SCP HCO Fundamental Study Guide for 1.4 PDF

Summary

This document provides information about alerts and actions within the SolarWinds platform. The document appears to be related to system administration, focusing on how alerts work and the actions that can be configured.

Full Transcript

7/23/24, 6:10 PM How alerts work

Search NPM Documentation 

How alerts work
An alert is a notification that there is a problem with a monitored entity. The SolarWinds Platform
comes with hundreds of predefined alerts for common problems, such as a node or application going
down, high interface utilization, or packet loss.

Many predefined alerts are enabled by default, so if there are problems, you are alerted as soon as
you discover your network and add discovered devices toSolarWinds Platform.

SolarWinds recommends that you identify who will receive warning or critical alerts.

By default, alerts do not send emails and text messages. You need to configure the default
information in the email action first.

You can also integrate alerts with SolarWinds Help Desk.

By default, alerts appear in the Active Alerts widgets on the Orion Home page.

https://documentation.solarwinds.com/en/success_center/npm/content/onboarding/npm_ob_alerts_reports.htm 1/2
7/23/24, 6:10 PM How alerts work

To see all alerts, click the All Active Alerts button in the Active Alerts widget, or go to Alerts & Activity
> Alerts. On this page, you can:

Acknowledge an alert that you are working on
Click on any alert to go to the Alert Details page for more information
Click Manage Alerts to enable/disable, add, or edit any alert

You can create your own alerts, either by modifying a predefined alert, or by creating a custom alert.
See Getting Started Guide 2 - Customize.

© 2003-2021 SolarWinds Worldwide, LLC. All rights reserved.

https://documentation.solarwinds.com/en/success_center/npm/content/onboarding/npm_ob_alerts_reports.htm 2/2
7/23/24, 6:10 PM Alert actions available in the SolarWinds Platform

Search SolarWinds Platform Documentation 

Alert actions available in the SolarWinds Platform
This SolarWinds Platform topic applies only to the following products:
Hybrid Cloud Observability Essentials — Hybrid Cloud Observability Advanced
DPAIM — IPAM — LA — NAM — NCM — NPM — NTA — SAM — SCM — SRM — UDT — VMAN — VNQM
— WPM

SolarWinds Platform products provide a variety of actions to signal an alert condition on your
network.

For information on configuring each action, refer to the following list.

Change a custom property alert action in the SolarWinds Platform
Create a ServiceNow incident in the SolarWinds Platform
Create a SolarWinds Service Desk incident in the SolarWinds Platform
Dial a paging or SMS service in the SolarWinds Platform
Email a web page to users in the SolarWinds Platform
Execute an external program in the SolarWinds Platform
Execute an external Visual Basic script in the SolarWinds Platform
Failover to a standby server in the SolarWinds Platform
Log the alert message to a file in the SolarWinds Platform
Log the alert to the NPM event log
Change the resource allocation of a virtual machine in the SolarWinds Platform
Delete a snapshot of a virtual machine in the SolarWinds Platform
Move a virtual machine to a different host in the SolarWinds Platform
Move a virtual machine to a different storage in the SolarWinds Platform
Pause a virtual machine in the SolarWinds Platform
Power off a virtual machine in the SolarWinds Platform
Power on a virtual machine in the SolarWinds Platform
Restart a virtual machine in the SolarWinds Platform
Suspend a virtual machine in the SolarWinds Platform
Take a snapshot of a virtual machine in the SolarWinds Platform
Play a sound when an alert is triggered in the SolarWinds Platform
Restart IIS sites or application pools in the SolarWinds Platform
Send an SNMP trap in the SolarWinds Platform
Send a GET or POST request through HTTP or HTTPS in the SolarWinds Platform

https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-available-alert-actions-sw1076.htm 1/5
7/23/24, 6:10 PM Alert actions available in the SolarWinds Platform

Send a syslog message in the SolarWinds Platform
Send an email or page in the SolarWinds Platform
Manually set a custom status in the SolarWinds Platform
Use the speech synthesizer to read alerts in the SolarWinds Platform
Log an alert to the Windows Event Log in the SolarWinds Platform

Network configuration alert actions

Backup Running Config
Execute Config Script
Show Last Config Changes

© 2003-2021 SolarWinds Worldwide, LLC. All rights reserved.

https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-available-alert-actions-sw1076.htm 2/5
7/23/24, 6:10 PM Alert actions available in the SolarWinds Platform

https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-available-alert-actions-sw1076.htm 3/5
7/23/24, 6:10 PM Alert actions available in the SolarWinds Platform

https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-available-alert-actions-sw1076.htm 4/5
7/23/24, 6:10 PM Alert actions available in the SolarWinds Platform

https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-available-alert-actions-sw1076.htm 5/5
7/23/24, 6:11 PM Define the conditions that must exist to trigger an alert in the SolarWinds Platform

Search SolarWinds Platform Documentation 

Define the conditions that must exist to trigger an
alert in the SolarWinds Platform
This SolarWinds Platform topic applies only to the following products:
Hybrid Cloud Observability Essentials — Hybrid Cloud Observability Advanced
DPAIM — IPAM — LA — NAM — NCM — NPM — NTA — SAM — SCM — SRM — UDT — VMAN — VNQM
— WPM

The trigger condition is the most complex step in creating an alert. Before you begin, you may want to
revisit the Best practices and tips for alerting in the SolarWinds Platform. To see an example of
completed trigger conditions, see the Email me when a Windows server goes down in the SolarWinds
Platform topic.

Trigger conditions are built using child conditions that are evaluated in order. Child conditions are
represented as a line item under the Actual Trigger Condition. You can have multiple trigger condition
blocks with multiple child conditions.

Filter your environment to only display the objects you want to monitor in The scope of alert.
Use the Show List link to view all of the objects that the alert monitors.

1. Choose what objects you want to monitor in the I want to alert on field.
2. Establish how much of your environment you want to monitor in The scope of alert.

You can monitor all objects in your environment or filter your environment to a specific set of
objects.
3. Create your trigger condition.

a. Choose if the child conditions must be true or false to trigger the alert.
All child conditions must be satisfied (AND) - Every child condition must be met
https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-setting-trigger-conditions-sw1034.htm 1/4
7/23/24, 6:11 PM Define the conditions that must exist to trigger an alert in the SolarWinds Platform

At least one child condition must be satisfied (OR) - At least one child condition
must be true
All child conditions must NOT be satisfied - Every child condition must be false
At least one child condition must NOT be satisfied - At least one child condition
must be false
b. Click the + sign to add child conditions.
Add Single Value Comparison (Recommended) - The child condition evaluates a
single field, like Status
Add Double Value Comparison - The child condition evaluates two conditions, such
as Status and OS
Add And/Or block - Adds a sub condition block

Use the X at the end of each child condition to delete it, or use the drop-down menu
at the top of the block to delete the entire condition.

c. Select the object you want the child condition to evaluate, and then select which field you
want to evaluate. In the example screenshot, the object is "Node" and the field is "Status".

You can evaluate objects based on variables or macros.

d. Select how you want to compare the polled value of the field to the value entered here,
and then enter the value. In the example screenshot, the comparison is "is equal to" and
the value is "Down".
e. To use more complex conditions, such as evaluating when an application on a specific
server is down and a different application on another server is down, enable complex
conditions under Advanced options.
See Building Complex Conditions for more information, or visit THWACK, SolarWinds'
community website, for support from other users.

f. Choose how long the condition must exist before an alert is triggered. This prevents
receiving alerts when the alert condition, such as high CPU utilization, occurs briefly or
only once during a certain time period.

Send an alert immediately when the condition is met by clearing any selection for
Condition must exist for more than.
Wait before sending an alert by selecting Condition must exist for more than, and
entering how long the condition must exist. This option prevents multiple alerts
firing if the condition is temporary.

If you have successfully created an alert condition, you can move to the next step in the alert wizard.
The Summary step evaluates the conditions against your environment and returns how many objects
will trigger the alert.

Click Next to define what event occurs to reset the alert.

See the following topics for condition examples, explanations, or more information:

Alerting When a Server is Down
Building Complex Conditions

https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-setting-trigger-conditions-sw1034.htm 2/4
7/23/24, 6:11 PM Define the conditions that must exist to trigger an alert in the SolarWinds Platform

© 2003-2021 SolarWinds Worldwide, LLC. All rights reserved.

https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-setting-trigger-conditions-sw1034.htm 3/4
7/23/24, 6:11 PM Define the conditions that must exist to trigger an alert in the SolarWinds Platform

https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-setting-trigger-conditions-sw1034.htm 4/4
7/23/24, 6:11 PM Define the conditions that must exist to reset an alert in the SolarWinds Platform

Search SolarWinds Platform Documentation 

Define the conditions that must exist to reset an
alert in the SolarWinds Platform
This SolarWinds Platform topic applies only to the following products:
Hybrid Cloud Observability Essentials — Hybrid Cloud Observability Advanced
DPAIM — IPAM — LA — NAM — NCM — NPM — NTA — SAM — SCM — SRM — UDT — VMAN — VNQM
— WPM

Use the reset condition to define what must occur to remove an alert instance from the active alerts
list. For example, the "Email me when a Node goes down" alert automatically resets when the node
comes back up. You can use the built-in reset conditions or create your own.

When reset conditions are met, the alert is removed from Active Alerts. You can also add actions that
occur when the reset conditions are met.

For example, you can create an alert that triggers when nodes in your lab go down. If node
192.168.4.32 goes down, the alert fires for that specific instance of the trigger condition and any
escalation levels you create continue until you reset the alert. After the alert is reset, all trigger
actions stop and a new alert fires the next time node 192.168.4.32 goes down. If you have created
reset actions, the reset actions fire.

When the alert is reset, escalation actions are halted.

Select one of the following reset conditions:

Reset this alert when trigger condition is no longer true (Recommended)

SolarWinds recommends using this reset condition. If the trigger condition is no longer
true when the objects are next polled, this selection automatically resets the alert.

You can use the Condition must exist for more than option in the trigger conditions in
conjunction with this reset condition. Trigger conditions that involve volatile components, such
as high CPU utilization, can trigger excessively with this reset condition.
Reset this alert automatically after
Select to reset an alert after a set amount of time has passed. If this interval is less than the
amount of time you wait for different escalation levels, the escalation levels that occur after this
interval do not fire. This reset condition is especially useful to remove event-based alerts from
Active Alerts.

https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-setting-reset-conditions-sw1025.htm 1/4
7/23/24, 6:11 PM Define the conditions that must exist to reset an alert in the SolarWinds Platform

For example, if the trigger conditions still exists after 48 hours, you can use this to trigger your
alert actions again. The alert is reset and triggers as soon as the trigger condition is detected,
which is as soon as the objects are polled for this example.

No reset condition - Trigger this alert each time the trigger condition is met
The alert fires each time the trigger conditions are met.
For example, when the alert for node 192.168.4.32 going down fires, a new alert for
192.168.4.32 fires every time the node is down when it is polled.

No reset action
The alert is active and is never reset. To re-trigger the alert, the alert must be manually cleared
from the Active Alerts view.
Create a special reset condition for this alert
Select to build a specific reset condition. For example, you can choose to reset the condition
when the node has been up for more than 10 minutes.
The alert wizard evaluates the reset condition for errors. If there are no errors, you can proceed
to the next step, or go back to previous steps.

See Define the conditions that must exist to trigger an alert in the SolarWinds Platform or Build
complex conditions in the SolarWinds Platform for more information on creating conditions.

Click Next to schedule when you want the alert to monitor your environment.

© 2003-2021 SolarWinds Worldwide, LLC. All rights reserved.

https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-setting-reset-conditions-sw1025.htm 2/4
7/23/24, 6:11 PM Define the conditions that must exist to reset an alert in the SolarWinds Platform

https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-setting-reset-conditions-sw1025.htm 3/4
7/23/24, 6:11 PM Define the conditions that must exist to reset an alert in the SolarWinds Platform

https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-setting-reset-conditions-sw1025.htm 4/4
7/23/24, 6:11 PM Define what happens when an alert is triggered in the SolarWinds Platform

Search SolarWinds Platform Documentation 

Define what happens when an alert is triggered in
the SolarWinds Platform
This SolarWinds Platform topic applies only to the following products:
Hybrid Cloud Observability Essentials — Hybrid Cloud Observability Advanced
DPAIM — IPAM — LA — NAM — NCM — NPM — NTA — SAM — SCM — SRM — UDT — VMAN — VNQM
— WPM

Choose actions that occur whenever the trigger conditions are met. You can also set up escalations
levels so that different actions occur if the alert has not been acknowledged quickly enough.

Add actions to alerts
By default, what you enter into the Message displayed when this alert field is displayed in the All
Active Alerts resource.

You can use HTML tags in alert messages. However, do not use values enclosed in angle
brackets, such as , for non-HTML purposes. These values trigger HTML sanitization
rules and are thus omitted.

You can create a new action or use an action that you have already created. When you reuse an
action, you are also reusing all of its configurations, including its schedule and execution settings.

If you are alerting others through email, SolarWinds recommends that you notify a small
number of users while you fine tune your alerts.

1. Click Add Action.
2. Select an action from the list.
See Alert Actions for a complete list of available actions.
3. Click Configure Action.
4. Enter the necessary information for the action.
Each action requires different information. Select from the list of Alert Trigger Actions for more
information per action.
Some actions require extra configuration steps, specific information, or special software. See
Alert preconfiguration tasks in the SolarWinds Platform.
https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-setting-trigger-actions-and-escalation-levels-sw1031.htm 1/4
7/23/24, 6:11 PM Define what happens when an alert is triggered in the SolarWinds Platform

Each action has the following sections:
Name of action - This is not required, but makes it easier to organize and find your actions
in the Action Manager.
Time of Day - You can choose different actions to occur at different times of the day or
month. For example, if you want to send a page, you might send it to a different person on
weekends or holidays rather than during the week.
Execution settings - You can select both options, neither option, or a single option.
Do not execute this action if the alert has been acknowledged already
(Recommended)
Repeat this action every X minutes until the alert is acknowledged
5. Click Add Action to save it to the list of actions in the alert.

Add a preexisting action to the alert
You can add actions that have already been configured to an alert. For example, if you configured an
action to reboot a VM, you can add that action to a separate alert.

If you use a preexisting action, any configuration change you make to the action, including
schedules, is used in every alert the action is assigned.

1. Click Assign Action(s).
2. Select one or more actions from the list.

3. Click Assign.

Add what happens when an alert is not acknowledged
Escalation levels in SolarWinds Platform products refer to user-defined time intervals between when
an alert is activated and when a user acknowledges that alert. You can configure the alert to perform
different actions per escalation level.

Escalation Level 1 contains all initial actions that you want to occur when the trigger conditions are
met and the alert activates.

Escalation Levels 2 and above include all actions you want to occur if no one acknowledged the alert
during the previous escalation levels.

For example, if an alert for a critical server activates and all of the recipient or first-level responders
are out for training and do not acknowledge the alert, then the actions fire in the second escalation
level. These actions may include emailing managers or other backup staff.

1. In an existing alert, click Trigger Actions.
2. Below the action, click Add Escalation Level.

3. Choose how long you want to wait after the previous escalation level before performing the
actions in the new escalation level.
4. Enter new actions in this escalation level.

https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-setting-trigger-actions-and-escalation-levels-sw1031.htm 2/4
7/23/24, 6:11 PM Define what happens when an alert is triggered in the SolarWinds Platform

You can copy all of the actions as Reset Actions. This lets you quickly craft actions to indicate
that the issue has been acknowledged or resolved. Click Copy Actions to Reset Actions Tab.

When an alert is triggered, the actions will be performed in the order that they are displayed on the
list. You can test each action to ensure the action does what you expect it to do.

Click Next to define what happens when the alert is reset.

© 2003-2021 SolarWinds Worldwide, LLC. All rights reserved.

https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-setting-trigger-actions-and-escalation-levels-sw1031.htm 3/4
7/23/24, 6:11 PM Define what happens when an alert is triggered in the SolarWinds Platform

https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-setting-trigger-actions-and-escalation-levels-sw1031.htm 4/4
7/23/24, 6:12 PM Work with preconfigured alerts

Search NPM Documentation 

Work with preconfigured alerts
See this video: Managing Existing Alerts.

When an alert is triggered, any associated actions are executed, and the alert appears on the All
Active Alerts page.

1. To view the alert details, click the alert.

The Active Alert Details page appears.

https://documentation.solarwinds.com/en/success_center/npm/content/onboarding/basic_alerts_reports/npm_ob_preconfigured_alerts.htm 1/5
7/23/24, 6:12 PM Work with preconfigured alerts

2. To view the details of the network object that triggered the alert, click an object.

The details page of the selected object appears.

3. To acknowledge an alert:

a. Click Acknowledge.

b. Enter a note and click Acknowledge.

Acknowledging the alert stops the escalation process. Acknowledgment also provides an
audit trail and prevents multiple people from working on the same issue.

List preconfigured, enabled alerts
NPM ships with preconfigured, enabled alerts, and a number of alerts that you can enable and make
operational. To see the list of preconfigured, enabled alerts:

1. Click Alerts & Activity > Alerts.
https://documentation.solarwinds.com/en/success_center/npm/content/onboarding/basic_alerts_reports/npm_ob_preconfigured_alerts.htm 2/5
7/23/24, 6:12 PM Work with preconfigured alerts

2. Click Manage Alerts.
3. In the Group by field, select Enabled.

4. In the Type field, sort by Out-of-the-box.

5. Review the list of preconfigured, enabled alerts.

Enable and disable alerts
To enable or disable alerts, on the Manage Alerts page, click On or Off in the Enabled column.

https://documentation.solarwinds.com/en/success_center/npm/content/onboarding/basic_alerts_reports/npm_ob_preconfigured_alerts.htm 3/5
7/23/24, 6:12 PM Work with preconfigured alerts

Action types
You can configure an alert to trigger one or more actions, such as send an email including a web
page, power a virtual machine on or off, or log the alert and send a file.

A complete list of alert actions is available on the Add Action dialog box that you see when you
configure an alert.

Configure the default email action
A common alert action for the SolarWinds Platform is sending an email to one or more responsible
parties who can open the SolarWinds Platform Web Console directly from the email, and begin
troubleshooting.

This alert action requires that you configure a designated SMTP server. When you configure a default
email action, you can reuse the action for all alerts, which means that you do not need to enter email
parameters for each alert.

1. Click Settings > All Settings > Configure Default Send Email Action.
2. In the Default Recipients section, provide the email addresses of default recipients, separated
by a semicolon.

3. Under the Default Sender Details heading, provide the default Name of Sender and the default
Reply Address.
4. Under the Default SMTP Server section:

a. Provide the Host name or IP Address of the SMTP Server and the designated SMTP Port
Number.
For example, 192.168.10.124, port 25.

b. If you want to use SSL encryption for your alert emails, select Use SSL.

Selecting SSL automatically changes the SMTP port number to 465.

https://documentation.solarwinds.com/en/success_center/npm/content/onboarding/basic_alerts_reports/npm_ob_preconfigured_alerts.htm 4/5
7/23/24, 6:12 PM Work with preconfigured alerts

c. If your SMTP server requires authentication, select This SMTP Server requires
Authentication, and then provide the credentials.
d. Click Use as Default.

© 2003-2021 SolarWinds Worldwide, LLC. All rights reserved.

https://documentation.solarwinds.com/en/success_center/npm/content/onboarding/basic_alerts_reports/npm_ob_preconfigured_alerts.htm 5/5
7/23/24, 6:12 PM View and acknowledge alerts

Search EOC Documentation 

View and acknowledge alerts
The All Active Alerts page in EOC displays active alerts from all enabled SolarWinds Sites. Active
alerts are alerts that have been triggered but not cleared. A summary of alerts can also be found
using the All Active Alerts tiles, which is a de facto tile located on the EOC Summary Page.

View active alerts
Choose Alerts & Activity > Alerts.

The All Active Alerts page lists active alerts from all enabled SolarWinds Sites. You can perform the
following actions:

To sort the alerts, click any column heading.
To filter alerts, you can either:
Select an option from the Group By menu. Then click the group of alerts you want to view.
Click the filter icon in a column heading. Then enter a filter string, or select Empty values
to filter for alerts with no value in that column.
To view detailed information about an alert, click the alert name, or select the alert and click
View Alert Details.
The SolarWinds Site opens in another browser tab, and the Active Alert Details view provides
information about the alert.
To view detailed information about the object that triggered the alert, click the link in the Object
that triggered this alert column.
The SolarWinds Site opens in another browser tab, and the Details view provides information
about the object.

Acknowledge alerts
When an alert is acknowledged, alert actions in higher escalation levels are halted.
Acknowledgments also provide an audit trail, and prevent multiple people from working on the same
issue.

To acknowledge alerts, users must have the Allow Account to Clear Events privilege. For more
information about defining privileges, see Define what users can access and do.

https://documentation.solarwinds.com/en/success_center/eoc/content/eocag_viewandacknowledgealerts.htm 1/2
7/23/24, 6:12 PM View and acknowledge alerts

When you acknowledge an alert in EOC, the acknowledgment is passed to the SolarWinds Site where
the alert was triggered.

1. Choose Alerts & Activity > Alerts.
The All Active Alerts page lists alerts from all enabled SolarWinds Sites.
2. Click Acknowledge on the alert row.

You can select multiple alerts at once to acknowledge, and then click Acknowledge at the
top of the page.

3. If the Acknowledge Alert dialog box opens, enter a note (optional) and click Acknowledge.

The user ID and time of the acknowledgment is displayed on the alert row.

© 2003-2021 SolarWinds Worldwide, LLC. All rights reserved.

https://documentation.solarwinds.com/en/success_center/eoc/content/eocag_viewandacknowledgealerts.htm 2/2
7/23/24, 6:13 PM Reduce alerting noise in the SolarWinds Platform

Search SolarWinds Platform Documentation 

Reduce alerting noise in the SolarWinds Platform
This SolarWinds Platform topic applies only to the following products:
Hybrid Cloud Observability Essentials — Hybrid Cloud Observability Advanced
DPAIM — IPAM — LA — NAM — NCM — NPM — NTA — SAM — SCM — SRM — UDT — VMAN — VNQM
— WPM

This section includes techniques for reducing alert noise.

Complex trigger conditions in the SolarWinds Platform
Alerts with multi-element triggers in the SolarWinds Platform
Use duration in the trigger for SolarWinds Platform alerts
The 'Do Not Alert' alert in the SolarWinds Platform
Send SolarWinds Platform alerts to specific contacts
Single alert when multiple devices go down in the SolarWinds Platform
Event correlation alerts (Y after X) in the SolarWinds Platform

© 2003-2021 SolarWinds Worldwide, LLC. All rights reserved.

https://documentation.solarwinds.com/en/success_center/orionplatform/content/onboarding/core-ob_parent_reduce_alert_noise.htm 1/4
7/23/24, 6:13 PM Reduce alerting noise in the SolarWinds Platform

https://documentation.solarwinds.com/en/success_center/orionplatform/content/onboarding/core-ob_parent_reduce_alert_noise.htm 2/4
7/23/24, 6:13 PM Reduce alerting noise in the SolarWinds Platform

https://documentation.solarwinds.com/en/success_center/orionplatform/content/onboarding/core-ob_parent_reduce_alert_noise.htm 3/4
7/23/24, 6:13 PM Reduce alerting noise in the SolarWinds Platform

https://documentation.solarwinds.com/en/success_center/orionplatform/content/onboarding/core-ob_parent_reduce_alert_noise.htm 4/4
7/23/24, 6:13 PM Manage alert actions in the SolarWinds Platform

Search SolarWinds Platform Documentation 

Manage alert actions in the SolarWinds Platform
This SolarWinds Platform topic applies only to the following products:
Hybrid Cloud Observability Essentials — Hybrid Cloud Observability Advanced
DPAIM — IPAM — LA — NAM — NCM — NPM — NTA — SAM — SCM — SRM — UDT — VMAN — VNQM
— WPM

You can edit, test, enable, disable, and delete alert actions from the Action Manager.

In the Action Manager, you can perform bulk actions and assign previously created actions to alerts.
You can also view meta data about the action to help troubleshoot alert actions from a single area
instead of trying to find the action in an alert.

Access the Action Manager
Edit actions
Test actions
Assign an action to an alert
Enable and Disable Alerts
Pause/resume actions of all alerts

Access the Action Manager
1. In SolarWinds Platform Web Console, click Alerts & Activity.
2. On All Active Alerts, click Manage Alerts in the top right.
3. Now on Manage Alerts, activate the Action Manager tab.

Edit actions
Edit options depend on the action. See the action in question in the list of available alert actions.

Test actions
1. Select the action, and click Test.
2. Select a node to test it on, and click Execute.

See Test alert actions for more details.
https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-manage-alert-actions.htm 1/4
7/23/24, 6:13 PM Manage alert actions in the SolarWinds Platform

Assign an action to an alert
You can use actions that you have already configured in multiple alerts. For example, if you have
configured an action to email emergency response teams, you can assign this action to multiple
alerts. When you assign an alert, it is added to the highest escalation level.

Enable and Disable Alerts
Use the On/Off toggle or select an alert and click Enable/Disable to enable or disable alerts.

Alerts must be enabled to be evaluated. For example, if an alert is scheduled to run for a short period
of time each year, it must be enabled so the schedule runs. A disabled alert will not be evaluated,
even if it is scheduled to run.

Pause/resume actions of all alerts
Pausing alert actions might be useful for example when you change node status calculation and
need to adjust alerts based on node status.

Pausing alert actions does not stop alert actions, it just postpones their execution until you
resume executing alert actions again. When alert actions are resumed, actions for alerts that
are in the triggered state or are not reset yet since you paused alert actions will trigger
simultaneously.

1. In the SolarWinds Platform Web Console, click Alerts & Activity > Alerts to navigate to All Active
Alerts page.

2. In the top right corner, click More > Pause actions of all alerts.
Executing all alert actions will be paused until you clear the box or click Resume in the warning
box on the top of the All Active Alerts page.

3. Restart the Alerting service. All alerts that triggered in the time period when alert actions were
paused will trigger.

© 2003-2021 SolarWinds Worldwide, LLC. All rights reserved.

https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-manage-alert-actions.htm 2/4
7/23/24, 6:13 PM Manage alert actions in the SolarWinds Platform

https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-manage-alert-actions.htm 3/4
7/23/24, 6:13 PM Manage alert actions in the SolarWinds Platform

https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-manage-alert-actions.htm 4/4
7/23/24, 6:13 PM Encrypt database connections with SSL

Search SolarWinds Platform Documentation 

Encrypt database connections with SSL
This topic applies to all SolarWinds Platform products.

When you configure the database settings in the Configuration wizard, you can choose to encrypt the
network traffic between the SolarWinds Platform server and the SQL Server using the SSL certificate
on the SQL Server.

If you have scalability engines deployed, encrypt the connection to SQL Server with SSL
both on the main polling engine and any deployed scalability engines, such as additional
polling engines, web servers, or High Availability backup servers.
If you are running NTA 4.4 and later, you can also encrypt the network traffic between the
SolarWinds Platform server and the NTA Flow Storage database. When configuring the
NTA Flow Storage in the Configuration wizard, select Encrypt connections with SSL.
This option does not apply to legacy desktop applications, such as Orion Report Writer.
To encrypt database connections to and from those applications, the SQL Server must
require encryption.

Enable encrypting connections with SSL
1. Launch the Configuration wizard on the server hosting your main polling engine, go to the
Database Settings step.
2. Select Encrypt connections with SSL and complete the wizard.

https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-encrypt-database-connections-with-ssl.htm 1/3
7/23/24, 6:13 PM Encrypt database connections with SSL

This option in the Configuration wizard requires a provisioned SSL certificate on the SQL Server.
You do not need to force the SQL Server to require encryption.
See Enable encrypted connections to the Database Engine (© 2021 Microsoft, available at
https://docs.microsoft.com, obtained on August 18, 2021.)
The SSL certificate is trusted automatically.

3. If you have scalability engines deployed, repeat the steps on the servers hosting the scalability
engines, such as additional polling engines, additional web servers, High Availability backup
servers, or free poller servers you have deployed. See Scalability Engine Guidelines.

© 2003-2021 SolarWinds Worldwide, LLC. All rights reserved.

https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-encrypt-database-connections-with-ssl.htm 2/3
7/23/24, 6:13 PM Encrypt database connections with SSL

https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-encrypt-database-connections-with-ssl.htm 3/3
7/23/24, 6:14 PM Suspend data collection or alerts for nodes in Maintenance Mode

Search SolarWinds Platform Documentation 

Suspend data collection or alerts for nodes in
Maintenance Mode
This topic applies to all SolarWinds Platform products.

During maintenance, nodes might be Down for short periods of time. To prevent alert messages, and
to ensure that your SolarWinds Platform product collects the data you need, place the nodes to
Maintenance Mode.

You need the Allow Account to Unmanage Objects & Mute Alerts right. See Define what users
can access and do.

Choose one of the following maintenance options:

Mute alerts: data for the node, interfaces, and volumes on the node are collected, but alerts do
not trigger.

Muting alerts is not supported for SRM and VMAN objects.
This option only mutes new alerts. If alert actions keep triggering although you have
muted the alert, the alert is configured to trigger repeatedly. Acknowledge the alert to
stop triggering new alert actions.

Stop collecting data for the node: data for the node, interfaces, and volumes on the node are
not collected, and alerts do not trigger.

If you stop polling data for a node, polling is also stopped for all interfaces and volumes
on the node.

Schedule a maintenance period: specify a period of time to stop collecting data or to mute
alerts for a node.

Orion Platform 2017.3 and later provide access to the maintenance options from the Manage
Entities view: select nodes, click More, and select a maintenance option.

Click the mute icon to unmute alerts or to cancel suspended alerts.

https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-setting-device-management-states-sw2036.htm 1/4
7/23/24, 6:14 PM Suspend data collection or alerts for nodes in Maintenance Mode

Mute alerts
Mute alerts for a node to perform maintenance on the node without interruptions by false positive
alerts.

1. Click Settings > Manage Nodes.
2. Select the nodes and click Maintenance Mode > Mute Alerts.
You do not receive alerts until you resume alerts for the nodes.

Resume alerts
After maintenance, resume alerts for the node, interfaces, and volumes on the node.

1. Go to the node details view.
2. In the Management resource, select Maintenance Mode > Resume Alerts (Unmute).

Alerts for the node are active.

Stop collecting statistics
To stop collecting statistics for nodes during maintenance, unmanage the nodes.

1. Click Settings > Manage Nodes.

2. Select the nodes, and click Maintenance Mode > Unmanage Now.

NPM stops collecting statistics for the node until you manage the node again.

Start collecting statistics
After maintenance, resume polling the node.

1. Go to the Node Details view.
2. In the Management resource, select Maintenance Mode > Manage Again.

NPM collects performance and availability data, and displays the data in the SolarWinds Platform
Web Console.

Schedule a maintenance period
Suspend alerts or stop collecting performance and availability data for nodes during a specified time
period.

1. Click Settings > Manage Nodes.

You can also schedule maintenance from the node details view for the node. Click
Maintenance Mode in the Management resource, and select a maintenance option.

https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-setting-device-management-states-sw2036.htm 2/4
7/23/24, 6:14 PM Suspend data collection or alerts for nodes in Maintenance Mode

2. Select the nodes and click Maintenance Mode > Schedule.
3. Select the maintenance option:

Mute alerts: collect data for the node, interfaces, and volumes, but do not trigger alerts.
Stop polling the node: data for the node, interfaces, and volumes on the node are not
collected, and alerts do not trigger.

4. Specify the maintenance period, and click Schedule.

The maintenance is scheduled.

Change scheduled maintenance
You can reschedule the maintenance or change the maintenance mode.

1. Go to the Node Details view and locate the Management resource.

To change or cancel maintenance for multiple nodes, go to Settings > Manage Nodes,
and select the nodes.

2. Click Maintenance Mode > Schedule. Change the time period for the maintenance or the
maintenance mode, and click Submit.

The maintenance schedule is adjusted according to your settings.

Cancel scheduled maintenance from the Node Details
resource
1. On the Node Details view, locate the Node Details resource.
2. Review the maintenance information in Node Status, and click Cancel.

The scheduled maintenance is canceled.

Cancel scheduled maintenance from Manage Entities page
In Orion Platform 2017.3, you can cancel scheduled maintenance from the Manage Entities page.

1. Click Settings > Manage Nodes.

https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-setting-device-management-states-sw2036.htm 3/4
7/23/24, 6:14 PM Suspend data collection or alerts for nodes in Maintenance Mode

2. Click the link to Manage Entities in the info bar.

3. To cancel a planned maintenance with:

muted alerts, click the muted alerts icon next to the node.
Unmanage, select the nodes and click More > Cancel Planned Unmanage.

The scheduled maintenance is canceled.

To cancel scheduled maintenance for multiple nodes, select the nodes and click More >
Manage Again or Resume Alerts, according to the maintenance settings.

© 2003-2021 SolarWinds Worldwide, LLC. All rights reserved.

https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-setting-device-management-states-sw2036.htm 4/4
7/23/24, 6:14 PM Anomaly-Based Alerting in Hybrid Cloud Observability

Search Hybrid Cloud Observability Documentation 

Anomaly-Based Alerting in Hybrid Cloud
Observability
Initial setup for Anomaly-Based Alerts
Create an Anomaly-Based Alert
Anomaly-Based Alerting training period
What kind of entities does Anomaly-Based Alerting work with?
Managing Anomaly-Based Alerts
Viewing Anomaly-Based Alerts
Anomaly-Based Alerts status view
Anomaly-Based Alerts detail view
Frequently asked Data security questions for using Anomaly-Based Alerts

With version 2022.4, for Hybrid Cloud Observability Advanced customers, we’re excited to announce
the availability of Anomaly-Based Alerting, which leverages our cloud-based AIOps service. Anomaly-
Based Alerting improves on standard Hybrid Cloud Observability alerting. It leverages machine
learning to reduce the amount of "alert noise" that can happen for alerts that are solely based on
static thresholds - even when small deviations that might trigger an alert are often expected.

Anomaly-Based Alerting requires a SolarWinds Platform server with an active Hybrid Cloud
Observability Advanced license (non-evaluation) connected via Platform Connect to a
SolarWinds Observability account. You can start a free trial of SolarWinds Observability to
enable you to generate the token required by Hybrid Cloud Observability to send the metrics to
the linked cloud tenant. After Platform Connect has been set up, only an active Hybrid Cloud
Observability Advanced license is needed to use Anomaly-Based Alerts - an active SolarWinds
Observability license is not required.

Initial setup for Anomaly-Based Alerts
To use Anomaly-Based Alerting, you first need to connect your SolarWinds Platform server with an
active Hybrid Cloud Observability license to SolarWinds Observability with Platform Connect.

If you've already enabled Platform Connect, you can go straight to creating an Anomaly-Based Alert.
If you have not already enabled Platform Connect, you will be directed to the Platform Connect setup
wizard the first time you navigate to Anomaly-Based Alerts in the SolarWinds Web Console.

https://documentation.solarwinds.com/en/success_center/hco/content/hco_anomaly-based-alerting.htm 1/6
7/23/24, 6:14 PM Anomaly-Based Alerting in Hybrid Cloud Observability

Alternatively, you can enable Platform Connect separately by navigating to Settings -> All Settings,
scroll down to the Platform Connect section -> Add/Edit Platform Connector. Follow the on-screen
instructions to set up Platform Connect.

Learn more about connecting Hybrid Cloud Observability to SolarWinds Observability with Platform
Connect

Create an Anomaly-Based Alert
You can create Anomaly-Based Alerts through a wizard with a similar look and feel to the standard
Hybrid Cloud Observability alerting.

In the SolarWinds Platform Web Console, navigate to Alerts & Activity -> Anomaly-Based Alerts. This
option will only be visible if you have an active Hybrid Cloud Observability Advanced license.

The wizard will guide you through the process. Select the Entity Type and Entities you want to alert on
and the conditions under which the alert should trigger.

With 2024.1, Anomaly-Based Alerts can now be created using an OR operator to alert when any
conditions are met. This is in addition to the existing AND operator, allowing more flexible alert
conditions.

Anomaly-Based Alerting training period
Before an Anomaly-Based Alert can take advantage of its anomaly-detection capability, it has to
spend some time training. Anomaly-Based Alerts begin this training period immediately after
creation, and the amount of time the training takes depends on the metric selected. This can take up
to a few hours.

By default, an Anomaly-Based Alert will not trigger until the training period has completed. If you
would like the alert to trigger based on the conditions you have configured, even if the training period
has not completed, or if the Anomaly Detection Service is down or otherwise not available, you can
check the “Trigger alert if conditions are met but metrics are not trained or Anomaly Detection
Service is down” checkbox when creating the alert.

https://documentation.solarwinds.com/en/success_center/hco/content/hco_anomaly-based-alerting.htm 2/6
7/23/24, 6:14 PM Anomaly-Based Alerting in Hybrid Cloud Observability

Note that Anomaly-Based Alerts triggered with this box checked while the training period has not yet
completed or if the service is not available will function as a normal SolarWinds Platform alert that
does not take advantage of anomaly detection functionality. After training has completed, Anomaly-
Based Alerts that were created with this box checked will take full advantage of Anomaly Detection
as long as the service is available.

What kind of entities does Anomaly-Based Alerting work
with?
When creating an Anomaly-Based Alert, we only show the supported entity types that work with
Anomaly detection. Anomaly-Based Alerts can be used with certain supported metrics. In 2022.4, we
support network node metrics being sent to the SolarWinds AIOps service in SolarWinds
Observability via Platform Connect.

With 2023.2, Anomaly-Based Alerts can now be defined for use with Linux and Windows servers,
which now appear in the server filter during the entity selection step of the Anomaly-Based Alert
creation flow. The supported metrics for Linux and Windows servers are CPU, memory, response
time, and packet loss. Windows workstations are not supported.

Managing Anomaly-Based Alerts
You can manage Anomaly-Based Alerts in the same way that you would manage other SolarWinds
Platform alerts using the standard SolarWinds Platform alerts interface. In the SolarWinds Platform
Web Console, navigate to Alerts & Activity -> Alerts. Then click Manage alerts.

Learn more about modifying alerts in the SolarWinds Platform Web Console

Viewing Anomaly-Based Alerts
To see triggered Anomaly-Based Alerts, click Alerts & Activity -> Anomaly-Based Alerts. Filter alerts
by alert status or node status, and see all relevant Anomaly-Based Alerts that have triggered.

https://documentation.solarwinds.com/en/success_center/hco/content/hco_anomaly-based-alerting.htm 3/6
7/23/24, 6:14 PM Anomaly-Based Alerting in Hybrid Cloud Observability

Anomaly-Based Alerts status view

Anomaly-Based Alerts detail view

With Hybrid Cloud Observability 2023.1 and later, click an anomalous alert on the timeline to see
additional information on the right-hand side of the screen, such as normal operating ranges (NOR)
for the time intervals and associated metric value to give you greater context for why an alert is
considered anomalous.

https://documentation.solarwinds.com/en/success_center/hco/content/hco_anomaly-based-alerting.htm 4/6
7/23/24, 6:14 PM Anomaly-Based Alerting in Hybrid Cloud Observability

Frequently asked Data security questions for using Anomaly-
Based Alerts

What is sent from Platform Connect for system and networking
configurations when using Anomaly-Based Alerts?
The following table shows what kind of information is or is not sent from the SolarWinds Platform to
SolarWinds Observability through Platform Connect.

Sent from the SolarWinds metric tags published to SolarWinds
Platform to SolarWinds Observability
Observability through Learn more about standard network device
Platform Connect? metrics in SolarWinds Observability

IP addresses, Yes
hostnames sw.collector.Nodes.IPAddress

sw.collector.Nodes.DNS

sw.collector.Nodes.SysName
sw.collector.Nodes.Caption

client and/or Yes, if filled or explicitly defined
customer data sw.collector.Nodes.Contact

sw.collector.Nodes.Location

any explicitly defined custom property
containing client or customer data

network No N/A
topology

https://documentation.solarwinds.com/en/success_center/hco/content/hco_anomaly-based-alerting.htm 5/6
7/23/24, 6:14 PM Anomaly-Based Alerting in Hybrid Cloud Observability

Sent from the SolarWinds metric tags published to SolarWinds
Platform to SolarWinds Observability
Observability through Learn more about standard network device
Platform Connect? metrics in SolarWinds Observability

security No N/A
configurations
admin No N/A
credentials

What data is stored in the Cloud when using Anomaly-Based Alerting?
Anomaly detection only uses time series metrics data. The data is associated with organization ids
and entity ids as appropriate for detecting anomalies but is not mapped in any specific or personally
identifiable way.

How long is the data stored in the Cloud?
Any historical data used for Anomaly detection calculation is stored for a maximum of 21 days.

Is any Personally Identifiable Information (PII) stored?
No. Personally Identifiable Information is never stored.

© 2003-2021 SolarWinds Worldwide, LLC. All rights reserved.

https://documentation.solarwinds.com/en/success_center/hco/content/hco_anomaly-based-alerting.htm 6/6
7/23/24, 6:15 PM Connect Hybrid Cloud Observability to SolarWinds Observability with Platform Connect

Search Hybrid Cloud Observability Documentation 

Connect Hybrid Cloud Observability to SolarWinds
Observability with Platform Connect
If you have Hybrid Cloud Observability Essentials or Advanced license and also have SolarWinds
Observability, you can use the Platform Connect feature to see Hybrid Cloud Observability data in
SolarWinds Observability.

The Platform Connect also enables the use of Anomaly-Based Alerting in Hybrid Cloud Observability.

Requirements
Set up Platform Connect
Troubleshoot the Agent installation
Connect Hybrid Cloud Observability in High Availability mode using Platform Connect
Disable Platform Connect

How does Platform Connect secure the information communicated from Hybrid Cloud
Observability to SolarWinds Observability?

For data in transit from Hybrid Cloud Observability to SolarWinds Observability, Hybrid Cloud
Observability encrypts the data using the TLS 1.2 protocol with a 2048 bit RSA certificate.

Requirements
To set up Platform Connect between Hybrid Cloud Observability and SolarWinds Observability, you
will need the following:

a commercial or temporary (provided by SolarWinds) Hybrid Cloud Observability license
activated on a SolarWinds Platform server
an active SolarWinds Observability instance (full or evaluation)
connectivity between your SolarWinds Platform server and your cloud service provider for
communication with SolarWinds Observability
a SolarWinds Observability API token

Set up Platform Connect
1. Log in to the SolarWinds Platform Web Console using an account with administrative privileges.
https://documentation.solarwinds.com/en/success_center/hco/content/hco_platform-connect.htm 1/3
7/23/24, 6:15 PM Connect Hybrid Cloud Observability to SolarWinds Observability with Platform Connect

2. Navigate to Settings > All settings > scroll down to the Platform Connect section > Add/Edit
Platform Connector. The Platform Connect setup wizard will guide you through the process.
3. At the Install Agent screen, log in to your SolarWinds Observability account and get your
SolarWinds Observability API token.

If you don't have a SolarWinds Observability account, you can choose to create a new
account and then create a new API token using your new account. With your new
account, you can evaluate SolarWinds Observability and the Platform Connect feature for
30 days.

4. In SolarWinds Observability, complete the following steps to get your API token:

a. Go to Settings > API Tokens.
b. To use an existing token, click the three dots next to the token, and select Copy Token.

c. To create a new token, click Create API Token, provide a name for the new token and click
Create. Then, click the clipboard icon to copy the token.
Learn more about SolarWinds Observability API tokens.

5. When you have your API Token, switch back to the SolarWinds Platform Web Console.
6. In the Platform Connect Wizard, paste the API token from your clipboard to the Token field.

7. Click Install Agent.

https://documentation.solarwinds.com/en/success_center/hco/content/hco_platform-connect.htm 2/3
7/23/24, 6:15 PM Connect Hybrid Cloud Observability to SolarWinds Observability with Platform Connect

The SolarWinds Platform Web Console will begin installing the SolarWinds Observability Agent
on your Hybrid Cloud Observability server. The agent is the behind-the-scenes service that
enables the connection between Hybrid Cloud Observability and SolarWinds Observability.
Follow the on-screen instructions to install and configure the agent. You will see a confirmation
toast when the installation is successful.
After Platform Connect setup is completed, you can see Hybrid Cloud Observability node
information in SolarWinds Observability, and you can create Anomaly-Based Alerts in the
SolarWinds Platform Web Console.

Troubleshoot the Agent installation
If the Agent installation fails, make sure you have opened the following paths in the firewall:

*.amazontrust.com:80

*.ss2.us:80

These paths are used for online certificate status validation. See Online Certificate Status Protocol
for details.

See Network requirements for more information.

Connect Hybrid Cloud Observability in High Availability mode
using Platform Connect
To connect Hybrid Cloud Observability with High Availability deployed using Platform Connect, install
the SolarWinds Observability Agent on your main server, following the steps below:

1. Build the Hybrid Cloud Observability standby server and create the HA pool. For more
information, see SolarWinds Platform High Availability deployment walk-through.

2. Install the SolarWinds Observability Agent on the main server.

3. Force a manual failover. For more information, see Disable or delete HA pools, force a failover,
or update an HA pool for SolarWinds Platform products.

4. Install the SolarWinds Observability Agent on the standby server.

Disable Platform Connect
If you wish to disable the connection between Hybrid Cloud Observability and SolarWinds
Observability, in the SolarWinds Platform Web Console, Navigate to Settings > All settings > scroll
down to the Platform Connect section > Add/Edit Platform Connector and select Disable Connection.

© 2003-2021 SolarWinds Worldwide, LLC. All rights reserved.

https://documentation.solarwinds.com/en/success_center/hco/content/hco_platform-connect.htm 3/3
7/23/24, 6:15 PM AlertStack

Search SolarWinds Platform Documentation 

AlertStack
AlertStack correlates alerts, events and other problems on monitored entities, visualizes them to
identify the root cause of issues and resolve them.

Correlate

SolarWinds Platform continually monitors your alerts and correlates other problems that
happened at the same time on related devices, pulling them together into a single alert cluster.
Metrics, network configuration changes, server configuration changes, and device statuses that
are considered unusual are included in AlertStack.

Visualize

AlertStack clusters relate alerts and events into a single view, providing a chronological list of
the events and impacted entities, live tracking of all related events and alerts, and maps of
entity relationships.

Identify

You can view historical data and the timeline of the alert clusters to identify a possible root
cause of the alert. AlertStack also helps you optimize your alert setup for future incidents.

Resolve

AlertStack allows you to drill down on related entities and critical issues to deal with them
efficiently. Every polling interval, AlertStack checks related entities for new alerts and events
and dynamically updates active alert clusters.

Enable AlertStack
View alert clusters
Limit the number of entities shown on AlertStack
Create SolarWinds Service Desk incidents from AlertStack
Configure AlertStack
When is an alert stack resolved?

https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-alertstack.htm 1/8
7/23/24, 6:15 PM AlertStack

Enable AlertStack
AlertStack is disabled by default. If you want to use it, enable AlertStack.

The AlertStack feature may be resource-intensive, increasing with the amount of active alerts.
If you experience performance degradation across the SolarWinds Platform, consider
increasing the amount of CPU and memory available for the SolarWinds Platform server.

1. In the SolarWinds Platform Web Console, click All Settings > Product Specific Settings
> AlertStack Settings.
2. Select Enable and click Save.

View alert clusters
To access the AlertStack summary page, log in to the SolarWinds Platform Web Console as an
administrator, and click Alerts & Activity > AlertStack.

1. Details about the alert cluster.
2. Cluster intervals: Severity of the cluster for the selected time frame. The duration is dependent
upon the selected time interval (5).

3. Sort: allows you to sort the clusters by Start Date, End Date, Cluster Id, Severity, State, Name,
Alert count, and Entity count. Default is descending Start Date.
4. Search: Search by name. To search by Cluster ID, precede the number by "cluster-"

5. Time Frame Selector: Allows you to select standard time frames (Last hour, Last 12 hours, Last
24 hours, Last 5 days, Last 7 days) or a user-defined interval. Default is Last 24 hours.
6. Next/Previous Time Frame: Move back in time by the currently selected time frame. The
corresponding control on the right is displayed when in the past and allows for moving forward
in time.

7. Page Size: Changes the number of clusters per page. Default is 10.
8. Next/Previous Cluster Page: Paging controls for the list of clusters.

9. What is AlertStack: Introduction to AlertStack.

https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-alertstack.htm 2/8
7/23/24, 6:15 PM AlertStack

AlertStack Summary widget
You can also review the AlertStack Summary widget on the Summary Home page (My Dashboards >
Home > Summary).

1. Severity and name of the cluster.

2. Unique ID for the cluster.
3. Cluster starting and ending time or "now" if ongoing.

4. Cluster State:

Closed: The cluster is no longer active because it was closed by a user.
Auto-closed: The cluster was closed by the system because the cluster life cycle ended.

https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-alertstack.htm 3/8
7/23/24, 6:15 PM AlertStack

Open: The cluster is currently active.
Suspended: Maps recording will occur once an hour since no changes have occurred after
the time specified in the settings.
Resolved: The cluster is no longer active because the end conditions have been met.

5. Duration of the cluster.
6. The total number of entities and alerts contained in the cluster.

Alert cluster details
The details for an alert cluster are displayed when you click on the description of the alert cluster in
the AlertStack Summary Widget or AlertStack Summary page.

1. Cluster Elements: list of Entity Status Changes, making up the alert cluster.

2. Cluster Severity History: Severity of the cluster over time with each interval representing the
default interval duration of 10 minutes.

3. Cluster Element Info: Information about the cluster element including name, an associated
entity, status, and severity.

Alert

Metric Threshold

Entity Status

Event

4. Cluster Start: The start of the cluster. The gray region to the left represents the history of the
elements for 30 minutes prior to the start. Any elements in a warning or critical state in this
region contributed to the creation of the cluster.

5. Cluster End: The end of the cluster. If there is a gray region to the right, represents the history of
the elements for 30 minutes following the end of the cluster to provide additional context for
the end of the cluster.

https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-alertstack.htm 4/8
7/23/24, 6:15 PM AlertStack

6. Selected Interval: The currently selected interval within the cluster.

7. Cluster Map: A map of the elements in the currently selected interval for the cluster.

8. Entity Occurrences: The map defaults to displaying only the entities and their relationships. To
see other elements (occurrences) related to an entity, click the purple dot (2) to show related
elements. Click on the expanded purple dot (1) to collapse.

9. Map Controls: Controls to zoom in, zoom out, and center the map. To pan, hold down the SPACE
BAR and drag with the mouse.

10. Panel Splitter Controls: The panel splitter controls allow the elements panel and the maps panel
to be resized. The view map only button will adjust the panels to only show the cluster map. The
view list only button will adjust the panels to only show the cluster elements list. The view list
and map button will adjust the panels so that both the map and element lists are shown equally.
To manually adjust the size, hover over the line between the panels then click and drag.

11. Previous/Next Time Range: Navigates back in time by the total number of intervals currently
being displayed. The corresponding control on the right moves forwards in time if present.
12. Previous/Next Time Interval: Navigates back within the cluster by one interval. Updates the map
to display the entities present during that interval. The corresponding button on the right moves
one interval forward within the cluster.

Limit the number of entities shown on AlertStack
You can apply filters on both the AlertStack and on AlertStack cluster details page.

Click the Arrow in the top left corner of AlertStack and select the Alert Count, Entity Count, Incident
Number, Severity, or State values you want to see on AlertStack.

https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-alertstack.htm 5/8
7/23/24, 6:15 PM AlertStack

The maximum supported entity count is 100.

Create SolarWinds Service Desk incidents from AlertStack
Starting with 2023.4, you can create SolarWinds Service Desk incidents for open or suspended
clusters directly from AlertStack.

This requires that you have SolarWinds Service Desk set up. SeeAlert Integrations in the SolarWinds
Platform.

1. In AlertStack (Alerts & Activity > AlertStack), select one or more open or suspended clusters
and click Create Incident(s).

For each selected cluster, an incident will be created in Service Desk. You will see the incident
number in the bottom right corner of the incident field.
https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-alertstack.htm 6/8
7/23/24, 6:15 PM AlertStack

When the incident is being created, you will see the Pending Incident status in the bottom right
corner will change into the incident number.

Configure AlertStack
Log in to the SolarWinds Platform Web Console as an administrator, and access the Advanced
Configuration settings page. For more information, see Access the Advanced Configuration settings
in the Orion Web Console.

Scroll to the AIIM.Settings section and update the relevant parameters. Changes on the Advanced
Configuration page are global.

The following parameters are relevant to AlertStack:

Setting Description Default

Closed Issue Period of time (in days) before a closed AlertStack is removed 7 days
Lifetime Days from the database.
Issue Look Back The number of minutes to look back to try to determine if this 30 minutes
Period Minutes alert should generate an alert cluster.
Issue Minimum The minimum number of entities to create an alert cluster. 2
Entities
Issue Minimum The minimum number of occurrences to create an alert cluster. 2
Occurrences
Issue Normal List of normal ChildStatusMap's (Unknown, Up, Down, Warning) Unknown;Up
Status List to ignore when creating or updating an alert cluster, separated
by a semicolon.
Issue Resolution List of Occurrence Type(EntityStatus, Alert, Event, Metric, Alert
Criteria Anomaly) that must be resolved to resolve the alert cluster,
separated by a semicolon.
Max Issue Duration The period of time (in days) before the living AlertStack is auto- 7 days
Days closed.

When is an alert stack resolved?
An alert cluster is considered resolved when the Issue Resolution Criteria defined in the settings have
been met for all entities, when manually closed by the user, or when the alert cluster lifetime is over.

Alert cluster lifetime
Alert clusters are automatically closed after 7 days.

Closed and Resolved clusters are automatically deleted after 7 days.

Cluster lifetime settings contribute to a smooth database maintenance. Alert clusters might
consume larger amounts of space in the database.

https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-alertstack.htm 7/8
7/23/24, 6:15 PM AlertStack

Issue resolution criteria for alert clusters
The criteria define which occurrence types must no longer be present to consider the alert cluster
resolved. The table below defines the logic for each of the criteria.

Issue Resolution
True when:
Criteria

Entity Status The issue status matches one of the statuses defined in the Issue Normal
Status List setting.
Alert There are no active alerts.
Event There are no active events.
Metric There are no metrics that are currently over the defined thresholds.
Anomaly There are no metrics containing active anomalies.

© 2003-2021 SolarWinds Worldwide, LLC. All rights reserved.

https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-alertstack.htm 8/8
7/23/24, 6:15 PM View triggered SolarWinds Platform alerts in the SolarWinds Platform Web Console

Search SolarWinds Platform Documentation 

View triggered SolarWinds Platform alerts in the
SolarWinds Platform Web Console
This SolarWinds Platform topic applies only to the following products:
Hybrid Cloud Observability Essentials — Hybrid Cloud Observability Advanced
DPAIM — IPAM — LA — NAM — NCM — NPM — NTA — SAM — SCM — SRM — UDT — VMAN — VNQM
— WPM

View active triggered alerts through Alerts & Activity > Alerts in the menu bar. Click each alert to view
the details, which includes a historic count of how frequently the object triggers the alert and other
objects that are experiencing the same set of conditions that triggered the alert you are viewing.

You can also add the All Active Alerts widget to any view.

© 2003-2021 SolarWinds Worldwide, LLC. All rights reserved.

https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-viewing-triggered-alerts-sw1094.htm 1/4
7/23/24, 6:15 PM View triggered SolarWinds Platform alerts in the SolarWinds Platform Web Console

https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-viewing-triggered-alerts-sw1094.htm 2/4
7/23/24, 6:15 PM View triggered SolarWinds Platform alerts in the SolarWinds Platform Web Console

https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-viewing-triggered-alerts-sw1094.htm 3/4
7/23/24, 6:15 PM View triggered SolarWinds Platform alerts in the SolarWinds Platform Web Console

https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-viewing-triggered-alerts-sw1094.htm 4/4