Single Metric Alarms
IO also offers single metric alarms, which are alarms that are based on all of the entity types and metrics available in your portal.
Single Metric Alarm behavior falls into two general categories:
For entity types whose data comes from a single device or source, alarms will be evaluated within one minute of data arriving at the system.
For entity types whose data could come from multiple sources (e.g., an Application entity with multiple host entities), alarms will be delayed by five minutes from the first observation of change plus additional time (up to a minute) for processing. Alarms will trigger immediately after the default delay or after all data arrives at the system, whichever comes first. Expiring previously triggered alarms will be evaluated based on available data. If new data arrives after an alarm has been triggered, the alarm rule will be re-evaluated using the latest data for the previous time interval. If re-evaluation results in triggering an alarm, an occurrence will be raised, even if the current occurrence has been cleared. If an alarm was already triggered and new data suggests the alarm is no longer required, it will not be cleared automatically.
Configuring a Single Metric Alarm
Enter a Name and Description for your alarm.
Select an entity type to alarm on. You can choose to alarm on all entities or only the entities assigned to a tier.
Apply a filter.
You can use entity filtering or data filtering. Refer to Report Filtering for more information on entity and data filtering. You can apply a filter to the entity selection if you wish to alarm only on specific entities. Alarm filtering is similar to report entity filtering.
To filter for specific entities, select the plus sign to add a filter, then Filter [Entity Type].
You can filter for entities in/not in a list, related to an entity, or with a specified property.
Select a metric.
If you selected Application as the entity type, you can choose to show all metrics or to show only the metrics applicable to the Application entity type. This reduces the selection to only those entities that are currently assigned to at least one application and hides unassigned entities from the list. The number of applicable metrics is displayed in the selection modal.
Tip
If you plan to add entity types to an application at a later time and want to configure your report, dashboard, or alarm to include metrics from those entity types in advance, check the Show All Metrics box so they are available for selection.
Configure the alarm parameters: threshold, Duration, and Severity.
Configure notifications.
You can set up a notification plan for the alarm rule to notify users when the alarm is triggered.
To add users to the notification plan, click the Add box and check the users to be added. You can also use an email distribution list for the notification plan.
Note
Available users are determined by the users listed in the LDAP and User Management sections of the Settings tab.
The Also Notify field provides the ability to email alarm notifications to people who are not registered users of IO. Unregistered users added to this field can only receive initial notifications about new cases, but do not receive any succeeding notifications, such as investigation updates.
Check the Enable SNMP box to send alarm details to a configured SNMP trap. You can use SNMP traps to automatically trigger actions based on your specific requirements. For more information on configuring SNMP traps, see the SNMP Traps topic in the Administering Your IO Portal section of the IO Administrator Guide.