Configure the alert filtering rules

You can configure an alert filter to recognize a specific issue in your SolarWinds Orion Platform and create a help desk ticket based on that issue.

While Web Help Desk can support Orion Alerts from multiple servers, the product can only process up to 60 alerts per second. If the incoming Orion alerts exceed this limit, Web Help Desk will not be able to process all of the alerts.

Filters

Web Help Desk creates help desk tickets from Orion alerts by matching the Orion alert contents or features to filters you set up in the application. To create alert filtering rules, apply the property names that exist in your Web Help Desk Orion alerts.

These alerts can include default names or other types of name configurations assigned by the Orion user. After you set up the SolarWinds server in Web Help Desk and gather information about your Orion alerts and associated properties, configure Web Help Desk to transform Orion alerts into client tickets.

About rule configuration

By default, Web Help Desk does not monitor Orion Platform alerts. To transform alerts into Web Help Desk tickets, select and define the appropriate rules so the application can recognize the alerts.

The following table describes the filtering rule types.

Filtering rule type	Rule description
Matching Rule	Defines the characteristics alerts must contain for Web Help Desk to recognize and transform the alerts into tickets or ignore them. These characteristics include: Severity level (such as Notice, Information, Warning, Critical, and Serious) Field name (such as Date, Alert Type, Operating System, and so on) Operator (such as equals, is not equal to, starts with, and so on) Value, which can be any type of alphanumeric data
AND/OR block	Specifies whether Web Help Desk accepts or rejects alerts based on whether they meet Any or All child rules in a complex rule.
Child Rule	Provides additional filtering on existing rules. For example, when an initial filtering rule transforms all alerts with a Critical severity into tickets, you can create child rules to transform only Critical severity alerts from Windows 2008 and 2011 systems into Web Help Desk alerts.
Complex Rule	A set of rules that contain at least one parent rule (which can be a Matching rule or an AND/OR block), plus one or more child rules.

Matching rules

Adding a new matching rule notifies Web Help Desk to match certain variables in alert text fields or a defined severity level.

The following table provides the Web Help Desk filtering options.

Filter Option	Description
Accept alert	Enables Web Help Desk to recognize the alert.
Reject alert	Enables Web Help Desk to ignore the alert.
if Severity	Matches alerts by severity level. If you select this option, choose one of the following: is equal to: Select this option to match alerts by one of the following Orion alert levels: Notice, Information, Warning, Critical, or Serious. is not equal to: Select this option to match all severity levels except the one selected. If you select this option, choose one of the following alert levels to ignore: Notice, Information, Warning, Critical, or Serious.
if Alert Field	To further define rules, enter an Orion alert field variable.

In the following example, Web Help Desk will create a ticket from all Orion alerts containing Windows 8 in the Operating System field.

The Operating System field must be added to the Orion Alert integration.

Complex rules

You can add an And/Or block to a create a filter rule based on more than one condition. The Any rule creates a ticket when any child condition is true. The All rule creates a ticket only when all child conditions are true.

In the following All child rule example, a ticket is created when a node from an IP address is up and component availability is down.

Examples: Configure an alert filtering rule

You must configure an alert filtering rule with a severity or include a severity and a match to a specific alert field. You can add multiple alert field matches.

Configure a matching rule

The figures below show an example of a matching rule that accepts the alert if the value of the Node Status field is Up.

1. Click Add new matching rule.

   

2. Select Accept alert or Reject alert.

   

3. Configure the rule based on the severity of the alert, or an alert field value.

   For both the Accept alert and Reject alert options, Ignore case and Ignore white space are active by default. To ensure the best results, leave these options selected.

   

Add an And/Or block

The figures below show an example of an And/Or block that accepts the alert if the severity is Critical or if the value of the Node Status field is Up.

1. Click Add new And/Or block.

   

2. Select Accept alert or Reject alert.

   

3. Select if Any to configure an OR rule, or select if All to configure an AND rule.

   

4. Click Add Child Rule.

   

5. Configure the rule based on the severity of the alert, or an alert field value.

   

6. To add another child rule:

   1. In the Filters pane, click the And/Or block.

      

   2. In the Configure Complex Rule pane, click Add Child Rule.

   3. Configure the rule.