A user asked for a solution to filter alerts and only trigger them for specific tagged endpoints. Another user suggested using the _device_name index as a condition in a new alert, which would only send alerts for those 8 endpoints. The original user will try this out and the suggested method can potentially be used for other situations as well.
Read the entire ‘Ways to Filter Alerts in ControlUp’ thread below:
I have a somewhat urgent ask this morning. I have three specific Event IDs where alerts are already set up. Out of the 500 endpoints that currently have the ControlUp Agent installed I only need to receive alerts from 8 endpoints. These 8 endpoints all have a Device Tag.
Right now I have to go through every single alert to see which ones are coming from those 8 endpoints. Is there a way to filter alerts so they only trigger when these tagged endpoints are involved? Hoping for a solution this morning.
HI , What index are you using when you created the alerts ?
Perhaps the CU team can comment if they have a better way
they way that i wouldve done it as follow
im taking that you are using win_event_log as your index , but you will see there is no tag , but you do have device_name
take those device names and add condition
__device_name – contains -_ Hostname.fqdn||Hostname.fqdn||Hostname.fqdn||Hostname.fqdn
Create a new alert and call it soething else like VIP Event ID ….
if you do this on the current alert , the other 492 will not send alerts if they do trigger the event only those 8 devices will
my 5c
I like your idea! I did not think about using the _device_name index. And yes, I am using the win_event_log index.
you said "__device__name index "
you need to use _device_name as a condition
Yes…sorry. That’s what I meant.
cool
Continue reading and comment on the thread ‘Ways to Filter Alerts in ControlUp’. Not a member? Join Here!
Categories: All Archives, ControlUp for Desktops, ControlUp Scripts & Triggers