Selecting Alerts / Reports → Alerts displays the Alerts dashboard. The Alerts tab is highlighted.  


The UNUM Switch Analytics Alert module provides a method of creating Alerts notifying the user of critical monitored events.


UNUM provides access to specific feature help documentation via the Help Button  icon.


If Alerts have not previously been configured, you use the dashboard to set up the Alerts settings.



Note: The UNUM Alerts feature requires the UNUM-ALRT-LIC Pluribus UNUM add-on reporting license be installed. Please refer to the UNUM License Management section. DEMO (demonstration) licenses enable UNUM Alerts for a specific period of time.




Enter the desired Time zone.




Alerts / Reports Alerts Setup


Click Save to continue. A confirmation message appears when the time zone is successfully set. The dashboard updates with the desired timezone.


Use Edit to make further changes to the time zone.



Alerts / Reports Alerts Time Zone



Click Advanced to enter Proxy Settings, if required.


Options include: No Proxy, Manual Proxy or Use Automatic Proxy.


Follow the on-screen instructions for the option chosen and click Save to continue.



Alerts / Reports Alerts Proxy Settings


Notification Lists


Email


To enable Email, click the Email button. Enter the required settings.


Select Others to use your own email server or service provider or choose from Google Gmail or Amazon Simple Email Service (SES) providers.


Gmail users may wish to review these third-party supplementary configuration instructions.


In the case of an SMTP service provider server information is entered along with the service port and SSL encryption.


You must provide the senders email and check Enable Password when your email service provider requires it.



Alerts / Reports Alerts Email


Use the Test Email function to confirm the email service works.


A confirmation message appears when the email message is successfully sent.


If the settings are correct you should receive a test email message shortly.


Alerts / Reports -  Test Email Received


Webhook


To enableWebhook, click the Webhook button. Select +Add Webhook to configure a Webhook.


Enter the required information for Basic, OAuth or None for the type of Webhook connection needed.


Alerts /Reports Alerts Add Webhook Connection



Click Save to add the webhook. A confirmation message appears when the Webhook is successfully created.


You test the webhook connection using Test URL.


A confirmation message appears when the Webhook is successfully tested.



Alerts /Reports Alerts Add Webhook Test Connection


Webhook appears in the Alerts Dashboard.



Alerts /Reports Alerts Webhook Added


Index Pattern


Click Index to configure the Index Settings and Index Patterns for the Alert.


Before configuring Alerts, first enter the Index Patterns based on the type of data you require.


Alerts /Reports Alerts Index Settings



Index Patterns

Notes

all-audits

Audit information for events such as, login, logout, licenses added, etc.

all-connections

Connections captured every 60 seconds.

all-fabricresources

Fabric dashboard information such as VLANS, Tunnels, VFR and VNI.

all-hwutils

Fabric dashboard, L2 / L3, Routes and vFlow switch information.

all-meshpings

Mesh ping information such as ping failures.

all-portstatss

Port information captured every 5 seconds.

all-snmptraps

SNMP traps captured by UNUM - requires SNMP to be configured.

all-syslogs

Syslog events captured by UNUM - requires Syslog to be configured.

all-systemstatss

CPU and memory information captured every 30 seconds.

all-tunnelstatss

Tunnel statistics captured every 5 seconds.

all-vports

vPorts details captured every 60 seconds.


Alerts /Reports Alerts Index Pattern Types


If SNMP and/or SYSLOG are not configured in UNUM, the all-syslog and all-snmptraps patterns will not be available.


Once entered, the Index Pattern is displayed in the dashboard.


Enter the Index patterns, such as “all-connections”. A confirmation message appears.



Note: You must first add the indices you want to monitor in Index Settings, then they will show up as a drop down in the Index Pattern in the Alert Details.



The system will begin indexing the pattern and mapping data.


Alerts /Reports Alerts Index Pattern Mapping



The Index Pattern is displayed in the dashboard.


To setup a schedule to refresh the indices select REFRESH INDICES BY SCHEDULE and enter the desired frequency schedule and click Schedule.


Alerts /Reports Alerts Refresh Indices by Schedule



Create Alert


Once the Alerts configuration is complete you create an Alert by clicking, Schedule Alert.



Note: Before configuring Schedule Alert, first enter the Index Patterns based on the type of data you require under Index Pattern.

Index Patterns

Notes

all-audits

Audit information for events such as, login, logout, licenses added, etc.

all-connections

Connections captured every 60 seconds.

all-fabricresources

Fabric dashboard information such as VLANS, Tunnels, VFR and VNI.

all-hwutils

Fabric dashboard, L2 / L3, Routes and vFlow switch information.

all-meshpings

Mesh ping information such as ping failures.

all-portstatss

Port information captured every 5 seconds.

all-snmptraps

SNMP traps captured by UNUM - requires SNMP to be configured.

all-syslogs

Syslog events captured by UNUM - requires Syslog to be configured.

all-systemstatss

CPU and memory information captured every 30 seconds.

all-tunnelstatss

Tunnel statistics captured every 5 seconds.

all-vports

vPorts details captured every 60 seconds.

If SNMP and/or SYSLOG are not configured in UNUM, the all-syslog and all-snmptraps patterns will not be available.

Information is captured periodically by the Collector.

Unless otherwise scheduled, polling occurs at 60 second intervals.





Alerts /Reports Alerts - Create Alert



Enter the Alert Details as required. Scroll down to display additional alert fields.



Note: Easily lookup all Indexes using “all-connections” and “all-portstatss” in the INDEX NAME field.



Alerts /Reports Alerts - Create Alert Parameters


Alert Rule Types


  • Threshold – Match on any event matching a given filter


  • Spike – Match when the rate of events increases or decreases


  • New value – Match when a never before seen value appears in a field


  •  Repeated value – Match when a repeated value appears in a field


  • Flatline – when event threshold attains dead state i.e threshold < 1


Use Test Query to test the alert. The output reveals the Query and the Response.




Alerts /Reports Alerts - Test Query Output


Click Close to return to the previous screen.


Complete the Alert Conditions sections: Rule Type, Keyword Filter (as appropriate) Aggregation Filter, Query Filter and Group By ( as needed).


You must add at least one filter. The   + icon remains inactive until an Alert Conditions filter is complete.


Once a filter is complete, click the active  + icon to create the filter condition.


A red   - icon appears which you use to delete the filter if it is no longer required.


Repeat the process of adding filters, as required.


When complete, scroll to the end of the configuration window and click Schedule and Alert Action enter Schedule frequency (required parameter) and complete the required Alert Action.


Customize the alert message field as required.


Alerts /Reports Alerts Notification Settings



Click Save to save the Alert or Back to return to the previous screen without saving.


The Alert is then displayed on the Alerts dashboard.


Switch Analytics Alert Module Dashboard


Alerts Details, Alert Conditions, Schedule Details and Alert Action parameters can all be adjusted depending on the monitoring and alerting requirements.


You make further changes to the Alert selecting the Edit, Snooze, Clone or the Alert History icon under Action.


Switch Analytics Alerts Action Function


Alert History


You review alert history by clicking on the Alert History link.


Time range drilldown selections are Quick, Relative and Absolute. Time Window and No. of Documents provide more granular information.


Enter the desired Time Range and click GO to continue.



Alerts /Reports Alerts History



Alert Email - Example


The following is an example of an alert email message.



Alerts /Reports Alerts Email Example





When an alert email is generated, the body of the message contains a clickable link. The link takes you to the dashboard containing the alert data.


For example:


Alerts /Reports Alerts Clickable Link


To delete an Alert, select the rule to be deleted and click Delete.



Alerts /Reports Alerts Delete


Additional Information

UNUM Alerts is based on Skedler Alerts.

For more information on the use and configuration of Alerts refer to: Skedler Alerts User Guide.