Do we need to create seperate policies for alert conditions of different applications OR Should we keep all the alerts along with their alert ids in Single Policy that is integrated with Alert Manager?
You can have conditions from different apps under the same policy.
The policy will determine what notification channels and incident preferences will be used by the conditions that it contains so, it would depend on how you want or organize and group your conditions.
Please let me know if you have any doubts.
okay, but keeping all alert conditions in single policy will let us know that failure occcured but won’t tell us which monitor triggered the alert i.e. monitor id is not mentioned in alerts.
If you use an NRQL alert condition FACETed on the monitor name or ID, then the ID will be passed in the notification, for example:
SELECT count(*) FROM SyntheticCheck WHERE result = 'FAILED' FACET monitorId
I’m wondering if you have any doubts?
Thanks @philweber for the solution.
Ok, using facet monitor id we can get the id in the notification recieved but what if we have different notification channels for different applications and we have to use only one common DJAlert policy. How should we configure this scenario?
You cannot do that. Notification channels belong to the alert policy; if you want to notify different channels, you will have to create separate policies.
@philweber is correct about how policies relate to notification channels.
Policies are also currently a container that can buy used to group alert violations into the same incident in order to reduce noise, and improve the troubleshooting process.
Later this year, we will be releasing a new capability called “Workflows”. This new capability will allow you to specify different notification destinations (aka channels) based on a flexible mapping of metadata about the Incidents. This will allow individual conditions in the same policy to use different notification destinations (channels). It will also allow you to do such things as send notifications for Incidents with a “warning” level severity to a different destination that you use for “critical” incidents, etc.
Follow the #whats-on-deck tag to be notified about the things that are in active development, and coming soon.
I have used this alert condition to get alerts notification on any voilation in any of the monitors for a particular application and faceted monitor id as follows:
SELECT percentage(count(*), WHERE result=‘FAILED’) AS ‘ErrorRate’ FROM SyntheticCheck WHERE monitorId = '82e851bf-7960-491c-a814-9d9ab9e5eed9’OR monitorId = 'af69e278-cfa7-4f5d-8e71-b7a93d0e98f8’OR monitorId = '734641ec-c3bd-4f96-8008-19cedf78da95’OR monitorId = '3ab60f13-b1e1-4675-9bfa-1e636ec2d39e’OR monitorId = '5c3efed9-0532-4b17-bd97-2defeffd0b20’OR monitorId = 'cacbbfc6-2a4a-4319-8bc4-e3f468b00306’OR monitorId = '47115b0c-4685-4558-b6d7-a08a44ab8be5’OR monitorId = 'f3bb5afa-c83a-4575-9586-ba3290ae46d1’OR monitorId = 'ec3508ef-b972-4f45-ac0c-a405c331dcc4’OR monitorId = 'cf65e02f-d2d7-4255-941a-051c99a52d1c’OR monitorId = 'd68647a4-3990-41ef-ab63-8cd3e6ee34a5’OR monitorId = '740bb217-203c-45b7-82f5-a98c68c3d80e’OR monitorId = '4e4f7fed-0cb0-48dd-ac68-282a551b4c7c’OR monitorId = 'ef5197f8-c48d-4a39-bac7-cdba8e9246b9’OR monitorId = ‘ca7a700a-8115-4d6c-a344-8b56508ff17f’ FACET monitorId
But when i recieved the alert notification, i didn’t get to know the monitor id in it.
@philweber - Are you talking about monitor id in incident that occurs? Also please let us know if this query is fine in order to get notified when any monitor among suppose 20 monitors voilates that belongs to a specific application. And if 2 or more monitor fails, will this generate those many number of alerts at the same time?