First Response Policy

Introduction

First Response Policy in OpsRamp allows you deliver first response actions to reduce redundant and repeated alerts. The first response actions are driven by machine-learning such as resolving an alert or providing a root cause of the alert before assigning the alert to an appropriate user. Addressing each and every alert with manual, labor-intensive processes is a tedious task. First response policies act as a first response mechanism for frequent and unnecessary alerts.

OpsRamp provides two options for configuring first response policies:

  • Time-Based Suppression (Suppress seasonal and periodic alerts): This option is suited to suppress alerts that occur in a periodically repeating pattern. For example:

    • CPU and memory alerts from a server due to nightly backup jobs

    • Availability alerts from cloud VMs that are automatically shut down nightly

    OpsRamp automatically learns occurrence patterns of alerts and suppresses those alerts that occur at a predictable sequence. If such an auto-suppressed alert should remain open for longer than predicted, OpsRamp automatically un-suppresses the alert ensuring that the conditions responsible for the real problem and need user attention are not lost.

  • Attribute-Based Suppression (Suppress alerts that match specific characteristics): This option is suited to suppress known alerts that are always suppressed as part of a standard operating procedure. You need to provide data in CSV format that includes examples of alerts that need to be suppressed as input. To let OpsRamp automatically learn which alerts needs to be suppressed based on existing data, you can select the continuous learning option. OpsRamp automatically starts suppressing alerts on behalf of users after learning about the suppressing patterns followed by users.

Create First Response Policy

First response policy allows you to to auto-suppress alerts as a first response mechanism for frequent and unnecessary alarms.

Perform the following steps to create a first response policy:

  1. Log into OpsRamp.

  2. Click All Clients and from the displayed list select a client.

  3. From the options in the drop-down menu, select Setup.

  4. From the left pane, click Alert Management menu and then click First Response. First Response Policies page is displayed.

  5. Click Add to create a first response policy. New First Response Policy page is displayed.

  6. Provide unique name for the policy.

  7. Select a client from the Client drop-down menu.

  8. Select the required enabled mode from the Enabled drop-down menu. Description of Multiple Enabling Modes for First Response Policy

    Enabled Mode

    Description

    ON

    First Response policy is created and alert suppression is performed.

    Observed

    Observed mode enables you to see potential alerts that would be suppressed by the policy without creating a real First Response policy. In Observed mode, an Observed alert is created for each alert that is to be suppressed. You can view the Observed alerts in the Alerts browser. These alerts are indicated with Observed status. Any action performed on an alert with Observed status does not affect the actual alert.

    Note: You can only perform Close action on an alert having Observed status.

    OFF

    First Response policy is created, but no alert suppression is performed.

After providing the initial details for the policy, apply the first response policy to relevant client resources.

Filter Criteria

In filter criteria section, select resources whose alerts match this policy.

Perform the following steps:

  1. Select Filter Criteria. Filter condition fields appear.

  2. Select Any to filter alerts that match any of the rules or select All to filter alerts that match all the rules.

  3. From the Native Attributes drop-down list:

    • Select Native Attributes to use the available attributes that are predefined in the OpsRamp. Example: Host Name, DNS Name or IP Address.

    • Select Custom Attributes to filter the alerts based on specific custom attributes of a client or a resource.

  4. From attributes drop-down list, select required attribute.

  5. From Operators drop-down list, select required Operator and provide the values. Note: Click to add additional filter criteria.

Policy Definition

Define conditions for suppressing alerts.

Perform the following steps:

  1. Select either of the following options:

    • Select Time Based to analyze seasonal patterns and suppress alerts without any human intervention.

    • Select Attribute Based to suppress alerts that match specific conditions. This model requires a training data file in CSV format that includes examples of alerts that need to be suppressed. OpsRamp applies machine-learning to learn patterns from the input CSV file and uses the learned pattern to drive auto-suppression of alerts. The learned models are applied against the incoming alerts. If you select Attribute Based option, perform the following steps:

      1. Click Drop the training data file here, or browse to upload a CSV file.

        Note: One client can upload only one training file. Changing the training file affects all learned policies of the client.

      2. Select the file from your local folder. On uploading the file Input and Output columns appear.

      3. Validate the Input and Output columns.

      4. Enable Continuous Learning toggle button to let OpsRamp automatically learn which alerts needs to be auto-suppressed based on the suppress actions in the existing data. OpsRamp will automatically start suppressing alerts on behalf of users after learning about the suppressing patterns followed by users.

      5. Click Continue to Model Training. The accuracy of the trained First Response policy appears in the Trained Model Summary section.

  2. Click Save.

First response policy is created and appears in the First Response Policies page.

First Response Policies List

Once a policy is saved, the policy appears on First Response Policies page.

You can view information about the number of times a pattern was detected and number of automatic suppression already performed. If you hover over the ML icon, you can view the model accuracy and number of seasonal patterns matched.

Notes:

  • If the policy is Time based, you can view the number of seasonal patterns matched.

  • If the policy is Attribute based, you can view the model accuracy.

  • If the policy is both Time based and Attribute based, you can view the model accuracy and the number of seasonal patterns matched.

Appendix: Creating a training CSV file

Prior to enabling the attribute based auto-suppression model, create a CSV file and add the alert attributes to the file.

Notes:

Important points to consider while creating a CSV file:

  • Maximum file size must be 100 MB

  • Each column in CSV must have a column header

PreviousScheduled MaintenanceNextGetting Started with APIs

Last updated

Was this helpful?