AggreGate has an extensive support for alerting, which is one of the essential tools in modern monitoring systems. Alerts notify system operators when something goes wrong in any part of a distributed system. Without alerts, an operator would have to constantly go around the system and click devices just to make sure everything is OK. Alerts ensure operators notice what they should notice.
Every user has his own set of alerts, but alerts can also be shared. An alert comprises:
Every alert has one or more triggers defining when to raise it. These can be either event triggers or state triggers.
Each trigger may check one or more devices or resources, e.g. all devices in a group. Combined with the ability to set up multiple triggers per alert, this allows very flexible setup.
Event trigger is raised when an event of a certain type conforms to the trigger condition. This condition is flexibly configured by an expression, allowing complex checkings. For example, a vehicle monitoring system may generate an alert if the impact event received from a vehicle controller indicates that impact strength exceeds a threshold.
Event triggers have support for event correlation, allowing an alert to be activated by the event of one type and deactivated by the event of another type (correlated event).
Any event trigger may be configured to activate only if more than N matching events were raised within a certain time frame.
State trigger can either be raised in response to a certain state, or to any change in the state of whatever is being monitored. State trigger periodically checks a certain variable's value (also pointed by a custom expression).
State triggers have configurable hysteresis (deadband) time for activating the alert only if the condition lasts longer than a certain time. For example, a state trigger may raise an alert if the temperature rises over 120 degrees for more than 3 minutes. Separate rearming hysteresis is also supported.
Plus, state triggers support value flapping (frequent change) detection that is reported as a separate alert type.
Alert notifications inform operators about alert conditions and provide related information. Notification types include:
In addition, alert's corrective actions may implement any other notification schemes.
Once raised, an alert may remain active while its causing condition is in force or until an event correlated to the activation event is received. The server keeps global active alert list and tracks active instances associated with every resource and device. Active alerts with high priority are usually visualized on system overview dashboards.