time to disable the threshold for the days and/or times you define on the Periodic tab.

    • Select Enable During This Time to enable the threshold for the days and/or times you define on the Periodic tab.

  2. Select the check box next to each day for the threshold to be enabled/disabled (dependent on the option you select in the previous step).

  3. In the Start Time fields, enter the start time.

  4. In the End Time fields, enter the end time.

  5. Click the Time Zone drop-down and select a time zone.

  6. Click Add to add the periodic schedule to the list of schedules.

  7. Repeat the steps on the Periodic tab to add additional schedules to the list. Schedules are checked in the sequence in which they appear in the list and the first applicable schedule is applied to the threshold. If no schedule is applicable, the threshold is enabled by default.

  8. Click Close to save the periodic settings.

Tab 'Schedule'

The Schedule tab enables you to schedule a specific time span to either enable or disable the threshold.

  1. Select one of the following options.

    • Select Disable During This Time to disable the threshold for the time span you define on the Schedule tab.

    • Select Enable During This Time to enable the threshold for the time span you define on the Schedule tab.

  2. Click in the Start Date field to display a calendar. Use the calendar to select the date to start the time span to enable/disable the threshold (dependent on the option you select in the previous step).

  3. Enter the start time.

  4. Click in the End Date field to display a calendar. Use the calendar to select the date to end the time span to enable/disable the threshold.

  5. Enter the end time.

  6. Click the Time Zone drop-down and select a time zone.

  7. Click Add to add the schedule to the list of schedules.

  8. Repeat the steps on the Schedule tab to add additional schedules to the list. Schedules are checked in the sequence in which they appear in the list and the first applicable schedule is applied to the threshold. If no schedule is applicable, the threshold is enabled by default.

  9. Click Close to save the schedule settings.

Email

The Email pop-up enables you to define who should receive emails when the threshold triggers an alert. You can email threshold alerts to valid email addresses and to the users and user roles you define in SevOne NMS. There is no limit to the number of email recipients.

images/download/attachments/163972602/emailThreshold-version-1-modificationdate-1693242509902-api-v2.png

Addresses

  1. In the left Addresses field, enter the email address for a recipient.

  2. Move the address to the right Addresses field.

  3. Repeat the previous steps to add additional email addresses. Email addresses that appear in the right field receive an email when the threshold triggers an alert.

Users

  1. In the left Users field, select the user to receive alert emails (use the Ctrl or Shift keys to multi-select).

  2. Move the users you select to the right Users field. Users that appear in the right Users field receive an email when the threshold triggers an alert.

Roles

Click the Roles drop-down and select the check box for each user role whose members are to receive an email when the threshold triggers an alert.

Mail when the threshold is triggered

Select one of the following options.

  • Select Just Once to only send one email when the threshold triggers the first occurrence of an alert. All subsequent occurrences (until the alert is cleared) are not emailed. This prevents an email from being sent every three minutes when a device is down.

  • Select One Time Every, enter a number in the text field, then click the drop-down and select minutes, hours, or days to send multiple emails when the threshold triggers alerts.

Click Close to save the email settings.

Tabs 'Trigger Conditions' & 'Clear Conditions'

The Trigger Conditions tab enables you to define the conditions to trigger the threshold and to define the trigger / clear message.

Should you choose to define a trigger condition, and then you choose to define a clear condition that is contradictory, the trigger condition takes precedence.

  • You define a trigger condition to trigger an alert when something is greater than 10.

  • You define a clear condition to clear the alert when the same thing is greater than 20.

If the thing is 25, the alert will trigger and the alert will not be cleared.

for Technology Type, Flow
Example
for Technology Type, Flow; tab General Settings

images/download/attachments/163972602/createAndEditFlowThresholdCreated-version-1-modificationdate-1693242509806-api-v2.png

for Technology Type, Flow; tab Trigger Conditions

images/download/attachments/163972602/thresholdBrowserTC-Flow-Example-version-1-modificationdate-1693242509802-api-v2.png

for Technology Type, Flow; tab Clear Conditions

images/download/attachments/163972602/thresholdBrowserCC-Flow-Example-version-1-modificationdate-1693242509790-api-v2.png

Fields Device, Interface, and Filter selected in the General Settings tab are displayed in Trigger Conditions / Clear Conditions tab.

In the Trigger Message / Clear Message field, enter the message to display when this threshold is triggered. Select the Append Condition Message check box on the General Settings tab to append the condition-specific Custom Message to this trigger condition message.

IMPORTANT

Custom Message Variables apply to Metric policies only. These variables are not available for Flow policies.

In the Duration field, enter the length of time for the condition to exist before the trigger condition triggers the policy. The value you enter here is multiplied by the length of time you enter as the Write Interval on the Cluster Manager > Cluster Settings tab > FlowFalcon subtab.

The Write Interval displays next to this field. The default write interval is 60 seconds. If you want the trigger condition to exist for five minutes before the policy is triggered, enter 5 in the duration field. If the write interval has been changed, you will need to do some math here.

for Technology Type, Metric
Example
for Technology Type, Metric; tab General Settings

images/download/attachments/163972602/thresholdBrowserGS-Example-version-1-modificationdate-1693242509899-api-v2.png

Since threshold Ethernet Interface Traffic Over 95% - 32 Bit Counters - localhost - docker0 has 2 conditions, the device group drop-down is disabled. Please see the screenshot below for tab Trigger Conditions to view the conditions.

for Technology Type, Metric; tab Trigger Conditions

images/download/attachments/163972602/thresholdBrowserTC-Example-version-1-modificationdate-1693242509895-api-v2.png

At present, Webhooks can only be configured on Policies. When adding Thresholds, although Webhooks are visible, they are disabled and cannot be configured.

Webhooks are populated for policy-generated thresholds only; this configuration is read-only and cannot be edited. Standalone thresholds cannot configure Webhooks.

for Technology Type, Metric; tab Clear Conditions

images/download/attachments/163972602/thresholdBrowserCC-Example-version-1-modificationdate-1693242509892-api-v2.png

At present, Webhooks can only be configured on Policies. When adding Thresholds, although Webhooks are visible, they are disabled and cannot be configured.

Webhooks are populated for policy-generated thresholds only; this configuration is read-only and cannot be edited. Standalone thresholds cannot configure Webhooks.

In the Trigger Message / Clear Message field, enter the message to display for the threshold on the Alerts page. On the Alerts page, the trigger message appears as Threshold triggered - <trigger message you enter here>. The custom message for each trigger condition appends to this trigger message when you select the Append Condition Message check box on the General Settings tab and you enter a custom message for each trigger condition. Please refer to section Create and Edit Conditions. Trigger messages support a variety of variables that allow you to customize the alerts to be as detailed as possible. The following variables (listed in alphabetical order) are supported for Trigger Messages / Clear Messages.

  • $alertState displays the severity of the policy. For example, Emergency or Debug.

  • $alertType displays the technology type of the threshold.

  • $deviceAltName displays the alternate name of the device that triggered / cleared the threshold.

  • $deviceId displays the ID of the device associated with this condition.

  • $deviceIp displays the IP address of the device associated with this condition.

  • $deviceName displays the name of the device that triggered / cleared the threshold.

  • $thresholdId displays the ID of the threshold.

  • $thresholdName displays the name of the threshold.

The following fields / sections apply to both technology types, Flow or Metric.

Conditions

  1. Click images/download/attachments/163972602/actionold-version-1-modificationdate-1693242509950-api-v2.png in the Conditions section to manage the trigger / clear conditions.

    • Select Create New to add a new condition to the policy. Please refer to section Create and Edit Conditions.

    • Select the check box for each condition to delete, then select Delete Selected to delete then click to delete the conditions you select.

    • Select the check box for each condition to add to a rule, then select Add to Rule <n> to add the conditions to a specific rule.

  2. Click images/download/attachments/163972602/editpencil-version-1-modificationdate-1693242509932-api-v2.png in the Edit column to display the Edit Conditions pop-up. Please refer to section Create and Edit Conditions.

Rules

  1. Click images/download/attachments/163972602/actionold-version-1-modificationdate-1693242509950-api-v2.png in the Rules section to manage the trigger / clear condition rules.

    • Select Create New to add a new rule to the condition. Rule numbers are sequential. Each condition for a rule is treated as an AND Boolean operator. Add a new rule to create an OR Boolean operator. See the Boolean Operators section below.

    • Select the check box for each rule to delete, then select Delete Selected to delete the rules you select.

  2. Click images/download/attachments/163972602/delete-version-1-modificationdate-1693242509935-api-v2.png in the Conditions column to remove a condition from a rule.

    If you add a condition when no rule exists, the condition is assigned to Rule 1 using the AND Boolean operator.

Webhooks

For Webhooks, an HTTP request can be invoked to webhook definition when an alert is triggered.

At present, Webhooks can only be configured on Policies. When adding Thresholds, although Webhooks are visible, they are disabled and cannot be configured.

Webhooks are populated for policy-generated thresholds only; this configuration is read-only and cannot be edited. Standalone thresholds cannot configure Webhooks.

Create and Edit Conditions

The edit condition pop-up enables you to define the condition to either trigger the threshold or to clear the threshold. Conditions determine when to trigger / clear an alert.

FYI

A right Riemann sum of the Gauge form of the data is used when you select option Total from the Aggregation drop-down.

Technology Type - Flow Conditions

For Technology Type Flow thresholds, perform the following steps to create a trigger condition or a clear condition.

  1. Click the Fields drop-down and select a field.

  2. Click the Aggregation drop-down and select a data aggregation option.

  3. Click the Comparison drop-down and select a comparison operator.

  4. In the Value field, enter the value to trigger / clear the condition. If applicable, click the corresponding drop-down and select the unit of measure.

    From General Settings tab, if Aggregated view chosen is Top Applications with Protocol and Service Alerts is enabled, Fields will be set to Bandwidth, by default. And, field Aggregation will be set to Percent Utilization.

    Value field will change to % (percent). This is the percentage of interface speed. To get interface speed, NetFlow interface table is used.

    images/download/attachments/163972602/flowThresholdCreateCondition-version-1-modificationdate-1693242509786-api-v2.png

    An alert will trigger if the bandwidth utilization of NetFlow service profiles exceeds the percentage of utilization. You can see the alert(s) generated from Events > Alerts.

    images/download/attachments/163972602/serviceAlertsEvents-version-1-modificationdate-1693242509840-api-v2.png

  5. In the Custom Message field, enter a custom message that is specific to the condition. The custom message appends to the trigger message or to the clear message when you select the Append Condition Message check box on the General Settings tab.

    IMPORTANT

    Custom Message Variables apply to Metric thresholds only. These variables are not available for Flow thresholds.

  6. Click Save to save the condition.

Technology Type - Metric Conditions

For Technology Type Metric thresholds, there are four types of conditions.

  • Static condition compares the current value of an indicator with the value you define.

  • Baseline condition compares the current value of an indicator with the indicator's baseline value. There are three types of baseline conditions.

  • Slope condition calculates the most recent six data points (minimum of four valid points) and compares that value to the threshold you define for the condition. Slope conditions look for variation of a value from the values that came before to measure the relative consistency. This detects a significant change in behavior over a short time.

  • Time since newest data point condition alerts on the number of seconds since the most recent data point for a given object.

Example

images/download/attachments/163972602/thresholdTrigger-version-1-modificationdate-1693242509837-api-v2.png

Static Condition

Static conditions compare the current value of an indicator with the value you define.

Examples

  • Inbound traffic is greater than 50Mb/s

  • Idle CPU time is less than 10%

Perform the following steps to define a Static condition.

  1. Click the Object drop-down and select an object on which to base the condition.

  2. Click the Indicator drop-down and select the indicator on which to base the condition.

  3. Click the Type drop-down and select Static to compare the actual current indicator value to the policy indicator value you define.

  4. Click the Comparison drop-down and select a comparison operator. Most comparison operators are self explanatory.
    Select Bad Polls to trigger or clear an alert when a poll attempt either receives nothing or receives invalid data. This creates a time stamp entry and an entry in the data column that represents an unsuccessful poll. This drives the SNMP Availability metric of how many unsuccessful poll attempts were made in a given cycle versus how many poll attempts were successful.

  5. In the Threshold field, enter the value at which to trigger / clear the condition then click the Threshold drop-down and select the value unit of measure.

  6. The Duration field has two scenarios, a smoothing time duration or a detection time duration.

    • If you select Greater Than, Less Than, Equal To, Greater Than Equal To, Less Than Equal To, or Not Equal To in the Comparison field, enter the number of minutes for which the condition is to be met before the condition triggers/clears.

    • If you select Bad Polls, Changed, Changed From, or Changed To in the Comparison field, enter the number of minutes in which the condition must occur at least once before the condition triggers / clears. The Duration for these Comparisons must be equal to or greater than the poll frequency of the device or an alert does not trigger.

  7. Click the Aggregation drop-down and select a data aggregation method. When Count Over Threshold option is chosen from the drop-down, Count field becomes available. Specify the count number in the Count field. When Time Over Threshold option is chosen from the drop-down, Time field becomes available. Specify the time in minutes in the Time field.

    The configured time in Time Over Threshold should not be longer than the value set in field Duration.

  8. In the Custom Message field, enter a custom message that is specific to the condition. The custom message appends to the trigger message or to the clear message when you select the Append Condition Message check box on the General Settings tab. You can enter variables to display such things as device name, IP address etc. Please see the Custom Message Variables list below.

    IMPORTANT

    Custom Message Variables apply to Metric policies only. These variables are not available for Flow policies.

  9. Click Save to save the condition.

If you define a static alert condition with the Indicator set to Operational and the Comparison set to Changed From or Changed To, and the interface is changed from Operationally Up to Operationally Down (or vice versa) no alert is triggered.

Baseline Condition

Baseline conditions compare the current value of an indicator with the indicator's baseline value. There are three types of baseline conditions.

  1. Baseline Delta

    Examples

    • Inbound traffic is greater than 10Mb/s, relative to the baseline

    • Idle CPU time is less than 5% of the total, relative to the baseline

  2. Baseline Percentage

    Examples

    • Inbound traffic is greater than 150% of the baseline

    • Idle CPU time is less than 60% of the baseline

  3. Baseline Standard Deviation

    Examples

    • Inbound traffic is above/below three standard deviations of the baseline

    • Idle CPU time is below two standard deviations of the baseline

    • If the baseline value is 100 and the standard deviation is 50, this does not model the expected actual value, since this appears to shift above and below the baseline value by a significant amount.

    • If the baseline value is 100 and the standard deviation is 10, this is a better representation of the normal value.

Baseline Delta that uses Percentage vs. Baseline Percentage

  • Baseline Delta uses a percentage comparison unit to the baseline +/- a percentage of the maximum indicator value. Baseline Delta is most useful when the scale of the baseline and the scale of the indicator are very different. Example: A critical interface that has typically low utilization but has irregular spikes that are no more than 10% of the total link capacity. If you do not knowing the value of the baseline itself, it is difficult to use the Baseline Percentage condition type.

  • Baseline Percentages compare the value to a percentage of the baseline.

Perform the following steps to define a Baseline condition.

  1. Click the Object drop-down and select an object on which to base the condition.

  2. Click the Indicator drop-down and select the indicator on which to base the condition.

  3. Click the Type drop-down.

    • Select Baseline Delta to compare the actual current indicator value to the indicator's baseline value.

      1. In the Threshold field, enter the value at which to trigger / clear the condition then click the Threshold drop-down and select the value unit of measure. Percentage refers to a percentage of the maximum value of the indicator and is not to be interpreted as a percentage of the baseline value.

      2. Click the Comparison drop-down and select a comparison operator.

    • Select Baseline Percentage to compare the ratio of the current indicator value to the indicator's baseline value.

      1. Click the Comparison drop-down and select a comparison operator.

      2. In the Threshold field, enter the percentage value at which to trigger / clear the condition.

    • Select Baseline Standard Deviation to compare the current indicator value to the indicator's expected regional value using standard deviations which is a measure that approximates the uncertainty of the value. Most data can be expected to be within six standard deviations of the baseline. A typical condition will test whether the data is above and/or below two or three standard deviations from the baseline value.

      1. Click the Standard Deviations drop-down and select the number of deviations. A smaller standard deviation means a tighter bracket on what is normal. The size of the standard deviation should represent the behavior of the data.

      2. Click the Direction drop-down and select Above, Below, or Above or below the baseline. The most common use case is for Above or below to have the condition test for deviations in both directions.

  4. The Duration field has two scenarios, a smoothing time duration or a detection time duration.

    • If you select Greater Than, Less Than, Equal To, Greater Than Equal To, Less Than Equal To, or Not Equal To in the Comparison field, enter the number of minutes for which the condition is to be met before the condition triggers/clears.

    • If you select Bad Polls, Changed, Changed From, or Changed To in the Comparison field, enter the number of minutes in which the condition must occur at least once before the condition triggers/clears. The Duration for these Comparisons must be equal to or greater than the poll frequency of the device or an alert does not trigger.

  5. Click the Aggregation drop-down and select a data aggregation method.

  6. In the Custom Message field, enter a custom message that is specific to the condition. The custom message appends to the trigger message or to the clear message when you select the Append Condition Message check box on the General Settings tab. You can enter variables to display such things as device name, IP address etc. Please see the Custom Message Variables list below.

    IMPORTANT

    Custom Message Variables apply to Metric policies only. These variables are not available for Flow policies.

  7. Click Save to save the condition.

Slope Condition

Slope conditions use a data window of six most recent data points (minimum of four valid points) to perform the deviation from average (DFA) calculation or the relative standard deviation (RSD) calculation. The result of the calculation is compared to the threshold you define in the condition to trigger or clear the policy. Slope conditions looks for variation of a value from the values that came before to measure the relative consistency. This detects a significant change in behavior over a short time. A data window consists of at least four successful poll points and at most six successful poll point. As each new data point is received, the oldest data point is dropped and the new data point is validated. Whenever there are between four and six valid data points, the calculation is performed for the condition.

There are two types of slope conditions

  • Slope Variance DFA - Algorithm = std::abs( (P-avg)/avg )

    • P = The value of the point.

    • avg = The average of the points within data window.

    • The return value is an absolute value that represents both increasing slope and decreasing slope at the same time.

  • Slope Variance RSD - Algorithm = (100*stdDev)/avg

    • stdDev = The standard deviation from data window.

    • avg = The average of the data window.

Perform the following steps to define a Slope condition.

  1. Click the Object drop-down and select an object on which to base the condition.

  2. Click the Indicator drop-down and select the indicator on which to base the condition.

  3. Click the Type drop-down.

    • Select Slope Variance DFA to compare the current indicator value to the indicator’s deviation from average value you define. This function calculates the degree to which the current value is different from the expected value and so the default threshold values are provided. This technique is also most effective when combined with other conditions.

    • Select Slope Variance RSD to compare the current indicator value to the indicator’s relative standard deviation value you define.

  4. Click the Comparison drop-down and select a comparison operator.

  5. In the Threshold field, enter the numeric value at which to trigger / clear the condition.

  6. Duration is irrelevant for the Slope Variance DFA condition type and for the Slope Variance RSD condition type.

  7. In the Custom Message field, enter a custom message that is specific to the condition. The custom message appends to the trigger message or to the clear message when you select the Append Condition Message check box on the General Settings tab. You can enter variables to display such things as device name, IP address etc. Please see the Custom Message Variables list below.

    IMPORTANT

    Custom Message Variables apply to Metric policies only. These variables are not available for Flow policies.

  8. Click Save to save the condition.

Time since newest data point Condition

Time since newest data point condition allows the system to detect when the number of seconds since the newest data point exceeds the configured threshold. It also detects when data from any source is not being collected for the configured object or if there is a problem in the pipeline which results in the system to be unable to collect the data from it.

Perform the following steps to define the condition.

  1. Click the Object drop-down and select an object on which to base the condition.

  2. Click the Indicator drop-down and select the indicator on which to base the condition.

  3. Click the Type drop-down and choose Time since newest data point.

  4. In the Threshold field, enter the number of seconds since the most recent data point on a given object.

  5. In the Custom Message field, enter a custom message that is specific to the condition. The custom message appends to the trigger message or to the clear message when you select the Append Condition Message check box on the General Settings tab. You can enter variables to display such things as device name, IP address etc. Please see the Custom Message Variables list below.

    IMPORTANT

    Custom Message Variables apply to Metric policies only. These variables are not available for Flow policies.

  6. Click Save to save the condition.

Custom Message Variables

You can use the following variables (listed in alphabetical order) when you enter a custom message for a trigger condition or a clear condition.

IMPORTANT

The custom message variables below apply to Metric thresholds only. These variables are not available for Flow thresholds.

  • $aggregationDuration displays the duration of the aggregation being used in this condition.

  • $aggregationOperation displays the aggregation being used in this condition.

  • $alertState displays the severity of the policy. For example, Emergency or Debug.

  • $alertType displays the technology type of the policy.

  • $baselineValue displays the baseline value for this hour.

  • $comparisonOperation displays the comparison operation being performed in this condition.

  • $comparisonUnits displays the units of measurement being used in this condition.

  • $comparisonValue displays the value being used for comparison in this condition.

  • $dataUnits displays the unit of measurement that is recorded for the indicator in this condition.

  • $dataValue displays the value observed or measured in this condition.

  • $deviceAltName displays the alternate name of the triggered device.

  • $deviceId displays the ID of the device associated with this condition.

  • $deviceIp displays the IP address of the device associated with this condition.

  • $deviceName displays the name of the device associated with this condition.

  • $indicatorDescription displays the indicator description associated with this condition.

  • $indicatorName displays the indicator name associated with this condition.

  • $objectAltName displays the alternate name of the triggered object.

  • $objectDescription displays the description of the object associated with this condition.

  • $objectId displays the ID of the object associated with this condition.

  • $objectName displays the object name associated with this condition.

  • $pluginDescription displays the description of the plugin. For example, SNMP Poller.

  • $pluginName displays the short name for the plugin. For example, SNMP.

  • $sigmaDirection displays the standard deviation direction used in this condition.

  • $sigmaValue displays the standard deviation value for this hour.

  • $thresholdId displays the ID of the threshold.

  • $thresholdName displays the name of the threshold.

  • $thresholdValue displays the reference value over which the condition triggers.

Boolean Operators

Boolean AND Operator

The Action icons enable you to create new conditions, create new rules, and to manage the conditions to rules assignments.

To combine several conditions as a Boolean AND operator, add all of the applicable conditions to a single rule so that the Trigger / Clear Conditions tab displays the conditions as Rule 1 | Conditions A AND B AND C, etc.

images/download/attachments/163972602/thresholdAND-version-1-modificationdate-1693242509835-api-v2.png

Boolean OR Operator

To combine several conditions as a Boolean OR operator, create two or more rules and add applicable conditions to the applicable rules so that the Trigger / Clear Condition tab displays the conditions for the first rule OR the conditions for the second rule, OR conditions for the third rule, etc.

Example

  • Create 3 conditions as shown below.

    images/download/attachments/163972602/thresholdAND-version-1-modificationdate-1693242509835-api-v2.png



  • When you create conditions A, B, and C, by default it creates Rule 1 as A AND B AND C.

  • Let's say you want the rule to be A AND B OR C.

  • Under Rules, click x on images/download/attachments/163972602/policyOR-eg-version-1-modificationdate-1693242509826-api-v2.png to remove condition C from Rule 1.

    images/download/attachments/163972602/policyRules---1-version-1-modificationdate-1693242509823-api-v2.png

  • Under Rules, click images/download/attachments/163972602/policyRulesConditionsDropdown-version-1-modificationdate-1693242509820-api-v2.png > Create New to create a new Rule. Rule 2 gets created but no condition is assigned to it.

    images/download/attachments/163972602/policyRules---2-version-1-modificationdate-1693242509817-api-v2.png

  • Now, select condition C under Conditions. Click images/download/attachments/163972602/policyRulesConditionsDropdown-version-1-modificationdate-1693242509820-api-v2.png under Conditions and select Add to Rule 2 to add condition C to rule 2. Condition C is now assigned to Rule 2.

    images/download/attachments/163972602/thresholdOR-version-1-modificationdate-1693242509809-api-v2.png
Created with Scroll Wiki HTML Exporter for Confluence.