alert checker for specific ping probes
Hi, I have a bunch of ping probes and I would like to write an alert for some (but not all). Since the hostname is the same for all, how can I differentiate between them in an alert checker...for example, I want to alert on this: [cid:image001.jpg@01DA551D.A2E6D3E0]
But not this: [cid:image002.jpg@01DA551D.A2E6D3E0]
thanks
Tony Guadagno O +1 585 577 1003 C +1 585 703 6700 E tonyg@guadagnoconsulting.commailto:tonyg@guadagnoconsulting.com [cid:image001.jpg@01D84DD6.FC9912E0]
Hi Tony,
You should be able to filter the alert on the message property
[image: image.png]
HTH,
Ahmed.
Le jeu. 1 févr. 2024, à 15 h 06, Tony Guadagno via observium < observium@lists.observium.org> a écrit :
Hi, I have a bunch of ping probes and I would like to write an alert for some (but not all). Since the hostname is the same for all, how can I differentiate between them in an alert checker…for example, I want to alert on this:
But not this:
thanks
Tony Guadagno
O +1 585 577 1003
C +1 585 703 6700
E tonyg@guadagnoconsulting.com
[image: cid:image001.jpg@01D84DD6.FC9912E0]
observium mailing list -- observium@lists.observium.org To unsubscribe send an email to observium-leave@lists.observium.org
Ahmed, thanks so much, I will give this a shot and let you know
Tony Guadagno O +1 585 577 1003 C +1 585 703 6700 E tonyg@guadagnoconsulting.commailto:tonyg@guadagnoconsulting.com [cid:image001.jpg@01D84DD6.FC9912E0]
From: Ahmed Rahal via observium observium@lists.observium.org Sent: Friday, February 2, 2024 5:45 PM To: Observium observium@lists.observium.org Cc: Ahmed Rahal arahal@fibrenoire.ca Subject: [Observium] Re: alert checker for specific ping probes
Hi Tony,
You should be able to filter the alert on the message property
[image.png]
HTH,
Ahmed.
Le jeu. 1 févr. 2024, à 15 h 06, Tony Guadagno via observium <observium@lists.observium.orgmailto:observium@lists.observium.org> a écrit : Hi, I have a bunch of ping probes and I would like to write an alert for some (but not all). Since the hostname is the same for all, how can I differentiate between them in an alert checker…for example, I want to alert on this: [cid:image006.jpg@01DA5607.65724B80]
But not this: [cid:image007.jpg@01DA5607.65724B80]
thanks
Tony Guadagno O +1 585 577 1003 C +1 585 703 6700 E tonyg@guadagnoconsulting.commailto:tonyg@guadagnoconsulting.com [cid:image001.jpg@01D84DD6.FC9912E0]
_______________________________________________ observium mailing list -- observium@lists.observium.orgmailto:observium@lists.observium.org To unsubscribe send an email to observium-leave@lists.observium.orgmailto:observium-leave@lists.observium.org
-- Ahmed Rahal Administrateur de Systèmes / Systems Administrator Videotron/Fibrenoire - www.fibrenoire.cahttp://www.fibrenoire.ca/ A: 612 Rue Saint-Jacques, Montréal, QC H3C 1E2 ahmed.rahal@videotron.commailto:ahmed.rahal@videotron.com Twitter: @fibrenoire
Ahmed, this did seem to work with one term, however, I when I tried exclude some devices, the rule is firing when it should not….for example. The device shown here is down, but I thought I was excluding that host from the rule….any idea’s whats wrong with my logic?
[cid:image001.jpg@01DA5847.0F111130]
Tony Guadagno O +1 585 577 1003 C +1 585 703 6700 E tonyg@guadagnoconsulting.commailto:tonyg@guadagnoconsulting.com [cid:image001.jpg@01D84DD6.FC9912E0]
From: Tony Guadagno via observium observium@lists.observium.org Sent: Friday, February 2, 2024 6:41 PM To: Observium observium@lists.observium.org Cc: Tony Guadagno tonyg@guadagno.org Subject: [Observium] Re: alert checker for specific ping probes
Ahmed, thanks so much, I will give this a shot and let you know
Tony Guadagno O +1 585 577 1003 C +1 585 703 6700 E tonyg@guadagnoconsulting.commailto:tonyg@guadagnoconsulting.com [cid:image001.jpg@01D84DD6.FC9912E0]
From: Ahmed Rahal via observium <observium@lists.observium.orgmailto:observium@lists.observium.org> Sent: Friday, February 2, 2024 5:45 PM To: Observium <observium@lists.observium.orgmailto:observium@lists.observium.org> Cc: Ahmed Rahal <arahal@fibrenoire.camailto:arahal@fibrenoire.ca> Subject: [Observium] Re: alert checker for specific ping probes
Hi Tony,
You should be able to filter the alert on the message property
[image.png]
HTH,
Ahmed.
Le jeu. 1 févr. 2024, à 15 h 06, Tony Guadagno via observium <observium@lists.observium.orgmailto:observium@lists.observium.org> a écrit : Hi, I have a bunch of ping probes and I would like to write an alert for some (but not all). Since the hostname is the same for all, how can I differentiate between them in an alert checker…for example, I want to alert on this: [cid:image006.jpg@01DA5847.0F111130]
But not this: [cid:image007.jpg@01DA5847.0F111130]
thanks
Tony Guadagno O +1 585 577 1003 C +1 585 703 6700 E tonyg@guadagnoconsulting.commailto:tonyg@guadagnoconsulting.com [cid:image001.jpg@01D84DD6.FC9912E0]
_______________________________________________ observium mailing list -- observium@lists.observium.orgmailto:observium@lists.observium.org To unsubscribe send an email to observium-leave@lists.observium.orgmailto:observium-leave@lists.observium.org
-- Ahmed Rahal Administrateur de Systèmes / Systems Administrator Videotron/Fibrenoire - www.fibrenoire.cahttp://www.fibrenoire.ca/ A: 612 Rue Saint-Jacques, Montréal, QC H3C 1E2 ahmed.rahal@videotron.commailto:ahmed.rahal@videotron.com Twitter: @fibrenoire
Hi Tony,
At first glance it should indeed be working, but I would use a regex for that
message notregexp .*-(atm|sp)-.*
Cannot test, am currently in a hurry, but give it a try ;)
Ahmed.
Le lun. 5 févr. 2024, à 15 h 40, Tony Guadagno via observium < observium@lists.observium.org> a écrit :
Ahmed, this did seem to work with one term, however, I when I tried exclude some devices, the rule is firing when it should not….for example. The device shown here is down, but I thought I was excluding that host from the rule….any idea’s whats wrong with my logic?
Tony Guadagno
O +1 585 577 1003
C +1 585 703 6700
E tonyg@guadagnoconsulting.com
[image: cid:image001.jpg@01D84DD6.FC9912E0]
*From:* Tony Guadagno via observium observium@lists.observium.org *Sent:* Friday, February 2, 2024 6:41 PM *To:* Observium observium@lists.observium.org *Cc:* Tony Guadagno tonyg@guadagno.org *Subject:* [Observium] Re: alert checker for specific ping probes
Ahmed, thanks so much, I will give this a shot and let you know
Tony Guadagno
O +1 585 577 1003
C +1 585 703 6700
E tonyg@guadagnoconsulting.com
[image: cid:image001.jpg@01D84DD6.FC9912E0]
*From:* Ahmed Rahal via observium observium@lists.observium.org *Sent:* Friday, February 2, 2024 5:45 PM *To:* Observium observium@lists.observium.org *Cc:* Ahmed Rahal arahal@fibrenoire.ca *Subject:* [Observium] Re: alert checker for specific ping probes
Hi Tony,
You should be able to filter the alert on the message property
[image: image.png]
HTH,
Ahmed.
Le jeu. 1 févr. 2024, à 15 h 06, Tony Guadagno via observium < observium@lists.observium.org> a écrit :
Hi, I have a bunch of ping probes and I would like to write an alert for some (but not all). Since the hostname is the same for all, how can I differentiate between them in an alert checker…for example, I want to alert on this:
But not this:
thanks
Tony Guadagno
O +1 585 577 1003
C +1 585 703 6700
E tonyg@guadagnoconsulting.com
[image: cid:image001.jpg@01D84DD6.FC9912E0]
observium mailing list -- observium@lists.observium.org To unsubscribe send an email to observium-leave@lists.observium.org
--
Ahmed Rahal
Administrateur de Systèmes / Systems Administrator
*Videotron**/Fibre**noire* - www.fibrenoire.ca
A: 612 Rue Saint-Jacques, Montréal, QC H3C 1E2
ahmed.rahal@videotron.com
Twitter: @fibrenoire _______________________________________________ observium mailing list -- observium@lists.observium.org To unsubscribe send an email to observium-leave@lists.observium.org
Ahmed, that did seem to work, thanks again for the suggestion!
Adam, can you explain why
Message notmatch *-sp-* Message notmatch *-atm-*
But
message notregexp .*-(atm|sp)-.*
does work?
Tony Guadagno O +1 585 577 1003 C +1 585 703 6700 E tonyg@guadagnoconsulting.commailto:tonyg@guadagnoconsulting.com [cid:image001.jpg@01D84DD6.FC9912E0]
From: Ahmed Rahal via observium observium@lists.observium.org Sent: Monday, February 5, 2024 7:01 PM To: Observium observium@lists.observium.org Cc: Ahmed Rahal arahal@fibrenoire.ca Subject: [Observium] Re: alert checker for specific ping probes
Hi Tony,
At first glance it should indeed be working, but I would use a regex for that
message notregexp .*-(atm|sp)-.*
Cannot test, am currently in a hurry, but give it a try ;)
Ahmed.
Le lun. 5 févr. 2024, à 15 h 40, Tony Guadagno via observium <observium@lists.observium.orgmailto:observium@lists.observium.org> a écrit : Ahmed, this did seem to work with one term, however, I when I tried exclude some devices, the rule is firing when it should not….for example. The device shown here is down, but I thought I was excluding that host from the rule….any idea’s whats wrong with my logic?
[cid:image006.jpg@01DA58D1.B7408900]
Tony Guadagno O +1 585 577 1003 C +1 585 703 6700 E tonyg@guadagnoconsulting.commailto:tonyg@guadagnoconsulting.com [cid:image001.jpg@01D84DD6.FC9912E0]
From: Tony Guadagno via observium <observium@lists.observium.orgmailto:observium@lists.observium.org> Sent: Friday, February 2, 2024 6:41 PM To: Observium <observium@lists.observium.orgmailto:observium@lists.observium.org> Cc: Tony Guadagno <tonyg@guadagno.orgmailto:tonyg@guadagno.org> Subject: [Observium] Re: alert checker for specific ping probes
Ahmed, thanks so much, I will give this a shot and let you know
Tony Guadagno O +1 585 577 1003 C +1 585 703 6700 E tonyg@guadagnoconsulting.commailto:tonyg@guadagnoconsulting.com [cid:image001.jpg@01D84DD6.FC9912E0]
From: Ahmed Rahal via observium <observium@lists.observium.orgmailto:observium@lists.observium.org> Sent: Friday, February 2, 2024 5:45 PM To: Observium <observium@lists.observium.orgmailto:observium@lists.observium.org> Cc: Ahmed Rahal <arahal@fibrenoire.camailto:arahal@fibrenoire.ca> Subject: [Observium] Re: alert checker for specific ping probes
Hi Tony,
You should be able to filter the alert on the message property
[image.png]
HTH,
Ahmed.
Le jeu. 1 févr. 2024, à 15 h 06, Tony Guadagno via observium <observium@lists.observium.orgmailto:observium@lists.observium.org> a écrit : Hi, I have a bunch of ping probes and I would like to write an alert for some (but not all). Since the hostname is the same for all, how can I differentiate between them in an alert checker…for example, I want to alert on this: [cid:image008.jpg@01DA58D1.B7408900]
But not this: [cid:image009.jpg@01DA58D1.B7408900]
thanks
Tony Guadagno O +1 585 577 1003 C +1 585 703 6700 E tonyg@guadagnoconsulting.commailto:tonyg@guadagnoconsulting.com [cid:image001.jpg@01D84DD6.FC9912E0]
_______________________________________________ observium mailing list -- observium@lists.observium.orgmailto:observium@lists.observium.org To unsubscribe send an email to observium-leave@lists.observium.orgmailto:observium-leave@lists.observium.org
-- Ahmed Rahal Administrateur de Systèmes / Systems Administrator Videotron/Fibrenoire - www.fibrenoire.cahttp://www.fibrenoire.ca/ A: 612 Rue Saint-Jacques, Montréal, QC H3C 1E2 ahmed.rahal@videotron.commailto:ahmed.rahal@videotron.com Twitter: @fibrenoire _______________________________________________ observium mailing list -- observium@lists.observium.orgmailto:observium@lists.observium.org To unsubscribe send an email to observium-leave@lists.observium.orgmailto:observium-leave@lists.observium.org
-- Ahmed Rahal Administrateur de Systèmes / Systems Administrator Videotron/Fibrenoire - www.fibrenoire.cahttp://www.fibrenoire.ca/ A: 612 Rue Saint-Jacques, Montréal, QC H3C 1E2 ahmed.rahal@videotron.commailto:ahmed.rahal@videotron.com Twitter: @fibrenoire
Adam, I'm open to any suggestions you have about how to improve this process. The problem I see is that I cannot use hostname because probes are all attached to the same host. I need to distinguish different probes. How else do I do that?
Tony Guadagno
O +1 585 577 1003
C +1 585 703 6700
E tonyg@guadagnoconsulting.commailto:tonyg@guadagnoconsulting.com
________________________________ From: Adam Armstrong via observium observium@lists.observium.org Sent: Tuesday, February 6, 2024 8:06:21 AM To: Observium observium@lists.observium.org Cc: Adam Armstrong adama@observium.org Subject: [Observium] Re: alert checker for specific ping probes
This is not really the right way to do it, because it’ll still be creating the alerts, they’ll just always be “ok”.
This is less bad on probes, but a really really bad idea to do on other things, as the alert entry table ends up scaling pretty painfully if you generate hundreds of thousands of alerts.
Adam.
Sent from my iPhone
On 6 Feb 2024, at 00:04, Ahmed Rahal via observium observium@lists.observium.org wrote:
Hi Tony,
At first glance it should indeed be working, but I would use a regex for that
message notregexp .*-(atm|sp)-.*
Cannot test, am currently in a hurry, but give it a try ;)
Ahmed.
Le lun. 5 févr. 2024, à 15 h 40, Tony Guadagno via observium <observium@lists.observium.orgmailto:observium@lists.observium.org> a écrit :
Ahmed, this did seem to work with one term, however, I when I tried exclude some devices, the rule is firing when it should not….for example. The device shown here is down, but I thought I was excluding that host from the rule….any idea’s whats wrong with my logic?
<image001.jpg>
Tony Guadagno
O +1 585 577 1003
C +1 585 703 6700
E tonyg@guadagnoconsulting.commailto:tonyg@guadagnoconsulting.com
<image003.jpg>
From: Tony Guadagno via observium <observium@lists.observium.orgmailto:observium@lists.observium.org> Sent: Friday, February 2, 2024 6:41 PM To: Observium <observium@lists.observium.orgmailto:observium@lists.observium.org> Cc: Tony Guadagno <tonyg@guadagno.orgmailto:tonyg@guadagno.org> Subject: [Observium] Re: alert checker for specific ping probes
Ahmed, thanks so much, I will give this a shot and let you know
Tony Guadagno
O +1 585 577 1003
C +1 585 703 6700
E tonyg@guadagnoconsulting.commailto:tonyg@guadagnoconsulting.com
<image003.jpg>
From: Ahmed Rahal via observium <observium@lists.observium.orgmailto:observium@lists.observium.org> Sent: Friday, February 2, 2024 5:45 PM To: Observium <observium@lists.observium.orgmailto:observium@lists.observium.org> Cc: Ahmed Rahal <arahal@fibrenoire.camailto:arahal@fibrenoire.ca> Subject: [Observium] Re: alert checker for specific ping probes
Hi Tony,
You should be able to filter the alert on the message property
<image005.png>
HTH,
Ahmed.
Le jeu. 1 févr. 2024, à 15 h 06, Tony Guadagno via observium <observium@lists.observium.orgmailto:observium@lists.observium.org> a écrit :
Hi, I have a bunch of ping probes and I would like to write an alert for some (but not all). Since the hostname is the same for all, how can I differentiate between them in an alert checker…for example, I want to alert on this:
<image006.jpg>
But not this:
<image007.jpg>
thanks
Tony Guadagno
O +1 585 577 1003
C +1 585 703 6700
E tonyg@guadagnoconsulting.commailto:tonyg@guadagnoconsulting.com
<image003.jpg>
_______________________________________________ observium mailing list -- observium@lists.observium.orgmailto:observium@lists.observium.org To unsubscribe send an email to observium-leave@lists.observium.orgmailto:observium-leave@lists.observium.org
--
Ahmed Rahal
Administrateur de Systèmes / Systems Administrator
Videotron/Fibrenoire - www.fibrenoire.cahttp://www.fibrenoire.ca/
A: 612 Rue Saint-Jacques, Montréal, QC H3C 1E2
ahmed.rahal@videotron.commailto:ahmed.rahal@videotron.com
Twitter: @fibrenoire
_______________________________________________ observium mailing list -- observium@lists.observium.orgmailto:observium@lists.observium.org To unsubscribe send an email to observium-leave@lists.observium.orgmailto:observium-leave@lists.observium.org
-- Ahmed Rahal Administrateur de Systèmes / Systems Administrator Videotron/Fibrenoire - www.fibrenoire.cahttp://www.fibrenoire.ca/ A: 612 Rue Saint-Jacques, Montréal, QC H3C 1E2 ahmed.rahal@videotron.commailto:ahmed.rahal@videotron.com Twitter: @fibrenoire _______________________________________________ observium mailing list -- observium@lists.observium.org To unsubscribe send an email to observium-leave@lists.observium.org
I answered this on the 3rd, but for some reason it doesn't seem to be in the list archives, though it's in my sent items.
----
The correct and only real way to tell probes created this way apart is by the user-defined probe description, which in this case actually does seemingly include the hostname.
It's a but clunky because it'd likely require a bunch of "OR" rules in the association ruleset to match each of the hostnames if a pattern can't exactly match what's needed, though.
Note that there's officially no direct support with the "Professional" edition, as it's intended for the service provider sector which often neither needs nor wants to pay for support. Enterprise is the officially supported product.
Though we do tend to answer most questions on the mailing list and discord if someone else doesn't answer them better first.
Thanks, adam.
Tony Guadagno via observium wrote on 2024-02-06 13:46:
Adam, I'm open to any suggestions you have about how to improve this process. The problem I see is that I cannot use hostname because probes are all attached to the same host. I need to distinguish different probes. How else do I do that?
Tony Guadagno
O+1 585 577 1003
C+1 585 703 6700
Etonyg@guadagnoconsulting.com mailto:tonyg@guadagnoconsulting.com
*From:* Adam Armstrong via observium observium@lists.observium.org *Sent:* Tuesday, February 6, 2024 8:06:21 AM *To:* Observium observium@lists.observium.org *Cc:* Adam Armstrong adama@observium.org *Subject:* [Observium] Re: alert checker for specific ping probes This is not really the right way to do it, because it’ll still be creating the alerts, they’ll just always be “ok”.
This is less bad on probes, but a really really bad idea to do on other things, as the alert entry table ends up scaling pretty painfully if you generate hundreds of thousands of alerts.
Adam.
Sent from my iPhone
On 6 Feb 2024, at 00:04, Ahmed Rahal via observium observium@lists.observium.org wrote:
Hi Tony,
At first glance it should indeed be working, but I would use a regex for that
message |notregexp| .*-(atm|sp)-.*
Cannot test, am currently in a hurry, but give it a try ;)
Ahmed.
Le lun. 5 févr. 2024, à 15 h 40, Tony Guadagno via observium <observium@lists.observium.org mailto:observium@lists.observium.org> a écrit :
Ahmed, this did seem to work with one term, however, I when I tried exclude some devices, the rule is firing when it should not….for example. The device shown here is down, but I thought I was excluding that host from the rule….any idea’s whats wrong with my logic? <image001.jpg> Tony Guadagno O +1 585 577 1003 C +1 585 703 6700 E tonyg@guadagnoconsulting.com <mailto:tonyg@guadagnoconsulting.com> <image003.jpg> *From:*Tony Guadagno via observium <observium@lists.observium.org <mailto:observium@lists.observium.org>> *Sent:* Friday, February 2, 2024 6:41 PM *To:* Observium <observium@lists.observium.org <mailto:observium@lists.observium.org>> *Cc:* Tony Guadagno <tonyg@guadagno.org <mailto:tonyg@guadagno.org>> *Subject:* [Observium] Re: alert checker for specific ping probes Ahmed, thanks so much, I will give this a shot and let you know Tony Guadagno O +1 585 577 1003 C +1 585 703 6700 E tonyg@guadagnoconsulting.com <mailto:tonyg@guadagnoconsulting.com> <image003.jpg> *From:*Ahmed Rahal via observium <observium@lists.observium.org <mailto:observium@lists.observium.org>> *Sent:* Friday, February 2, 2024 5:45 PM *To:* Observium <observium@lists.observium.org <mailto:observium@lists.observium.org>> *Cc:* Ahmed Rahal <arahal@fibrenoire.ca <mailto:arahal@fibrenoire.ca>> *Subject:* [Observium] Re: alert checker for specific ping probes Hi Tony, You should be able to filter the alert on the message property <image005.png> HTH, Ahmed. Le jeu. 1 févr. 2024, à 15 h 06, Tony Guadagno via observium <observium@lists.observium.org <mailto:observium@lists.observium.org>> a écrit : Hi, I have a bunch of ping probes and I would like to write an alert for some (but not all). Since the hostname is the same for all, how can I differentiate between them in an alert checker…for example, I want to alert on this: <image006.jpg> But not this: <image007.jpg> thanks Tony Guadagno O +1 585 577 1003 C +1 585 703 6700 E tonyg@guadagnoconsulting.com <mailto:tonyg@guadagnoconsulting.com> <image003.jpg> _______________________________________________ observium mailing list -- observium@lists.observium.org <mailto:observium@lists.observium.org> To unsubscribe send an email to observium-leave@lists.observium.org <mailto:observium-leave@lists.observium.org> -- Ahmed Rahal Administrateur de Systèmes / Systems Administrator *Videotron**/Fibre**noire* - www.fibrenoire.ca <http://www.fibrenoire.ca/> A: 612 Rue Saint-Jacques, Montréal, QC H3C 1E2 ahmed.rahal@videotron.com <mailto:ahmed.rahal@videotron.com> Twitter: @fibrenoire _______________________________________________ observium mailing list -- observium@lists.observium.org <mailto:observium@lists.observium.org> To unsubscribe send an email to observium-leave@lists.observium.org <mailto:observium-leave@lists.observium.org>
-- Ahmed Rahal Administrateur de Systèmes / Systems Administrator/ / *Videotron/Fibrenoire* - www.fibrenoire.ca http://www.fibrenoire.ca/ A: 612 Rue Saint-Jacques, Montréal, QC H3C 1E2 ahmed.rahal@videotron.com mailto:ahmed.rahal@videotron.com Twitter: @fibrenoire _______________________________________________ observium mailing list -- observium@lists.observium.org To unsubscribe send an email to observium-leave@lists.observium.org
observium mailing list -- observium@lists.observium.org To unsubscribe send an email to observium-leave@lists.observium.org
Oh wait, it just doesn't sort the messages in a useful manner.
https://lists.observium.org/hyperkitty/list/observium@lists.observium.org/me...
You're trying to do the matching in the wrong part of the alert config. The test conditions is not a suitable place to do entity associations, that's what association ruleset is for.
The two conditions likely didn't work because you only have limited control over the logic on the test conditions, but it's really not worth thinking about it too much. Just do the association in the association ruleset using the probe description, that does contain the hostname. Because you put it there.
adam.
Adam Armstrong via observium wrote on 2024-02-07 19:28:
I answered this on the 3rd, but for some reason it doesn't seem to be in the list archives, though it's in my sent items.
The correct and only real way to tell probes created this way apart is by the user-defined probe description, which in this case actually does seemingly include the hostname.
It's a but clunky because it'd likely require a bunch of "OR" rules in the association ruleset to match each of the hostnames if a pattern can't exactly match what's needed, though.
Note that there's officially no direct support with the "Professional" edition, as it's intended for the service provider sector which often neither needs nor wants to pay for support. Enterprise is the officially supported product.
Though we do tend to answer most questions on the mailing list and discord if someone else doesn't answer them better first.
Thanks, adam.
Tony Guadagno via observium wrote on 2024-02-06 13:46:
Adam, I'm open to any suggestions you have about how to improve this process. The problem I see is that I cannot use hostname because probes are all attached to the same host. I need to distinguish different probes. How else do I do that?
Tony Guadagno
O+1 585 577 1003
C+1 585 703 6700
Etonyg@guadagnoconsulting.com mailto:tonyg@guadagnoconsulting.com
*From:* Adam Armstrong via observium observium@lists.observium.org *Sent:* Tuesday, February 6, 2024 8:06:21 AM *To:* Observium observium@lists.observium.org *Cc:* Adam Armstrong adama@observium.org *Subject:* [Observium] Re: alert checker for specific ping probes This is not really the right way to do it, because it’ll still be creating the alerts, they’ll just always be “ok”.
This is less bad on probes, but a really really bad idea to do on other things, as the alert entry table ends up scaling pretty painfully if you generate hundreds of thousands of alerts.
Adam.
Sent from my iPhone
On 6 Feb 2024, at 00:04, Ahmed Rahal via observium observium@lists.observium.org wrote:
Hi Tony,
At first glance it should indeed be working, but I would use a regex for that
message |notregexp| .*-(atm|sp)-.*
Cannot test, am currently in a hurry, but give it a try ;)
Ahmed.
Le lun. 5 févr. 2024, à 15 h 40, Tony Guadagno via observium <observium@lists.observium.org mailto:observium@lists.observium.org> a écrit :
Ahmed, this did seem to work with one term, however, I when I tried exclude some devices, the rule is firing when it should not….for example. The device shown here is down, but I thought I was excluding that host from the rule….any idea’s whats wrong with my logic? <image001.jpg> Tony Guadagno O +1 585 577 1003 C +1 585 703 6700 E tonyg@guadagnoconsulting.com <mailto:tonyg@guadagnoconsulting.com> <image003.jpg> *From:*Tony Guadagno via observium <observium@lists.observium.org <mailto:observium@lists.observium.org>> *Sent:* Friday, February 2, 2024 6:41 PM *To:* Observium <observium@lists.observium.org <mailto:observium@lists.observium.org>> *Cc:* Tony Guadagno <tonyg@guadagno.org <mailto:tonyg@guadagno.org>> *Subject:* [Observium] Re: alert checker for specific ping probes Ahmed, thanks so much, I will give this a shot and let you know Tony Guadagno O +1 585 577 1003 C +1 585 703 6700 E tonyg@guadagnoconsulting.com <mailto:tonyg@guadagnoconsulting.com> <image003.jpg> *From:*Ahmed Rahal via observium <observium@lists.observium.org <mailto:observium@lists.observium.org>> *Sent:* Friday, February 2, 2024 5:45 PM *To:* Observium <observium@lists.observium.org <mailto:observium@lists.observium.org>> *Cc:* Ahmed Rahal <arahal@fibrenoire.ca <mailto:arahal@fibrenoire.ca>> *Subject:* [Observium] Re: alert checker for specific ping probes Hi Tony, You should be able to filter the alert on the message property <image005.png> HTH, Ahmed. Le jeu. 1 févr. 2024, à 15 h 06, Tony Guadagno via observium <observium@lists.observium.org <mailto:observium@lists.observium.org>> a écrit : Hi, I have a bunch of ping probes and I would like to write an alert for some (but not all). Since the hostname is the same for all, how can I differentiate between them in an alert checker…for example, I want to alert on this: <image006.jpg> But not this: <image007.jpg> thanks Tony Guadagno O +1 585 577 1003 C +1 585 703 6700 E tonyg@guadagnoconsulting.com <mailto:tonyg@guadagnoconsulting.com> <image003.jpg> _______________________________________________ observium mailing list -- observium@lists.observium.org <mailto:observium@lists.observium.org> To unsubscribe send an email to observium-leave@lists.observium.org <mailto:observium-leave@lists.observium.org> -- Ahmed Rahal Administrateur de Systèmes / Systems Administrator *Videotron**/Fibre**noire* - www.fibrenoire.ca <http://www.fibrenoire.ca/> A: 612 Rue Saint-Jacques, Montréal, QC H3C 1E2 ahmed.rahal@videotron.com <mailto:ahmed.rahal@videotron.com> Twitter: @fibrenoire _______________________________________________ observium mailing list -- observium@lists.observium.org <mailto:observium@lists.observium.org> To unsubscribe send an email to observium-leave@lists.observium.org <mailto:observium-leave@lists.observium.org>
-- Ahmed Rahal Administrateur de Systèmes / Systems Administrator/ / *Videotron/Fibrenoire* - www.fibrenoire.ca http://www.fibrenoire.ca/ A: 612 Rue Saint-Jacques, Montréal, QC H3C 1E2 ahmed.rahal@videotron.com mailto:ahmed.rahal@videotron.com Twitter: @fibrenoire _______________________________________________ observium mailing list -- observium@lists.observium.org To unsubscribe send an email to observium-leave@lists.observium.org
observium mailing list --observium@lists.observium.org To unsubscribe send an email toobservium-leave@lists.observium.org
observium mailing list -- observium@lists.observium.org To unsubscribe send an email to observium-leave@lists.observium.org
Adam, yes, that is just what I am looking for! I just tried it and it does reduce the device list down to what I would expect.
Thank you ahmed and adam!
Tony Guadagno O +1 585 577 1003 C +1 585 703 6700 E tonyg@guadagnoconsulting.commailto:tonyg@guadagnoconsulting.com [cid:image001.jpg@01D84DD6.FC9912E0]
From: Adam Armstrong via observium observium@lists.observium.org Sent: Wednesday, February 7, 2024 2:38 PM To: Adam Armstrong via observium observium@lists.observium.org Cc: Adam Armstrong adama@observium.org Subject: [Observium] Re: alert checker for specific ping probes
Oh wait, it just doesn't sort the messages in a useful manner.
https://lists.observium.org/hyperkitty/list/observium@lists.observium.org/me...
You're trying to do the matching in the wrong part of the alert config. The test conditions is not a suitable place to do entity associations, that's what association ruleset is for.
The two conditions likely didn't work because you only have limited control over the logic on the test conditions, but it's really not worth thinking about it too much. Just do the association in the association ruleset using the probe description, that does contain the hostname. Because you put it there.
adam.
Adam Armstrong via observium wrote on 2024-02-07 19:28:
I answered this on the 3rd, but for some reason it doesn't seem to be in the list archives, though it's in my sent items.
----
The correct and only real way to tell probes created this way apart is by the user-defined probe description, which in this case actually does seemingly include the hostname.
It's a but clunky because it'd likely require a bunch of "OR" rules in the association ruleset to match each of the hostnames if a pattern can't exactly match what's needed, though.
Note that there's officially no direct support with the "Professional" edition, as it's intended for the service provider sector which often neither needs nor wants to pay for support. Enterprise is the officially supported product.
Though we do tend to answer most questions on the mailing list and discord if someone else doesn't answer them better first.
Thanks, adam.
Tony Guadagno via observium wrote on 2024-02-06 13:46:
Adam, I'm open to any suggestions you have about how to improve this process. The problem I see is that I cannot use hostname because probes are all attached to the same host. I need to distinguish different probes. How else do I do that?
Tony Guadagno
O +1 585 577 1003
C +1 585 703 6700
E tonyg@guadagnoconsulting.commailto:tonyg@guadagnoconsulting.com
________________________________ From: Adam Armstrong via observium observium@lists.observium.orgmailto:observium@lists.observium.org Sent: Tuesday, February 6, 2024 8:06:21 AM To: Observium observium@lists.observium.orgmailto:observium@lists.observium.org Cc: Adam Armstrong adama@observium.orgmailto:adama@observium.org Subject: [Observium] Re: alert checker for specific ping probes
This is not really the right way to do it, because it’ll still be creating the alerts, they’ll just always be “ok”.
This is less bad on probes, but a really really bad idea to do on other things, as the alert entry table ends up scaling pretty painfully if you generate hundreds of thousands of alerts.
Adam.
Sent from my iPhone
On 6 Feb 2024, at 00:04, Ahmed Rahal via observium observium@lists.observium.orgmailto:observium@lists.observium.org wrote: Hi Tony,
At first glance it should indeed be working, but I would use a regex for that
message notregexp .*-(atm|sp)-.*
Cannot test, am currently in a hurry, but give it a try ;)
Ahmed.
Le lun. 5 févr. 2024, à 15 h 40, Tony Guadagno via observium <observium@lists.observium.orgmailto:observium@lists.observium.org> a écrit :
Ahmed, this did seem to work with one term, however, I when I tried exclude some devices, the rule is firing when it should not….for example. The device shown here is down, but I thought I was excluding that host from the rule….any idea’s whats wrong with my logic?
<image001.jpg>
Tony Guadagno
O +1 585 577 1003
C +1 585 703 6700
E tonyg@guadagnoconsulting.commailto:tonyg@guadagnoconsulting.com <image003.jpg>
From: Tony Guadagno via observium <observium@lists.observium.orgmailto:observium@lists.observium.org> Sent: Friday, February 2, 2024 6:41 PM To: Observium <observium@lists.observium.orgmailto:observium@lists.observium.org> Cc: Tony Guadagno <tonyg@guadagno.orgmailto:tonyg@guadagno.org> Subject: [Observium] Re: alert checker for specific ping probes
Ahmed, thanks so much, I will give this a shot and let you know
Tony Guadagno
O +1 585 577 1003
C +1 585 703 6700
E tonyg@guadagnoconsulting.commailto:tonyg@guadagnoconsulting.com <image003.jpg>
From: Ahmed Rahal via observium <observium@lists.observium.orgmailto:observium@lists.observium.org> Sent: Friday, February 2, 2024 5:45 PM To: Observium <observium@lists.observium.orgmailto:observium@lists.observium.org> Cc: Ahmed Rahal <arahal@fibrenoire.camailto:arahal@fibrenoire.ca> Subject: [Observium] Re: alert checker for specific ping probes
Hi Tony,
You should be able to filter the alert on the message property
<image005.png>
HTH,
Ahmed.
Le jeu. 1 févr. 2024, à 15 h 06, Tony Guadagno via observium <observium@lists.observium.orgmailto:observium@lists.observium.org> a écrit :
Hi, I have a bunch of ping probes and I would like to write an alert for some (but not all). Since the hostname is the same for all, how can I differentiate between them in an alert checker…for example, I want to alert on this: <image006.jpg>
But not this: <image007.jpg>
thanks
Tony Guadagno
O +1 585 577 1003
C +1 585 703 6700
E tonyg@guadagnoconsulting.commailto:tonyg@guadagnoconsulting.com <image003.jpg>
_______________________________________________ observium mailing list -- observium@lists.observium.orgmailto:observium@lists.observium.org To unsubscribe send an email to observium-leave@lists.observium.orgmailto:observium-leave@lists.observium.org
--
Ahmed Rahal
Administrateur de Systèmes / Systems Administrator
Videotron/Fibrenoire - www.fibrenoire.cahttp://www.fibrenoire.ca/
A: 612 Rue Saint-Jacques, Montréal, QC H3C 1E2
ahmed.rahal@videotron.commailto:ahmed.rahal@videotron.com
Twitter: @fibrenoire _______________________________________________ observium mailing list -- observium@lists.observium.orgmailto:observium@lists.observium.org To unsubscribe send an email to observium-leave@lists.observium.orgmailto:observium-leave@lists.observium.org
-- Ahmed Rahal Administrateur de Systèmes / Systems Administrator Videotron/Fibrenoire - www.fibrenoire.cahttp://www.fibrenoire.ca/ A: 612 Rue Saint-Jacques, Montréal, QC H3C 1E2 ahmed.rahal@videotron.commailto:ahmed.rahal@videotron.com Twitter: @fibrenoire _______________________________________________ observium mailing list -- observium@lists.observium.orgmailto:observium@lists.observium.org To unsubscribe send an email to observium-leave@lists.observium.orgmailto:observium-leave@lists.observium.org
_______________________________________________
observium mailing list -- observium@lists.observium.orgmailto:observium@lists.observium.org
To unsubscribe send an email to observium-leave@lists.observium.orgmailto:observium-leave@lists.observium.org
_______________________________________________
observium mailing list -- observium@lists.observium.orgmailto:observium@lists.observium.org
To unsubscribe send an email to observium-leave@lists.observium.orgmailto:observium-leave@lists.observium.org
Because probes are manually created, you have much more control over the description, you can put whatever you like in there, you could put "ALERT" or some other keyword in there, and then match that in the associations.
adam.
Tony Guadagno via observium wrote on 2024-02-07 20:20:
Adam, yes, that is just what I am looking for! I just tried it and it does reduce the device list down to what I would expect.
Thank you ahmed and adam!
Tony Guadagno
O +1 585 577 1003
C +1 585 703 6700
E tonyg@guadagnoconsulting.com mailto:tonyg@guadagnoconsulting.com
cid:image001.jpg@01D84DD6.FC9912E0
*From:*Adam Armstrong via observium observium@lists.observium.org *Sent:* Wednesday, February 7, 2024 2:38 PM *To:* Adam Armstrong via observium observium@lists.observium.org *Cc:* Adam Armstrong adama@observium.org *Subject:* [Observium] Re: alert checker for specific ping probes
Oh wait, it just doesn't sort the messages in a useful manner.
https://lists.observium.org/hyperkitty/list/observium@lists.observium.org/me...
You're trying to do the matching in the wrong part of the alert config. The test conditions is not a suitable place to do entity associations, that's what association ruleset is for.
The two conditions likely didn't work because you only have limited control over the logic on the test conditions, but it's really not worth thinking about it too much. Just do the association in the association ruleset using the probe description, that does contain the hostname. Because you put it there.
adam.
Adam Armstrong via observium wrote on 2024-02-07 19:28:
I answered this on the 3rd, but for some reason it doesn't seem to be in the list archives, though it's in my sent items. ---- The correct and only real way to tell probes created this way apart is by the user-defined probe description, which in this case actually does seemingly include the hostname. It's a but clunky because it'd likely require a bunch of "OR" rules in the association ruleset to match each of the hostnames if a pattern can't exactly match what's needed, though. Note that there's officially no direct support with the "Professional" edition, as it's intended for the service provider sector which often neither needs nor wants to pay for support. Enterprise is the officially supported product. Though we do tend to answer most questions on the mailing list and discord if someone else doesn't answer them better first. Thanks, adam. Tony Guadagno via observium wrote on 2024-02-06 13:46: Adam, I'm open to any suggestions you have about how to improve this process. The problem I see is that I cannot use hostname because probes are all attached to the same host. I need to distinguish different probes. How else do I do that? Tony Guadagno O +1 585 577 1003 C +1 585 703 6700 E tonyg@guadagnoconsulting.com <mailto:tonyg@guadagnoconsulting.com> ------------------------------------------------------------------------ *From:*Adam Armstrong via observium <observium@lists.observium.org> <mailto:observium@lists.observium.org> *Sent:* Tuesday, February 6, 2024 8:06:21 AM *To:* Observium <observium@lists.observium.org> <mailto:observium@lists.observium.org> *Cc:* Adam Armstrong <adama@observium.org> <mailto:adama@observium.org> *Subject:* [Observium] Re: alert checker for specific ping probes This is not really the right way to do it, because it’ll still be creating the alerts, they’ll just always be “ok”. This is less bad on probes, but a really really bad idea to do on other things, as the alert entry table ends up scaling pretty painfully if you generate hundreds of thousands of alerts. Adam. Sent from my iPhone On 6 Feb 2024, at 00:04, Ahmed Rahal via observium <observium@lists.observium.org> <mailto:observium@lists.observium.org> wrote: Hi Tony, At first glance it should indeed be working, but I would use a regex for that message |notregexp|.*-(atm|sp)-.* Cannot test, am currently in a hurry, but give it a try ;) Ahmed. Le lun. 5 févr. 2024, à 15 h 40, Tony Guadagno via observium <observium@lists.observium.org <mailto:observium@lists.observium.org>> a écrit : Ahmed, this did seem to work with one term, however, I when I tried exclude some devices, the rule is firing when it should not….for example. The device shown here is down, but I thought I was excluding that host from the rule….any idea’s whats wrong with my logic? <image001.jpg> Tony Guadagno O +1 585 577 1003 C +1 585 703 6700 E tonyg@guadagnoconsulting.com <mailto:tonyg@guadagnoconsulting.com> <image003.jpg> *From:*Tony Guadagno via observium <observium@lists.observium.org <mailto:observium@lists.observium.org>> *Sent:* Friday, February 2, 2024 6:41 PM *To:* Observium <observium@lists.observium.org <mailto:observium@lists.observium.org>> *Cc:* Tony Guadagno <tonyg@guadagno.org <mailto:tonyg@guadagno.org>> *Subject:* [Observium] Re: alert checker for specific ping probes Ahmed, thanks so much, I will give this a shot and let you know Tony Guadagno O +1 585 577 1003 C +1 585 703 6700 E tonyg@guadagnoconsulting.com <mailto:tonyg@guadagnoconsulting.com> <image003.jpg> *From:*Ahmed Rahal via observium <observium@lists.observium.org <mailto:observium@lists.observium.org>> *Sent:* Friday, February 2, 2024 5:45 PM *To:* Observium <observium@lists.observium.org <mailto:observium@lists.observium.org>> *Cc:* Ahmed Rahal <arahal@fibrenoire.ca <mailto:arahal@fibrenoire.ca>> *Subject:* [Observium] Re: alert checker for specific ping probes Hi Tony, You should be able to filter the alert on the message property <image005.png> HTH, Ahmed. Le jeu. 1 févr. 2024, à 15 h 06, Tony Guadagno via observium <observium@lists.observium.org <mailto:observium@lists.observium.org>> a écrit : Hi, I have a bunch of ping probes and I would like to write an alert for some (but not all). Since the hostname is the same for all, how can I differentiate between them in an alert checker…for example, I want to alert on this: <image006.jpg> But not this: <image007.jpg> thanks Tony Guadagno O +1 585 577 1003 C +1 585 703 6700 E tonyg@guadagnoconsulting.com <mailto:tonyg@guadagnoconsulting.com> <image003.jpg> _______________________________________________ observium mailing list -- observium@lists.observium.org <mailto:observium@lists.observium.org> To unsubscribe send an email to observium-leave@lists.observium.org <mailto:observium-leave@lists.observium.org> -- Ahmed Rahal Administrateur de Systèmes / Systems Administrator *Videotron**/Fibre**noire* - www.fibrenoire.ca <http://www.fibrenoire.ca/> A: 612 Rue Saint-Jacques, Montréal, QC H3C 1E2 ahmed.rahal@videotron.com <mailto:ahmed.rahal@videotron.com> Twitter: @fibrenoire _______________________________________________ observium mailing list -- observium@lists.observium.org <mailto:observium@lists.observium.org> To unsubscribe send an email to observium-leave@lists.observium.org <mailto:observium-leave@lists.observium.org> -- Ahmed Rahal Administrateur de Systèmes / Systems Administrator *Videotron**/Fibre**noire* - www.fibrenoire.ca <http://www.fibrenoire.ca/> A: 612 Rue Saint-Jacques, Montréal, QC H3C 1E2 ahmed.rahal@videotron.com <mailto:ahmed.rahal@videotron.com> Twitter: @fibrenoire _______________________________________________ observium mailing list -- observium@lists.observium.org <mailto:observium@lists.observium.org> To unsubscribe send an email to observium-leave@lists.observium.org <mailto:observium-leave@lists.observium.org> _______________________________________________ observium mailing list --observium@lists.observium.org <mailto:observium@lists.observium.org> To unsubscribe send an email toobservium-leave@lists.observium.org <mailto:observium-leave@lists.observium.org> _______________________________________________ observium mailing list --observium@lists.observium.org <mailto:observium@lists.observium.org> To unsubscribe send an email toobservium-leave@lists.observium.org <mailto:observium-leave@lists.observium.org>
observium mailing list -- observium@lists.observium.org To unsubscribe send an email to observium-leave@lists.observium.org
participants (3)
-
Adam Armstrong
-
Ahmed Rahal
-
Tony Guadagno