topic Re: Create alert - only during working hours in Alerting

Create alert - only during working hours

JYTTEJ — Mon, 27 Jun 2011 11:52:32 GMT

I need to create an alert which will only trigger during working hours - even if event happened during outside working hours.

The alert should only trigger between 08:00 and 17:00 GMT.

The alert is based on searching for Cxx002W. If this happens between 17:00 and 08:00 GMT - the alert should not be triggered until 08:00 GMT.

I can set up a search which run at 08:00 - and if any Cxx002W between 17:00 and 08:00 GMT - then alert is triggered.

But what do I do during working hours?

I.e. if Cxx002W occur at 11:45 GMT I need the alert to be triggered rigth away

Do you have any good ideas? I want only to set up ONE alert

Re: Create alert - only during working hours

ftk — Mon, 27 Jun 2011 12:18:41 GMT

You could refine your search using date_hour so it will only bring back results during business hours:

(your search terms) (date_hour > 8 AND date_hour < 17)

Then schedule the search to run over whatever time frame you choose (half hour?) and configure your alerts. The search will only show results between 8am and 5 pm.

Re: Create alert - only during working hours

JYTTEJ — Mon, 27 Jun 2011 12:42:21 GMT

Thanks - but this will only select on occurrences which happen between 08:00 and 17:00 - I also need to create an alert if this occurrence happen between 17:00 and 08:00 - but the alert should not be created until after 08:00

So, if the occurrence happen at 01:00 - then the alert should be created at 08:00 the following morning.

If the occurrence happen during day time (08:00 to 17:00) then the alert should be created immediately at scheduled time.

Re: Create alert - only during working hours

ftk — Mon, 27 Jun 2011 12:44:20 GMT

In that case add a second search that runs at 8am over the past 15 hours and alert on any results.

Re: Create alert - only during working hours

maverick — Mon, 27 Jun 2011 13:39:49 GMT

if you do need to create two alerts for the same reason, but for different time ranges like this answer suggests, put your entire alert search string into a macro and then reference that macro from both alerts. That way, if you need to change the alert conditions, both alerts are updated appropriately.

Re: Create alert - only during working hours

JYTTEJ — Wed, 29 Jun 2011 12:51:00 GMT

there is very littel traffic on this line. It is not necessary to take action on any incidents during evening/nigth time.This can wait until the following morning.
During working hours we want to take action as soon as possible.

This is the background