Alerting with Monitors
You create monitors to set thresholds that trigger alerts to notify you about issues related to the resources in your network. For example, you can create a monitor to alert for node write latency for any of a multitude of protocols.
Monitors and Alerting is available in all Cloud Insights Editions, however, Basic Edition is subject to the following:
* You may only have up to five custom monitors active at a time. Any monitors beyond five will be created in or moved to Paused state.
* VMDK, Virtual Machine, Host, and DataStore metrics monitors are not supported. If you have monitors created for these metrics, they will be paused and cannot be resumed when downgrading to Basic Edition.
Monitors allow you to set thresholds on metrics generated by "infrastructure" objects such as storage, VM, EC2, and ports, as well as for "integration" data such as those collected for Kubernetes, ONTAP advanced metrics, and Telegraf plugins. These metric monitors alert you when warning-level or critical-level thresholds are crossed.
You can also create monitors to trigger warning-, critical-, or informational-level alerts when specified log events are detected.
Cloud Insights provides a number of System-Defined Monitors as well, based on your environment.
Security Best Practice
Cloud Insights alerts are designed to highlight data points and trends in your environment, and Cloud Insights allows you to enter any valid email address as an alert recipient. If you are working in a secure environment, be especially mindful of who is receiving the notification or otherwise has access to the alert.
Metric or Log Monitor?
From the Cloud Insights menu, click Alerts > Manage Monitors
The Monitors list page is displayed, showing currently configured monitors.
To modify an existing monitor, click the monitor name in the list.
To add a monitor, Click + Monitor.
When you add a new monitor, you are prompted to create a Metric Monitor or a Log Monitor.
Metric monitors alert on infrastructure- or performance-related triggers
Log monitors alert on log-related activity
After you choose your monitor type, the Monitor Configuration dialog is displayed. Configuration varies depending on which type of monitor you are creating.
In the drop-down, search for and choose an object type and metric to monitor.
You can set filters to narrow down which object attributes or metrics to monitor.
When working with integration data (Kubernetes, ONTAP Advanced Data, etc.), metric filtering removes the individual/unmatched data points from the plotted data series, unlike infrastructure data (storage, VM, ports etc.) where filters work on the aggregated value of the data series and potentially remove the entire object from the chart.
|To create a multi-condition monitor (e.g., IOPS > X and latency > Y), define the first condition as a threshold and the second condition as a filter.|
Define the Conditions of the Monitor.
After choosing the object and metric to monitor, set the Warning-level and/or Critical-level thresholds.
For the Warning level, enter 200 for our example. The dashed line indicating this Warning level displays in the example graph.
For the Critical level, enter 400. The dashed line indicating this Critical level displays in the example graph.
The graph displays historical data. The Warning and Critical level lines on the graph are a visual representation of the Monitor, so you can easily see when the Monitor might trigger an alert in each case.
For the occurence interval, choose Continuously for a period of 15 Minutes.
You can choose to trigger an alert the moment a threshold is breached, or wait until the threshold has been in continuous breach for a period of time. In our example, we do not want to be alerted every time the Total IOPS peaks above the Warning or Critical level, but only when a monitored object continuously exceeds one of these levels for at least 15 minutes.
When creating a Log monitor, first choose which log to monitor from the available log list. You can then filter based on the available attributes as above. You can also choose one or more "Group By" attributes.
|The Log Monitor filter cannot be empty.|
Define the alert Behavior
You can create the monitor to alert with a severity level of Critical, Warning, or Informational, when the conditions you defined above occur once (i.e. immediately), or wait to alert until the conditions occur 2 times or more.
Define the alert resolution behavior
You can choose how a log monitor alert is resolved. You are presented with three choices:
Purge after the data retention period (please refer to the Editions Page for details). Note that the Monitor has no resolution condition by definition, so an Alert will stay active and suppress all subsequent alerts with matching group_by generated by this monitor, until the data retention period has passed.
Resolve based on log entry: Resolve alert when the log line is discovered as outlined in the following definition, or purge after the data retention period.
Select notification type and recipients
In the Set up team notification(s) section, you can choose whether to alert your team via email or Webhook.
Alerting via Email:
Specify the email recipients for alert notifications. If desired, you can choose different recipients for warning or critical alerts.
Alerting via Webhook:
Specify the webhook(s) for alert notifications. If desired, you can choose different webhooks for warning or critical alerts.
|ONTAP Data Collector notifications take precedence over any specific Monitor notifications that are relevant to the cluster/data collector. The recipient list you set for the Data Collector itself will receive the data collector alerts. If there are no active data collector alerts, then monitor-generated alerts will be sent to specific monitor recipients.|
Setting Corrective Actions or Additional Information
You can add an optional description as well as additional insights and/or corrective actions by filling in the Add an Alert Description section. The description can be up to 1024 characters and will be sent with the alert. The insights/corrective action field can be up to 67,000 characters and will be displayed in the summary section of the alert landing page.
In these fields you can provide notes, links, or steps to take to correct or otherwise address the alert.
Save your Monitor
If desired, you can add a description of the monitor.
Give the Monitor a meaningful name and click Save.
Your new monitor is added to the list of active Monitors.
The Monitor page lists the currently configured monitors, showing the following:
Object/metric being monitored
Conditions of the Monitor
You can choose to temporarily pause monitoring of an object type by clicking the menu to the right of the monitor and selecting Pause. When you are ready to resume monitoring, click Resume.
You can copy a monitor by selecting Duplicate from the menu. You can then modify the new monitor and change the object/metric, filter, conditions, email recipients, etc.
If a monitor is no longer needed, you can delete it by selecting Delete from the menu.
Grouping allows you to view and manage related monitors. For example, you can have a monitor group dedicated to the storage in your environment, or monitors relevant to a certain recipient list.
The following monitor groups are shown. The number of monitors contained in a group is shown next to the group name.
All Monitors lists all monitors.
Custom Monitors lists all user-created monitors.
Suspended Monitors will list any system monitors that have been suspended by Cloud Insights.
Cloud Insights will also show a number of System Monitor Groups, which will list one or more groups of system-defined monitors, including ONTAP Infrastructure and Workload monitors.
|Custom monitors can be paused, resumed, deleted, or moved to another group. System-defined monitors can be paused and resumed but can not be deleted or moved.|
This group will only be shown if Cloud Insights has suspended one or more monitors. A monitor may be suspended if it is generating excessive or continuous alerts. If the monitor is a custom monitor, modify the conditions to prevent the continuous alerting, and then resume the monitor. The monitor will be removed from the Suspended Monitors group when the issue causing the suspension is resolved.
These groups will show monitors provided by Cloud Insights, as long as your environment contains the devices and/or log availability required by the monitors.
System-Defined monitors cannot be modified, moved to another group, or deleted. However, you can duplicate a system monitor and modify or move the duplicate.
System monitors may include monitors for ONTAP Infrastructure (storage, volume, etc.) or Workloads (i.e. log monitors), or other groups. NetApp is constantly evaluating customer need and product functionality, and will update or add to system monitors and groups as needed.
Custom Monitor Groups
You can create your own groups to contain monitors based on your needs. For example, you may want a group for all of your storage-related monitors.
To create a new custom monitor group, click the "+" Create New Monitor Group button. Enter a name for the group and click Create Group. An empty group is created with that name.
To add monitors to the group, go to the All Monitors group (recommended) and do one of the following:
To add a single monitor, click the menu to the right of the monitor and select Add to Group. Choose the group to which to add the monitor.
Click on the monitor name to open the monitor’s edit view, and select a group in the Associate to a monitor group section.
Remove monitors by clicking on a group and selecting Remove from Group from the menu. You can not remove monitors from the All Monitors or Custom Monitors group. To delete a monitor from these groups, you must delete the monitor itself.
|Removing a monitor from a group does not delete the monitor from Cloud Insights. To completely remove a monitor, select the monitor and click Delete. This also removes it from the group to which it belonged and it is no longer available to any user.|
You can also move a monitor to a different group in the same manner, selecting Move to Group.
To pause or resume all monitors in a group at once, select the menu for the group and click Pause or Resume.
Use the same menu to rename or delete a group. Deleting a group does not delete the monitors from Cloud Insights; they are still available in All Monitors.
Cloud Insights includes a number of system-defined monitors for both metrics and logs. The system monitors available are dependent on the data collectors present in your environment. Because of that, the monitors available in Cloud Insights may change as data collectors are added or their configurations changed.
View the System-Defined Monitors page for descriptions of monitors included with Cloud Insights.