Make sense of SCOM Alerts with SquaredUp 4.7
One of the most common complaints about SCOM is the noisiness of alerts from Management Packs. Getting on top of these alerts can be a huge challenge and often the thing that most gets in the way of an organization getting value out of SCOM.
In SquaredUp version 4.7, our recent feature-packed update, we bring you three new alert-handling super-powers to help you get on top of alerts. Read on to learn what they are, but don't forget to also check out the blogs on our other new features.
Firstly, we added a new pre-built dashboard of Actionable Alerts, as seen below. This shows you, the logged-in user, a clear simple summary to help you prioritize your workload. At the top you see the alerts that are assigned to you – open and recently closed – as well as a visualization of all open alerts by severity, priority and resolution state.
With a single click you can drill in to see a summary of each alert, in context, so that you can investigate and fix. More of that later…
Secondly, we have added an Alert History dashboard that shows you a detailed analysis of alerts over time, to help you identify the noisiest management packs and objects.
In the example below you can see that we are getting 226 alerts per day, which is just too much to handle for our very small team – there is a danger that we won’t see the forest for the trees.
But thanks to this dashboard you can also see that a third of these alerts are coming from two sources: a constantly failing web availability test (either the test is too sensitive, or the app is in a very bad way – I think unfortunately it’s the latter – we need to speak urgently to that dev team 😊) – and a failover alert on our f5 load balancer. Traffic has been getting through fine, so that is almost certainly an alert that is too sensitive. From the dashboard it looks like there are a couple of quick wins to help our team get back on top of things.
[For the SquaredUp pro users – this dashboard uses our SQL tile to query the SCOM data warehouse – no setup required – just use the connection string “global:dw”. It’s a very powerful capability!]
The last alert superpower we added in version 4.7 comes in when you click to investigate a specific alert. When you click into the alert, we show you several alert “perspectives”. A perspective is an automatically generated dashboard showing you views of relevant data for any selected object – see this article for how you can edit these or create your own. We have now added a powerful new alert perspective - “Alert Analytics”. This will show you, for your selected alert rule, the average time to resolution, the frequency of triggering, and a list of other alerts of the same type open on other objects, so you can quickly see if the alert rule needs tuning, and also see if the alert you’re drilling into is part of a bigger pattern.
Where to get these cool features
If you are an existing SquaredUp user wondering how to get hold of these new Dashboards, the good news is that you will get them just by upgrading to version 4.7. In the previous release (4.6) we enhanced the install setup so that Dashboard Packs could be updated automatically, and version 4.7 takes full advantage of this.
And for more background on alert management in SCOM, here are a couple of helpful resources. Richard Benwell shared some great tips for managing SCOM alerts in a recent blog post. And Bruce Cullen from our sister company Cookdown gave a great talk at the recent Scomathon on EasyTune, their free tool for tuning SCOM alerts.
Thank you for reading - don't forget to check out our blogs on the other new features we've introduced!