Our Intelligent Monitoring and Alerting system now includes Actionable Alerts with a new Group By feature. This feature allows you to receive grouping of metric values vs receiving a multiple single alerts for the metric. For instance, with Endpoints, you can group by Name, Manufacture, Model, Status, and Tags, and receive a single alert grouping of metrics for the group of devices.
However, there are some limitations to the Group By feature. To track the various permutations and combinations for each category, all the options, except for Status in the Group By Advanced items list were implemented with the understanding that these items are immutable.
Many customers prefer to group by a tag for an endpoint. For most, this isn't an issue as once a tag is set, it typically doesn't change. However, if your endpoint tags are frequently changing (system tags for example), we advise against using the group by or a dynamic filter on tags. This is because it can trigger false alerts - one alert for the endpoint instance with the current tag, and another for the same endpoint with the old tag. This can cause the endpoint alert to fire and then show a clear event shortly after.
If you notice multiple alert and clear events coming from an endpoint, we recommend checking if you are filtering or using the group by on tags, and see if the tag has recently changed. Please note, it could take up to 30 days for the endpoint instance with the old tag to disappear from our alerting system.
In the coming weeks, we will be releasing our event-based monitoring for Cisco endpoints. This will serve as a workaround to the issue with Group By and the use of tags in the monitor, until we develop a solution for tag changes and endpoints.
Comments
Please sign in to leave a comment.