cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Alert category / rule determination

Former Member

on ‎06-27-2006 1:38 PM

0 Kudos

Hi,

1) I have created a 'catch-all' rule for an alert category that was delivered upon initial installation ( RNIF Alert category which I assumed was triggered by the RNIF adapter when something goes wrong ).

This seemed to work.

However, I now experienced that this rule/alert seems to be triggered by ANY exception that occurs in XI -- also errors in other adapters/engines.

So I wonder how it works ?

From this experimenting, I would conclude that the system ignores the alert category passed in the input and only checks all rules : if the input matches a rule, the alert is triggered.

I indeed see that when a specific rule is triggered, also the catch-all rule is triggered resulting in 2 alerts ( with different alert category ) for the same error !!

Also, the display layout on the RWB seems to confirm this : you see all the rules on top in a list and the alert categories to which they belong don't seem to matter ( in the bottom )

Does anyone has similar experience with this ?

Without this knowledge, it's very difficult to setup a rock solid alert framework that will inform you of all issues correctly,

regards

Dirk

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

bhavesh_kantilal
Active Contributor
‎06-28-2006 4:55 AM
0 Kudos

Hi Dirk,

<i>if the input matches a rule, the alert is triggered.

I indeed see that when a specific rule is triggered, also the catch-all rule is triggered resulting in 2 alerts ( with different alert category ) for the same error !!</i>

There is an option called <b>Supress Multiple Alerts of this Rule</b> while defining the rule. By selecting this option, if there are 2 or more rules satisfying same criteria , then the Alert will not be triggered for which this option is selected .

Coming to the second part of your question . How are Aleert Rules / Category Related.

<b>When defining the Alert Rule, you can actually see the Alert Category to which this rule is associated with. I think the second row of the Alert Rule defintion after the Alert Rule Descrptiption is actually the Alert Category with whicch this Alert Rule is ascoiated.</b>

So, when an error occurs in XI,

1.it searches for Alert Rules which are assoociated with the error,

2.Determines the Alert Category for this Alert Rule

3.then determines the Long / short text and the recipeint form the Alert Category and triggers the Alert .

Hope this clarifies ,

Regards,

Bhavesh

Show replies
Show replies
Former Member
‎06-28-2006 6:52 AM
0 Kudos

Hi Bhavesh,

Thanks for your response ( which is indeeds corresponds to the way I would have expected it to work BUT IT DOESN'T -- at least in my case )

1) Option 'Suppres Multiple ALERTS'.

In my opinion, and in my experiments, this is used to suppress multiple occurences for the SAME ALERT. I have setup a 'catch all' ALERT in a alert category X ( meaning without any further conditions ) and a specific ALERT in alert category Y ( with filter on receiver part )

Even with the indicator flagged, I still get both alerts ( but each of course only once in case the same error happens multiple times )

2) I know that this is how the alert category and alert rule are associated but the point is that it doesn't seem to matter : I have 1 error triggering 2 ALERTS with different ALERT category !!!!!

Since I'm not in a BPM scenario, I don't specify anywhere which ALERT CATEGORY should be triggered : These are all errors alerts triggered by system and how would the system know which ( customer defined )alert categories should be triggered : So I think the system only looks at the rules !!

See extract from alert log :

20060627203902,9450000 0 27.06.2006 22:39:02 9d05d99005d911dbc5a000065bf4df3d

*Error records received from AF on host xxxxxxx014_DXI_30 (sysid: DXI client: ). Try to send Alert...

20060627203902,9450000 1 27.06.2006 22:39:02 9d05d99005d911dbc5a000065bf4df3d

*Call SALRT_CREATE_API(From: xxx To: xxx )

20060627203903,2730000 0 27.06.2006 22:39:03 9d05d99005d911dbc5a000065bf4df3d

Alert created:<AlertId:00448><RuleName:RNIF ALERTS OUTBOUND><AlertCategory:RNIF ALERTS>

20060627203903,2730000 1 27.06.2006 22:39:03 9d05d99005d911dbc5a000065bf4df3d

*Call SALRT_CREATE_API(From: xxx To: xxx )

20060627203903,5850000 0 27.06.2006 22:39:03 9d05d99005d911dbc5a000065bf4df3d

Alert created:<AlertId:00449><RuleName:GENERIC XI ALERTS><AlertCategory:GENERIC XI ALERTS>

So do you think this is 'works as designed' or should it stop after raising 1 alert and use a hierarchical way of checking the rules : First the most specific rules, and if still no alerts triggered, eventually raise a catch-all alert ?

regards

Dirk

bhavesh_kantilal
Active Contributor
‎06-28-2006 7:00 AM
0 Kudos

Hi Dirk,

<i>So do you think this is 'works as designed' or should it stop after raising 1 alert and use a hierarchical way of checking the rules : First the most specific rules, and if still no alerts triggered, eventually raise a catch-all alert ?</i>

Alert will be triggered for all alert rules satisfying the criteria. There is no otpion to specify Hierarchy for the Alert Rule ( desirable but currently unavailable).

In your case , maybe when the error occurs multiple alert rules match the criteria ( including NO RESTIRCTION ) and so multiple alerts are tiggered.

<i>Suppress Multiple Alerts of this Rule</i>

<b><i>In my opinion, and in my experiments, this is used to suppress multiple occurences for the SAME ALERT.</i>

</b>

Dirk, you ve hit the bulls eye.. just looked up the online documentation for this and this is what it states,

<b><i>If the Suppress Multiple Alerts of This Rule checkbox is selected (default setting), then no further alerts are generated once the rule has been met until the first alert has been confirmed.</i></b>

http://help.sap.com/saphelp_nw04/helpdata/en/56/d5b54020c6792ae10000000a155106/content.htm

Looks like my understanding was wrong for the second case.

Let me know if any other issues are not clear.

Regards,

Bhavesh

Former Member
‎06-28-2006 7:15 AM
0 Kudos

Hi Bavesh,

1) Yes indeed ( maybe it was not clear from the beginning ) , for my error both ALERT rules are of course valid ( otherwise this would really have been a bug ).

I really hope we can prioritize the rules soon as it's very difficult to setup a good framework without it

( 'be specific if needed, but end generic so that you don't miss anything...' )

2) 'Suppres multiple occurences' : No problem : You can assign me some points for clarifying

Thanks for your thoughs,

regards

Dirk

bhavesh_kantilal
Active Contributor
‎06-28-2006 7:20 AM
0 Kudos

Hi Dirk.

<i>I really hope we can prioritize the rules soon as it's very difficult to setup a good framework without it</i>

One option , would be while defining your Alert Catgory , you have can actually set the Priority as High , Low, medium.

though not the exact answer, maybe can help.

Points.. 10 points for this great insight..!! but alas I cannot assign them as you raised this thread..!!

Regards,

Bhavesh

Ask a Question