Adding hosts that are affected to datasource alerts #387
Comments
|
Sorry for the late answer, being pretty busy these days. To answer your question, the reason why Trackme does not simply give this information is that in many use cases this is more complex than just that, a data source can be pretty much anything and providing the host level affected is not necessary meaningful. However, did you have a look at the Smart Status alert action? Basically, when the alert triggers and if the action is enabled, it performs some levels of automated investigations, if the root cause if latency or delay related, it extracts the top 10 host affected by the KPI and store these information in the TrackMe summary index. This is probably what you are after, you could have a second layer looking at these information, or either have you automation triggering a call to the Smart Status endpoint. |
Hey Guilhem
Is your feature request related to a problem? Please describe.
We've setup datasource alerts in Trackme, however when the alerts come through, they don't list the hostnames of the servers that are affected by the missing datasources. ( This may already exist and I'm missing it)
Describe the solution you'd like
We would like to add the affected hosts to the alert. This will help us automate incident creation.
Describe alternatives you've considered
We've looked at an alternative searches to extract data from the index and run a map and tstats command but can't get them to work.
Additional context
Happy to provide the SPL of the searches that we have so far if you want to have a look.
The text was updated successfully, but these errors were encountered: