HCO Study Guide for 1.4

Questions and Answers

What additional information can be viewed by clicking an anomalous alert in the Hybrid Cloud Observability?

Access control settings for the alert

Configuration changes made after the alert

Normal operating ranges and associated metric values (correct)

The history of all previous alerts

In the context of anomaly-based alerts, what is the purpose of the normal operating ranges (NOR)?

To set thresholds for alert prioritization

To provide baseline metrics for anomaly detection (correct)

To document the configurations of network devices

To indicate the number of active alerts at a given time

Which version of Hybrid Cloud Observability introduced the feature of viewing additional information for anomalous alerts?

2021.2

2022.3

2023.1 (correct)

2020.1

What type of information is specifically not sent from the SolarWinds Platform to SolarWinds Observability through Platform Connect?

User account settings related to alert management

Which of the following is true about the information transferred from the SolarWinds Platform to SolarWinds Observability?

Limited system and networking configurations

What is the primary purpose of trigger conditions in the SolarWinds Platform?

To initiate alert responses during specific situations

Which function must be performed first when creating alert conditions in the SolarWinds Platform?

Identify the objects to monitor

How are child conditions utilized within the trigger conditions for an alert?

They are evaluated sequentially in order

What is the function of the 'Show List' link in the alert setup process?

To view monitored objects for the alert

In what context do the trigger conditions apply in the SolarWinds Platform?

Specific products within the platform

What is a recommendation before creating alert conditions in the SolarWinds Platform?

Review best practices and tips for alerting

What should be established regarding the environment during alert setup?

The extent of environment monitoring

Which element is NOT represented as a line item in the alert's Actual Trigger Condition?

Alert escalation procedures

What happens when the 'Mute alerts' maintenance option is selected?

Data collection continues but alerts are suppressed.

Which method allows for canceling scheduled maintenance from the Node Details view?

Reviewing the maintenance information in Node Status and clicking Cancel.

To change or cancel maintenance for multiple nodes, which path should be followed?

Settings > Manage Nodes > Select nodes.

When is it possible to cancel scheduled maintenance from the Manage Entities page?

When alerts are muted.

What is the effect of selecting the 'Stop polling the node' maintenance option?

No data is collected nor are alerts triggered.

How can one reschedule maintenance for a node?

Access Node Details, find Management resource, and click Schedule.

Which of the following is NOT a maintenance option listed?

Schedule data collection.

What is required to successfully submit a change in maintenance mode?

The specification of a time period for the maintenance.

What is the first step to connect Hybrid Cloud Observability in High Availability mode using Platform Connect?

Build the Hybrid Cloud Observability standby server and create the HA pool.

Which option outlines the process to disable the connection between Hybrid Cloud Observability and SolarWinds Observability?

Navigate to Settings > All settings > Platform Connect section > Disable Connection.

What feature does AlertStack primarily provide?

Correlating alerts and events to identify root causes.

What feature allows users to navigate back and forth in time within the cluster on AlertStack?

Previous/Next Time Range

After installing the SolarWinds Observability Agent on the main server, what is the next recommended step?

Force a manual failover.

What action can be performed directly from AlertStack starting with version 2023.4?

Create SolarWinds Service Desk incidents

Which of the following actions is NOT part of the process to set up High Availability for Hybrid Cloud Observability?

Configuring network monitoring settings.

How can users adjust the visibility of the map and elements panel in AlertStack?

Using Panel Splitter Controls

What type of information is included in AlertStack for monitoring alerts?

Metrics, configuration changes, and device statuses.

What does the visualization feature of AlertStack provide?

Chronological views of events and related entities.

Which feature allows a user to display related elements of an entity on AlertStack?

Entity Occurrences

In the SolarWinds Platform, where do you navigate to edit the Platform Connector settings?

Settings > All settings > Platform Connect section.

What is the maximum entity count supported in AlertStack?

100

What function does the view list and map button serve in AlertStack?

It adjusts the panels for equal view of both elements and map

Which control is used to zoom in and out of the cluster map within AlertStack?

Map Controls

Which of the following can you filter on the AlertStack cluster details page?

Incident Number

What must be done to use the AlertStack feature?

Enable the AlertStack in the settings.

Which of the following describes how AlertStack handles polling for alerts?

It checks related entities for new alerts at every polling interval.

When accessing AlertStack, which of the following can you sort clusters by?

Start Date, End Date, and Severity

What is a potential consequence of enabling AlertStack?

Performance degradation of the SolarWinds Platform.

What function does the Time Frame Selector provide in AlertStack?

Allows selection of specific time intervals for alert data.

What is the default setting for the page size of clusters displayed in AlertStack?

10 clusters per page

How can a user search for a specific cluster in AlertStack?

By inputting the cluster ID prefixed with 'cluster-'

What action can be performed directly from AlertStack regarding SolarWinds Service Desk incidents?

Create incidents from alerts displayed in AlertStack.

Study Notes

How Alerts Work

• An alert is a notification of a problem with a monitored entity within the SolarWinds Platform
• The platform includes predefined alerts for common issues, such as a node or application going down, high interface utilization, or packet loss.
• Many predefined alerts are enabled by default, and you're notified immediately when adding devices to the SolarWinds Platform.
• SolarWinds suggests identifying parties who will receive warning or critical alerts.
• By default, alerts don't send emails or text messages; you must manually configure the email action.
• Alerts can be integrated with SolarWinds Help Desk.
• Alerts are displayed in Active Alerts widgets on the Orion Home page.
• You can acknowledge alerts, view details, and edit or disable alerts.

Alert Actions

• SolarWinds Platform offers various actions to signal alert conditions on a network.
• These actions include changing custom properties, creating ServiceNow or SolarWinds Service Desk incidents, sending paging or SMS messages, emailing web pages, running external programs, executing scripts, failing over to redundant servers, logging to files, logging to the NPM event log, changing virtual machine resources, deleting snapshots, moving/pausing/ powering virtual machines, restarting/suspending/ taking a snapshot of virtual machines, playing sounds, restarting IIS sites/application pools, sending SNMP traps, and more.
• Actions also include sending syslog messages, sending emails/pages, automatically setting custom statuses, using speech synthesizers to report alerts, and logging to Windows Event Logs.
• Actions like backup running config, execute config script, and showing last config changes are considered network configuration alert actions.

Defining Trigger Conditions

• Trigger conditions are complex steps in creating an alert.
• Alert triggers use child conditions.
• Conditions can be "true or false" to trigger a child condition.
• Options include single or double value comparisons and "and/or" blocks
• Choose what objects you want to monitor.
• Establish the scope of the alert by selecting all objects or a filtered subset.
• Create your trigger conditions
• Specify if "all child conditions must be satisfied" or if "at least one child condition must be satisfied"

Defining Reset Conditions

• Reset conditions determine how and when an alert instance is removed.
• A trigger condition can automatically reset the alert.
• Alerts can be reset after a specified time frame or when a trigger condition is no longer "true"
• Actions can be performed when reset conditions are met.

Actions When Alerts Are Triggered or Resolved

• Actions can be performed when alerts are triggered, such as sending emails, notifications and activating other actions (like, re-booting virtual machines)
• Trigger actions can be configured on multiple levels, such as first level, second level, and so on.
• Actions can be performed when alerts are resolved or reset. This may include stopping escalation procedures, performing actions to clear the alert, or any pre-configured actions.

Working with Preconfigured Alerts

• Preconfigured alerts are active and can be viewed on the Active Alerts page.
• You can acknowledge alerts by clicking 'Acknowledge'.
• You can view alert details by clicking an alert.
• You can work with alerts that have actions, such as those for a 'Neighbor is down' alert.

Enabling/Disabling/Pausing Alerts

• Enable or disable alerts via a toggle.
• Disable alerts for evaluation.
• Pause/resume alerts to adjust execution based on node status.
• Pausing alerts postpones their execution, later resuming triggered or non-reset alerts concurrently.

Encrypting Database Connections

• Encrypt network traffic between the SolarWinds Platform server and the SQL Server.
• SSL certificates are automatically trusted.
• If you have scalability engines, encrypt connections to the SQL Server on main and deployment servers.

Suspending Data Collection/Alerts for Nodes in Maintenance Mode

• Place nodes in Maintenance Mode to prevent alert messages and ensure the required data is collected during maintenance periods.
• Mute alerts for nodes, interfaces, and volumes, without interrupting data collection.
• Stop collecting data for nodes, interfaces, and volumes when in Maintenance Mode
• Schedule maintenance periods for alerts.

Anomaly-Based Alerting

• Anomaly-Based Alerting utilizes a cloud-based AI/Ops service to improve alerts.
• Anomaly-based alerts are triggered when unusual patterns, not solely thresholds, are identified.
• Anomaly alerts require a SolarWinds Platform server and an active Hybrid Cloud Observability Advanced license connected to a SolarWinds Observability account.
• Configuration is done via a guided wizard
• There is a training period where alerts are observed to establish normal operation ranges. This training period is completed automatically, and alerts will be triggered based on configurations.

AlertStack

• AlertStack correlates alerts, events, and problems on monitored entities to identify root causes.
• It provides a single view of related events and alerts, along with entity relationships.
• Users can view historical data and timelines to identify root causes and optimize alert setups.
• Actions can be taken to efficiently address related entities and critical issues, updating alert clusters dynamically.

Viewing Triggered Solarwinds Platform Alerts

• View active alerts in the Alerts & Activity > Alerts or the All Active Alerts widgets.
• View alert details and historical trigger frequency, and other related alerts.

Description

Test your knowledge on Hybrid Cloud Observability, focusing on anomalous alerts and their features. This quiz covers aspects such as normal operating ranges, information transfer, and version updates of the platform. Challenge your understanding and stay updated on the latest functionalities!