Configuring an Alarm Rule Template
Select an alarm rule from the list of standard alarm rule templates.
The New Rule screen is displayed. All rule screens have the following common areas:
Name / Description
Entities
Parameters
Notifications / Enable
Enter a name and description for the new alarm.
If tiers have been configured, you can choose whether to alarm on all tiers, or just a single tier.
Note
Alarms default to all tiers. You must select a tier to override this.
Choose the entity type to be observed by the alarm rule.
You can use the search field to find a specific entity type.
Note
Only the entity types appropriate to the alarm rule are displayed.
Note
All entity types are now available for selection in the Seasonal Trend Deviation alarm.
Applying Filters
You can use entity filtering or data filtering. Refer to Report Filtering for more information on entity and data filtering. You can apply a filter to the entity selection if you wish to alarm only on specific entities. Alarm filtering is similar to report entity filtering.
To filter for specific entities, select the plus sign to add a filter, then Filter [Entity Type].
You can filter for entities in/not in a list, related to an entity, or with a specified property.
Configure the alarm rule parameters.
In the parameter section, set the threshold(s), duration, and severity. Thresholds may differ for each alarm rule but there is always a duration and severity level for each alarm rule template.
Note
The Parameters area on each page is unique to the rule template.
Note
Duration is now called Window as of IO 7.0.
Note
The Seasonal Trend Deviation alarm type provides for selecting more than one metric as shown below.
Configure notifications.
You can set up a notification plan for the alarm rule to notify users when the alarm is triggered.
To add users to the notification plan, click the Add box and check the users to be added. You can also use an email distribution list for the notification plan.
Note
Available users are determined by the users listed in the LDAP and User Management sections of the Settings tab.
The Also Notify field provides the ability to email alarm notifications to people who are not registered users of IO. Unregistered users added to this field can only receive initial notifications about new cases, but do not receive any succeeding notifications, such as investigation updates.
(Optional) If Slack Integration is configured, add a specific Slack Channel or choose Use Global Default.
Check the Enable SNMP box to send alarm details to a configured SNMP trap. You can use SNMP traps to automatically trigger actions based on your specific requirements. For more information on configuring SNMP traps, see the SNMP Traps topic in the Administering Your IO Portal section of the IO Administrator Guide.