Re: OneView Alert Mails - Filtering out Multiple Conditions

Michael Leu · ‎09-05-2017

I am trying to create a Email Filter in OneView 3.00.08 which should trigger on status:critical and status:warning but ignore the following events:

healthCategory:Appliance eventTypeID:Alerts.DBMaxCapacity
healthCategory:Network eventTypeID:Trap.cpqNic3ConnectivityLost
healthCategory:Network eventTypeID:Trap.HealthStatusArrayCategoryStatus

Any idea how this could be accomplished? Because it seems only one "NOT" is allowed in a query...

ChrisLynch · ‎09-13-2017

You will need to change your search criteria to something like the following:

NOT alertTypeID:trap.cpqHeThermalTempDegraded NOT alertTypeID:trap.cpqFca2PhyDrvStatusChange

I am an HPE employee

Geoff Schunicht · ‎09-13-2017

I had luck leveraging a format like below, I used the Activity view and search option to help isolate a search string that seems to work.

status:critical status:warning NOT alertTypeID:trap.cpqHeThermalTempDegraded NOT alertTypeID:trap.cpqFca2PhyDrvStatusChange

Since I don't have the same data, I can't validate, however for the example provided I would try:

status:critical status:warning NOT alertTypeID: Alerts.DBMaxCapacity NOT alertTypeID::Trap.cpqNic3ConnectivityLost NOT alertTypeID::Trap.HealthStatusArrayCategoryStatus

David Claussen · ‎10-25-2017

In your question, I see a lot of alert/email formatting. I have been searching for this type of information for months.

I have a new install of OneView Standard 3.10.07-0310774. I have a handfull of ProLiant DL380s and 360s added to it.

As stated in other posts, when setting an allert for simply warning and critical, I receive 6 alert emails when a server reboots.

I would like to be able to create an alert something like this: status:warning status:critical Physical Drive Status Change

Is there a document anywhere that can help me with creating alerts that are very specific? I am looking to alert on failed hard drives, failed power supplies, etc, but only things like that. When a server reboots, I receive and alert that the network connectivity to iLO has been lost. I don't want to see that hence the request for being very specific with alert definicians.

Thanks all!

- Dave Claussen

Mainecoon · ‎02-27-2018

Trying to setup some filter in Oneview and it seems to work fine as long as i can find the cpq string in event details, but how to exclude one of these? as there is no "cpq" string in the error details.

The overall status of the system network is in the error state.

Health category InterconnectBay

Event details

portId
571956-B21-7C940800V5:d9
portStatus
SubportStateChanged
resourceUri
/rest/interconnects/61b8cbf6-495a-4e79-8ad0-43e4a633cfc0

nbhms · ‎03-26-2018

I've been looking for the same thing, no luck so far. Very sparce documentation on some of the finer points of this product.

Mainecoon · ‎12-12-2018

Any luck with this, i would like to exclude network, interconnect and security alerts like these every hour about leave certificates. so far not much luck.

status:critical status:warning NO associatedresourcecategory:interconnects

or

status:critical status:warning NOT alertTypeID:trap.cpqNicMibCondition NOT associatedresourcecategory:appliance NOT associatedresourcecategory:interconnects

David Claussen · ‎12-12-2018

With no sufficient documentation and zero support here in the forums, I gave up.

I see that there is a new version, so I might try again, but it is likely the same thing will happen.

Forcing us away from System Insight Manager, in to OneView, and not supporting OneView - not cool.

Mainecoon · ‎12-12-2018

Yes it is frustrating not be able to filter this in a easy way, i mean why would you send an security alert about an expired leave certificate every hour!? who cares!, why all this fuzz about certificates anyway. I'm running the latest version 4.10.03-0364293.

testing now with this one:

status:critical status:warning NOT associatedresourcecategory:interconnects

not sure if it works, als no clue how to filter the security alerts about crtificates, maybe this:

NOT associatedresourcecategory:appliance

Update: unfortunataly i just got about 30+ alerts saying "An error has occurred on connection 2. Interconnect..........." so who can explain me how to filter this...this topic is closed but there is no real answer.

Looking at this comment in one of the manuals:

TIP: Filters have the same syntax as the Smart Search box in the Activity screen, so you can copy them and paste them in this field.

I started to play with the smartfilter and made the query below that i'm now testing:

status:critical status:warning NOT crm.connectionstatechange NOT alerts.certificatestatus.expired NOT remote-support.notconnectedtohp

Not working....now updated to this

status:critical status:warning NOT alertTypeID:crm.connectionstatechange NOT alertTypeID:alerts.certificatestatus.expired NOT alertTypeID:remote-support.notconnectedtohp

ChrisLynch · ‎12-12-2018

@David Claussen wrote:
With no sufficient documentation and zero support here in the forums, I gave up.
I see that there is a new version, so I might try again, but it is likely the same thing will happen.
Forcing us away from System Insight Manager, in to OneView, and not supporting OneView - not cool.

Please remember that these forums are for the community to interact with. It is not for official product support.

We are updating our documentation to address this very issue. So, with the next OneView release, we will have better documentation for how to use the Smart Search and Email Filtering capabilities of OneView.

I am an HPE employee

Re: OneView Alert Mails - Filtering out Multiple Conditions

OneView Alert Mails - Filtering out Multiple Conditions