Index


Overview

Statseeker can be used as a comprehensive proactive and reactive alerting solution. Alerts can be triggered for:

  • Threshold Events - thresholds can be configured against any timeseries metric monitored by Statseeker. By configuring thresholds, Statseeker can send alerts when your network is experiencing unusual or unwanted activity, such as excessive temperatures, memory/CPU load, or when a device/link is nearing capacity. For more details, see Threshold Configuration.
  • Device Events - device-level events, such as ping state changes, on any devices monitored by Statseeker
  • Interface Events - interface-level events, such as ifOperStatus state changes, on any interfaces monitored by Statseeker
  • Syslog Events - if your network contains devices that have been configured to output messages to a remote syslog server, then these devices can send those messages to Statseeker. Statseeker can review these logs and use the content to trigger alerts relating to those events.
  • SNMP Trap Events - if your network contains devices that have been configured to output SNMP trap messages to Statseeker, then Statseeker can review these messages and trigger alerts based on their content.
Note: Administration contains settings for how long to store event data records. For details, see Syslog, Trap, and Event Data Historical Records.

Alerting is achieved through:

  • Targeted Emails: a range of email templates and the ability to customize content make it simple to provide the level of detail needed to respond to an issue efficiently. You will also need to configure Statseeker's mail server to send email alerts, see Email Configuration for more information.
  • Syslog Messages: Statseeker events can be used to trigger an alert, which sends a syslog message to a collector/aggregator
  • Custom Script: run a custom shell script in response to a specific alert trigger
  • Webhook Integrations: - send an HTTP POST request to a specified URL, allowing integration with third-party systems
Note: Webhook alerting is licensed separately from the core Statseeker product. Contact Statseeker Sales for access to this feature.

Once an alert configuration has been enabled, it will be triggered by every subsequently recorded event satisfying the requirements for the alert. In some instances, such as during scheduled maintenance windows, you may wish to suppress some alerts. This can be achieved by disabling those alerts, see Disabling Alerts for more. When a more targeted approach is needed, Event Management rules can be defined to discard a specific type of event from a specified device (or group of devices). For more information, see Event Management.

[top]


Configuring Alerts

To configure a new alert:

  • Select Administration > Alerting / Event Management > Alerting

This will display a list of currently configured alerts.

  • Click Add
  • Select an alert Template
Note: existing alerts can be cloned to speed up the creation process. This is particularly useful when creating a number of very similar configurations that vary in a single attribute, such as the devices being targeted. For more information, see Cloning an Alert.

[top]


Alert Templates

There is a range of alert templates that allow varying levels of customization to both the alert configuration and alert output.

  • Email (simple) - offers a single set of filters, basic alert bundling, and no email content customization
  • Email with custom content (simple) - offers a single set of filters, basic alert bundling, and email content customization
  • Email with custom content (advanced) - offers multiple filter sets, advanced bundling options, upstream device relationships, and email content customization
  • Send syslog message - send a syslog message
  • Run a custom script - an event satisfying the filters will trigger the specified custom script
  • Send an HTTP Webhook - an event satisfying the filters will trigger an HTTP POST request to a specified URL, allowing integration with third-party systems:
    • Microsoft Teams (simple) - a basic message template with no customization
    • Microsoft Teams (advanced) - a template allowing customization of the message content
    • ServiceNow - an integration with customizable content
    • PagerDuty - an integration with customizable content
    • Slack (simple) - a basic message template with no customization
    • Slack (advanced) - a template allowing customization of the message content
    • Custom - a template allowing customization of the message header and content
    Note: Webhook alerting is licensed separately from the core Statseeker product. Contact Statseeker Sales for access to this feature.


Email (simple)

Offers a single set of filters, basic alert bundling, and no email content customization

  • Set Template = Email (simple)
  • Refer to the table below for details on fields that may be offered when configuring an alert using this template

Field Description
Template Alert template to use, for details on templates see Alert Templates

Note: the available templates can be edited from within Administration:

  • Select Administration > Network Discovery – Advanced Options > Advanced Options and click File Edit Mode
  • Add a new item ‘alerting_allowed_templates’, set the values, and click Save

The allowed templates can be specified as a space\tab separated list with values of:

  • ’email_simple’
  • ’email_custom’
  • ’email_advanced’
  • ‘syslog’
  • ‘script’
  • ‘webhooks’

Example:

‘alerting_allowed_templates’ ’email_custom’ ‘syslog’
Name Name of the alert configuration
Status
  • Enabled – alerts are sent for this configuration
  • Disabled – the alert configuration is retained once saved, but does not generate alerts
Alert Type What will trigger the alert:

  • Event – many data types include ‘state’ fields. When a monitored state changes, Statseeker records an event (detailing the state change), which can be used to trigger an alert.
    Examples:
    • Ping up/down events (availability from a device’s default ping poller only)
    • SNMP availability changes
    • Interface operation status (ifOperStatus) changes
    • UPS battery status
  • Syslog – devices can be configured to forward syslog records to your Statseeker server, and alerts can be configured to trigger in response to the content of these messages
  • Trap – SNMP trap messages can be forwarded to your Statseeker server, and alerts can be configured to trigger in response to the content of these messages
  • Threshold – thresholds can be configured against any timeseries metric monitored by Statseeker (see Threshold Configuration for details), and alerts can be configured to trigger in response to threshold breaches
  • Ping – ping state as recorded from any ping poller monitoring the device
Note: Statseeker allows for multiple ping pollers to be distributed throughout your network (see Observability Appliances for details). When multiple pollers are available, each device has a designated default poller and can have any number of additional pollers monitoring it. When:

  • Event Type = Device and Field = Ping State, the alert will only respond to ping state changes recorded by the default poller
  • Event Type = Ping and Field = Ping State, the alert can be configured to respond to ping state changes recorded by any specified pollers. including the default poller
Data Type Requires Alert Type = Event; Syslog; Trap
Select the data type the alert will be configured against. This is a filtered list only displaying those data types currently being monitored by your server.
Threshold Requires Alert Type = Threshold
Select the threshold the alert will be configured against
Field Requires Data Type
Select a state field associated with the selected Data Type
States Requires Field or Alert Type = Threshold
Select the states that will trigger the alert
Regex Requires Alert Type = Syslog; Trap
Specify a RegEx to filter Syslog\Trap message records by content. Receipt of a message that satisfies the filter will result in the alert being triggered.
Entity/Group Filter Only events originating from the specified device or group can trigger alerts – not all entities are presented at once, begin typing to filter the list
Time Filter Matching events that occur within the specified time period will generate alerts. For more information on generating these, see Time Filters
Time Filter Mode Determines if the alert is triggered by events in effect at the beginning of the alerting period.
Example: You have an alert that references an ‘on transition’ threshold. If at the start of the alerting period (as specified by the Time Filter), the threshold is in breach.

  • Ignore all events outside time filter range – no alert is triggered until the threshold transitions once again
  • Alert if down or breached at start of time filter range – an alert is triggered at the start of the reporting period
Time Zone Used in conjunction with the time filter
Enable Logging Only enable logging when troubleshooting alerting issues
Bundling Bundling policy to be used, for details see Bundling Policies
Waiting Requires Field = Ping State, SNMP State, or ifOperStatus
Specify the action to be taken when device ping/SNMP, or interface ifOperStatus down events are received, see Waiting Policies for details
Email To Specify the alert recipient. This can be:

  • An email address
  • A Statseeker user account (uses the email address associated with the account)
  • A group containing Statseeker users (uses the email addresses associated with each user account)
Check Event Filters Runs the alert configuration against the Events database and returns recent events that would trigger the alert.
Preview Test Email Display a preview of the email content. This is useful when adding variables to your alert email subject line or body.
Send Test Email Test mail server and alert configuration by sending a test alert email
Save Alert Save the current alert configuration.

Email with custom content (simple)

Offers a single set of filters, basic alert bundling, and email content customization

  • Set Template = Email with custom content (simple)
  • Refer to the table below for details on fields that may be offered when configuring an alert using this template

Field Description
Template Alert template to use, for details on templates see Alert Templates

Note: the available templates can be edited from within Administration:

  • Select Administration > Network Discovery – Advanced Options > Advanced Options and click File Edit Mode
  • Add a new item ‘alerting_allowed_templates’, set the values, and click Save

The allowed templates can be specified as a space\tab separated list with values of:

  • ’email_simple’
  • ’email_custom’
  • ’email_advanced’
  • ‘syslog’
  • ‘script’
  • ‘webhooks’

Example:

‘alerting_allowed_templates’ ’email_custom’ ‘syslog’
Name Name of the alert configuration
Status
  • Enabled – alerts are sent for this configuration
  • Disabled – the alert configuration is retained once saved, but does not generate alerts
Alert Type What will trigger the alert:

  • Event – many data types include ‘state’ fields. When a monitored state changes, Statseeker records an event (detailing the state change), which can be used to trigger an alert.
    Examples:
    • Ping up/down events (availability from a device’s default ping poller only)
    • SNMP availability changes
    • Interface operation status (ifOperStatus) changes
    • UPS battery status
  • Syslog – devices can be configured to forward syslog records to your Statseeker server, and alerts can be configured to trigger in response to the content of these messages
  • Trap – SNMP trap messages can be forwarded to your Statseeker server, and alerts can be configured to trigger in response to the content of these messages
  • Threshold – thresholds can be configured against any timeseries metric monitored by Statseeker (see Threshold Configuration for details), and alerts can be configured to trigger in response to threshold breaches
  • Ping – ping state as recorded from any ping poller monitoring the device
Note: Statseeker allows for multiple ping pollers to be distributed throughout your network (see Observability Appliances for details). When multiple pollers are available, each device has a designated default poller and can have any number of additional pollers monitoring it. When:

  • Event Type = Device and Field = Ping State, the alert will only respond to ping state changes recorded by the default poller
  • Event Type = Ping and Field = Ping State, the alert can be configured to respond to ping state changes recorded by any specified pollers. including the default poller
Data Type Requires Alert Type = Event; Syslog; Trap
Select the data type the alert will be configured against. This is a filtered list only displaying those data types currently being monitored by your server.
Threshold Requires Alert Type = Threshold
Select the threshold the alert will be configured against
Field Requires Data Type
Select a state field associated with the selected Data Type
States Requires Field or Alert Type = Threshold
Select the states that will trigger the alert
Regex Requires Alert Type = Syslog; Trap
Specify a RegEx to filter Syslog\Trap message records by content. Receipt of a message that satisfies the filter will result in the alert being triggered.
Entity/Group Filter Only events originating from the specified device or group can trigger alerts – not all entities are presented at once, begin typing to filter the list
Time Filter Matching events that occur within the specified time period will generate alerts. For more information on generating these, see Time Filters
Time Filter Mode Determines if the alert is triggered by events in effect at the beginning of the alerting period.
Example: You have an alert that references an ‘on transition’ threshold. If at the start of the alerting period (as specified by the Time Filter), the threshold is in breach.

  • Ignore all events outside time filter range – no alert is triggered until the threshold transitions once again
  • Alert if down or breached at start of time filter range – an alert is triggered at the start of the reporting period
Time Zone Used in conjunction with the time filter
Enable Logging Only enable logging when troubleshooting alerting issues
Bundling Bundling policy to be used, for details see Bundling Policies
Waiting Requires Field = Ping State, SNMP State, or ifOperStatus
Specify the action to be taken when device ping/SNMP, or interface ifOperStatus down events are received, see Waiting Policies for details
Email To Specify the alert recipient. This can be:

  • An email address
  • A Statseeker user account (uses the email address associated with the account)
  • A group containing Statseeker users (uses the email addresses associated with each user account)
Email Subject Email subject line
Mode
  • HTML – (default) HTML content formatting and presentation
  • Raw Text – simple text content
Note:

  • Raw Text: converts the content to raw text prior to sending, removing formatting where possible and stripping content\functionality that cannot be converted
  • When Mode = HTML the email contains both the HTML and raw text content. When a recipient’s mail client is unable to process the HTML message, it will fall back to the Raw Text message
  • Alert configurations from earlier Statseeker versions (pre-v5.6.1) will be set to Raw Text upon server upgrade. Change these configurations to Mode=HTML to take advantage of the new functionality
  • Images can be added to HTML email alerts from the Insert menu, or embedded into your email via copy-paste
Content Specify the alert email content. This content can include text, links, images, tables, and variables.

Note:

  • Variables – select from a list of short-codes to include variable data relating to the event\infrastructure generating the alert, see Message Variables for details
  • Preview Test Email can be used to preview the email output
Check Event Filters Runs the alert configuration against the Events database and returns recent events that would trigger the alert.
Preview Test Email Display a preview of the email content. This is useful when adding variables to your alert email subject line or body.
Send Test Email Test mail server and alert configuration by sending a test alert email
Save Alert Save the current alert configuration.

Email with custom content (advanced)

Offers multiple filter sets, advanced bundling options, upstream device relationships, and email content customization.

  • Multiple event filters: if any of the specified event filter sets are satisfied, an alert will be sent
  • Bundling: set a period within which to bundle alerts (events occurring outside of this period are not bundled) and a schedule for the sending of bundled alerts
  • Upstream Devices: suppress alerts for downstream devices when alerts exist for their upstream neighbors, see Upstream Device Configuration
  • Set Template = Email with custom content (advanced)
  • Refer to the table below for details on fields that may be offered when configuring an alert using this template

Field Description
Template Alert template to use, for details on templates see Alert Templates

Note: the available templates can be edited from within Administration:

  • Select Administration > Network Discovery – Advanced Options > Advanced Options and click File Edit Mode
  • Add a new item ‘alerting_allowed_templates’, set the values, and click Save

The allowed templates can be specified as a space\tab separated list with values of:

  • ’email_simple’
  • ’email_custom’
  • ’email_advanced’
  • ‘syslog’
  • ‘script’
  • ‘webhooks’

Example:

‘alerting_allowed_templates’ ’email_custom’ ‘syslog’
Name Name of the alert configuration
Status
  • Enabled – alerts are sent for this configuration
  • Disabled – the alert configuration is retained once saved, but does not generate alerts
Time Zone Used in conjunction with the time filter
Enable Logging Only enable logging when troubleshooting alerting issues
Filter Settings > Name (Optional)

Specify a name for the filter
Filter Settings > Enabled
  • Enabled – the filter configuration is applied when assessing potential alert triggers
  • Disabled – the filter configuration is saved with the alert, but not when assessing potential alert triggers
Filter Settings > Hide Collapses the filter
Filter Settings > Delete Deletes the filter
Alert Type What will trigger the alert:

  • Event – many data types include ‘state’ fields. When a monitored state changes, Statseeker records an event (detailing the state change), which can be used to trigger an alert.
    Examples:
    • Ping up/down events (availability from a device’s default ping poller only)
    • SNMP availability changes
    • Interface operation status (ifOperStatus) changes
    • UPS battery status
  • Syslog – devices can be configured to forward syslog records to your Statseeker server, and alerts can be configured to trigger in response to the content of these messages
  • Trap – SNMP trap messages can be forwarded to your Statseeker server, and alerts can be configured to trigger in response to the content of these messages
  • Threshold – thresholds can be configured against any timeseries metric monitored by Statseeker (see Threshold Configuration for details), and alerts can be configured to trigger in response to threshold breaches
  • Ping – ping state as recorded from any ping poller monitoring the device
Note: Statseeker allows for multiple ping pollers to be distributed throughout your network (see Observability Appliances for details). When multiple pollers are available, each device has a designated default poller and can have any number of additional pollers monitoring it. When:

  • Event Type = Device and Field = Ping State, the alert will only respond to ping state changes recorded by the default poller
  • Event Type = Ping and Field = Ping State, the alert can be configured to respond to ping state changes recorded by any specified pollers. including the default poller
Data Type Requires Alert Type = Event; Syslog; Trap
Select the data type the alert will be configured against. This is a filtered list only displaying those data types currently being monitored by your server.
Threshold Requires Alert Type = Threshold
Select the threshold the alert will be configured against
Field Requires Data Type
Select a state field associated with the selected Data Type
States Requires Field or Alert Type = Threshold
Select the states that will trigger the alert
Regex Requires Alert Type = Syslog; Trap
Specify a RegEx to filter Syslog\Trap message records by content. Receipt of a message that satisfies the filter will result in the alert being triggered.
Entity/Group Filter Only events originating from the specified device or group can trigger alerts – not all entities are presented at once, begin typing to filter the list
Time Filter Matching events that occur within the specified time period will generate alerts. For more information on generating these, see Time Filters
Time Filter Mode Determines if the alert is triggered by events in effect at the beginning of the alerting period.
Example: You have an alert that references an ‘on transition’ threshold. If at the start of the alerting period (as specified by the Time Filter), the threshold is in breach.

  • Ignore all events outside time filter range – no alert is triggered until the threshold transitions once again
  • Alert if down or breached at start of time filter range – an alert is triggered at the start of the reporting period
Bundling Bundling policy to be used, for details see Bundling Policies
Waiting Requires Field = Ping State, SNMP State, or ifOperStatus
Specify the action to be taken when device ping/SNMP, or interface ifOperStatus down events are received, see Waiting Policies for details
Behavior Requires Waiting = Yes – Wait on down events over a specified period
Specify the behavior to employ when down events are received, see Bundling Policies for details
Upstream Devices Use your upstream device configurations to suppress ping/OperStatus down alerts from downstream devices when an alert exists for an upstream neighbor, see Upstream Device Configuration for details
Email To
  • An email address
  • A Statseeker user account (uses the email address associated with the account)
  • A group containing Statseeker users (uses the email addresses associated with each user account)
Subject Email subject line
Mode
  • HTML – (default) HTML content formatting and presentation
  • Raw Text – simple text content
Note:

  • Raw Text: converts the content to raw text prior to sending, removing formatting where possible and stripping content\functionality that cannot be converted
  • When Mode = HTML the email contains both the HTML and raw text content. When a recipient’s mail client is unable to process the HTML message, it will fall back to the Raw Text message
  • Alert configurations from earlier Statseeker versions (pre-v5.6.1) will be set to Raw Text upon server upgrade. Change these configurations to Mode=HTML to take advantage of the new functionality
  • Images can be added to HTML email alerts from the Insert menu, or embedded into your email via copy-paste
Content Specify the alert email content. This content can include text, links, images, tables, and variables.

Note:

  • Variables – select from a list of short-codes to include variable data relating to the event\infrastructure generating the alert, see Message Variables for details
  • Preview Test Email can be used to preview the email output
Recipient Roster File Specify a text file detailing an email recipient roster. Each line in the roster file should contain a start date-time followed by one or more email addresses.

Recipient Roster Syntax

The format for the date-time is YYYY MM DD HH MM.

Example: 2023 02 03 17 30 – 2023, February the 3rd, at 5:30pm.

The format for the roster file is:

{date-time} {email1} {email2} … {emailn}
{date-time2} {email1} {email2} … {emailn}
{date-time3} {email1} {email2} … {emailn}

** Ensure that there are no leading or trailing (blank) lines in the roster file **

Example:

2023 02 03 17 30 sysadmin1@example.com sysadmin2@example.com
2023 02 10 17 30 sysadmin3@example.com sysadmin4@example.com
2023 02 17 17 30 sysadmin1@example.com sysadmin2@example.com
2023 02 24 17 30 sysadmin3@example.com sysadmin4@example.com
2023 03 03 17 30 sysadmin1@example.com sysadmin2@example.com

Once a date-time is reached, all future alerts generated from this configuration will be addressed to the specified email addresses. When the next date-time is reached, the recipients are replaced by those specified.
Subject Date Format Select an alternate date-time format to be used for event times when a date-time variable is included in the email Subject
Body Date Format Select an alternate date-time format to be used for event times when a date-time variable is included in the email body
Check Event Filters Runs the alert configuration against the Events database and returns recent events that would trigger the alert.
Preview Test Email Display a preview of the email content. This is useful when adding variables to your alert email subject line or body.
Send Test Email Test mail server and alert configuration by sending a test alert email
Save Alert Save the current alert configuration.

Send syslog message

Send an alert containing a syslog message.

The syslog output can be in either the legacy Statseeker format or an industry-standard JSON format. The JSON format allows you to configure the message content to suit your requirements

The legacy format contains the following data:

  • Message number
  • Timestamp
  • Facility code
  • Application/Process
  • Loghost
  • Message

The JSON format includes all of the details from the Statseeker format and offers additional fields containing configuration data from the message source.

Sample basic syslog output for device down event:

010642 2019-08-28 15:29:51 NewYork-srv1 10.2.26.138 user.notice root: 10.124.1.1 Upstream-Neighbor-1 ping_state down,20671

Sample syslog JSON output for device down event with additional message elements selected:

010682 2019-08-28 15:32:51 NewYork-srv1 10.2.26.138 user.notice root:
{
“product”: “Statseeker”,
“version”: “5.4.5.1908280800”,
“source”: “Upstream-Neighbor-1”,
“event_type”: “ping_state”,
“state”: “down”,
“duration”: 150,
“ipaddress”: “10.124.1.1”,
“sysLocation”: “NewYork”,
“sysName”: “Upstream-Neighbor-1.example.com”,
“sysDescr”: “Cisco IOS Software, C2960 Software (C2960-LANBASEK9-M), Version 12.2(46)SE, RELEASE SOFTWARE (fc2) Copyright (c) 1986-2008 by Cisco Systems, Inc. Compiled Thu 21-Aug-08 15:59 by nachen”,
“sysObjectID”: “CISCO-PRODUCTS-MIB.catalyst2960G8TC”,
“sysContact”: “NewYork-support@example.com”,
“snmp_version”: 2,
“manual_name”: null,
“latitude”: 40.7306,
“longitude”: -73.9352,
“hostname”: null
}

Field Description
Template Alert template to use, for details on templates see Alert Templates

Note: the available templates can be edited from within Administration:

  • Select Administration > Network Discovery – Advanced Options > Advanced Options and click File Edit Mode
  • Add a new item ‘alerting_allowed_templates’, set the values, and click Save

The allowed templates can be specified as a space\tab separated list with values of:

  • ’email_simple’
  • ’email_custom’
  • ’email_advanced’
  • ‘syslog’
  • ‘script’
  • ‘webhooks’

Example:

‘alerting_allowed_templates’ ’email_custom’ ‘syslog’
Name Name of the alert configuration
Status
  • Enabled – alerts are sent for this configuration
  • Disabled – the alert configuration is retained once saved, but does not generate alerts
Time Zone Used in conjunction with the time filter
Enable Logging Only enable logging when troubleshooting alerting issues
Filter Settings > Name (Optional)

Specify a name for the filter
Filter Settings > Enabled
  • Enabled – the filter configuration is applied when assessing potential alert triggers
  • Disabled – the filter configuration is saved with the alert, but not when assessing potential alert triggers
Filter Settings > Hide Collapses the filter
Filter Settings > Delete Deletes the filter
Alert Type What will trigger the alert:

  • Event – many data types include ‘state’ fields. When a monitored state changes, Statseeker records an event (detailing the state change), which can be used to trigger an alert.
    Examples:
    • Ping up/down events (availability from a device’s default ping poller only)
    • SNMP availability changes
    • Interface operation status (ifOperStatus) changes
    • UPS battery status
  • Syslog – devices can be configured to forward syslog records to your Statseeker server, and alerts can be configured to trigger in response to the content of these messages
  • Trap – SNMP trap messages can be forwarded to your Statseeker server, and alerts can be configured to trigger in response to the content of these messages
  • Threshold – thresholds can be configured against any timeseries metric monitored by Statseeker (see Threshold Configuration for details), and alerts can be configured to trigger in response to threshold breaches
  • Ping – ping state as recorded from any ping poller monitoring the device
Note: Statseeker allows for multiple ping pollers to be distributed throughout your network (see Observability Appliances for details). When multiple pollers are available, each device has a designated default poller and can have any number of additional pollers monitoring the device. When:

  • Event Type = Device and Field = Ping State, the alert will only respond to ping state changes recorded by the default poller
  • Event Type = Ping and Field = Ping State, the alert can be configured to respond to ping state changes recorded by any specified pollers. including the default poller
Data Type Requires Alert Type = Event; Syslog; Trap
Select the data type the alert will be configured against. This is a filtered list only displaying those data types currently being monitored by your server.
Threshold Requires Alert Type = Threshold
Select the threshold the alert will be configured against
Field Requires Data Type
Select a state field associated with the selected Data Type
States Requires Field or Alert Type = Threshold
Select the states that will trigger the alert
Regex Requires Alert Type = Syslog; Trap
Specify a RegEx to filter Syslog\Trap message records by content. Receipt of a message that satisfies the filter will result in the alert being triggered.
Entity/Group Filter Only events originating from the specified device or group can trigger alerts – not all entities are presented at once, begin typing to filter the list
Time Filter Matching events that occur within the specified time period will generate alerts. For more information on generating these, see Time Filters
Time Filter Mode Determines if the alert is triggered by events in effect at the beginning of the alerting period.
Example: You have an alert that references an ‘on transition’ threshold. If at the start of the alerting period (as specified by the Time Filter), the threshold is in breach.

  • Ignore all events outside time filter range – no alert is triggered until the threshold transitions once again
  • Alert if down or breached at start of time filter range – an alert is triggered at the start of the reporting period
Host Specify the IP address of the target syslog collector\aggregator
Format Specify the output syslog message format

  • Statseeker – legacy format, contains the following
    • Message number
    • Timestamp
    • Facility code
    • Application/Process
    • Loghost
    • Message
  • JSON – standard JSON message format, includes all of the details from the Statseeker format and offers additional fields containing configuration data from the message source
Check Event Filters Runs the alert configuration against the Events database and returns recent events that would trigger the alert.
Preview Test Email Display a preview of the email content. This is useful when adding variables to your alert email subject line or body.
Save Alert Save the current alert configuration.

Run a custom script

An event satisfying the filters will trigger the specified custom script.

Field Description
Template Alert template to use, for details on templates see Alert Templates

Note: the available templates can be edited from within Administration:

  • Select Administration > Network Discovery - Advanced Options > Advanced Options and click File Edit Mode
  • Add a new item 'alerting_allowed_templates', set the values, and click Save

The allowed templates can be specified as a space\tab separated list with values of:

  • 'email_simple'
  • 'email_custom'
  • 'email_advanced'
  • 'syslog'
  • 'script'
  • 'webhooks'

Example:

'alerting_allowed_templates' 'email_custom' 'syslog'
Name Name of the alert configuration
Status
  • Enabled - alerts are sent for this configuration
  • Disabled - the alert configuration is retained once saved, but does not generate alerts
Time Zone Used in conjunction with the time filter
Enable Logging Only enable logging when troubleshooting alerting issues
Filter Settings > Name (Optional)

Specify a name for the filter
Filter Settings > Enabled
  • Enabled - the filter configuration is applied when assessing potential alert triggers
  • Disabled - the filter configuration is saved with the alert, but not when assessing potential alert triggers
Filter Settings > Hide Collapses the filter
Filter Settings > Delete Deletes the filter
Alert Type What will trigger the alert:

  • Event - many data types include 'state' fields. When a monitored state changes, Statseeker records an event (detailing the state change), which can be used to trigger an alert.
    Examples:
    • Ping up/down events (availability from a device's default ping poller only)
    • SNMP availability changes
    • Interface operation status (ifOperStatus) changes
    • UPS battery status
  • Syslog - devices can be configured to forward syslog records to your Statseeker server, and alerts can be configured to trigger in response to the content of these messages
  • Trap - SNMP trap messages can be forwarded to your Statseeker server, and alerts can be configured to trigger in response to the content of these messages
  • Threshold - thresholds can be configured against any timeseries metric monitored by Statseeker (see Threshold Configuration for details), and alerts can be configured to trigger in response to threshold breaches
  • Ping - ping state as recorded from any ping poller monitoring the device
Note: Statseeker allows for multiple ping pollers to be distributed throughout your network (see Observability Appliances for details). When multiple pollers are available, each device has a designated default poller and can have any number of additional pollers monitoring it. When:

  • Event Type = Device and Field = Ping State, the alert will only respond to ping state changes recorded by the default poller
  • Event Type = Ping and Field = Ping State, the alert can be configured to respond to ping state changes recorded by any specified pollers. including the default poller
Data Type Requires Alert Type = Event; Syslog; Trap
Select the data type the alert will be configured against. This is a filtered list only displaying those data types currently being monitored by your server.
Threshold Requires Alert Type = Threshold
Select the threshold the alert will be configured against
Field Requires Data Type
Select a state field associated with the selected Data Type
States Requires Field or Alert Type = Threshold
Select the states that will trigger the alert
Regex Requires Alert Type = Syslog; Trap
Specify a RegEx to filter Syslog\Trap message records by content. Receipt of a message that satisfies the filter will result in the alert being triggered.
Entity/Group Filter Only events originating from the specified device or group can trigger alerts - not all entities are presented at once, begin typing to filter the list
Time Filter Matching events that occur within the specified time period will generate alerts. For more information on generating these, see Time Filters
Time Filter Mode Determines if the alert is triggered by events in effect at the beginning of the alerting period.
Example: You have an alert that references an 'on transition' threshold. If at the start of the alerting period (as specified by the Time Filter), the threshold is in breach.

  • Ignore all events outside time filter range - no alert is triggered until the threshold transitions once again
  • Alert if down or breached at start of time filter range - an alert is triggered at the start of the reporting period
Command The command to run when the alert is triggered.

Note: the alert process is handled by the statseeker system user account. A target script can reside on the Statseeker server or in another network location, but the statseeker account must have permission to both access and execute the script (execute the specified command).
Check Event Filters Runs the alert configuration against the Events database and returns recent events that would trigger the alert.
Save Alert Save the current alert configuration.

Send an HTTP Webhook

An event satisfying the filters will trigger an HTTP POST request to a specified URL, allowing integration with third-party systems. There are multiple message templates available:

Webhook Considerations

  • Webhook alerting is licensed separately from the core Statseeker product. Contact Statseeker Sales for access to this feature.
  • Webhook alerts will utilize an HTTP proxy if it has been configured on the Statseeker server (HTTPS proxy support will be included in a future version). An HTTP proxy can be configured via:
  • Some services receiving webhook alerts from Statseeker place limits on the size of the message payload (refer vendor's own documentation). Be mindful of these limits when configuring custom payloads or implementing bundling policies.

[top]

Microsoft Teams (Simple)

This template can be used to integrate with Teams via a previously configured Teams Workflow. For assistance with configuring the target workflow in Teams, refer to Microsoft's Documentation.

This is a basic message template with no customization options.

  • Set Template = Send an HTTP Webhook
  • Use Filter Settings to define the alert trigger
  • Specify the URL - this is the URL of the Teams Workflow that is handling incoming webhooks
  • Set Webhook Template = Microsoft Teams (Simple)

Note: All Microsoft Teams webhook alerts include a link to the Default Device Viewer dashboard, filtered to the device triggering the alert.
Field Description
Template Alert template to use, for details on templates see Alert Templates

Note: the available templates can be edited from within Administration:

  • Select Administration > Network Discovery - Advanced Options > Advanced Options and click File Edit Mode
  • Add a new item 'alerting_allowed_templates', set the values, and click Save

The allowed templates can be specified as a space\tab separated list with values of:

  • 'email_simple'
  • 'email_custom'
  • 'email_advanced'
  • 'syslog'
  • 'script'
  • 'webhooks'

Example:

'alerting_allowed_templates' 'email_custom' 'syslog'
Name Name of the alert configuration
Status
  • Enabled - alerts are sent for this configuration
  • Disabled - the alert configuration is retained once saved, but does not generate alerts
Time Zone Used in conjunction with the time filter
Enable Logging Only enable logging when troubleshooting alerting issues
Filter Settings > Name (Optional)

Specify a name for the filter
Filter Settings > Enabled
  • Enabled - the filter configuration is applied when assessing potential alert triggers
  • Disabled - the filter configuration is saved with the alert, but not when assessing potential alert triggers
Filter Settings > Hide Collapses the filter
Filter Settings > Delete Deletes the filter
Alert Type What will trigger the alert:

  • Event - many data types include 'state' fields. When a monitored state changes, Statseeker records an event (detailing the state change), which can be used to trigger an alert.
    Examples:
    • Ping up/down events (availability from a device's default ping poller only)
    • SNMP availability changes
    • Interface operation status (ifOperStatus) changes
    • UPS battery status
  • Syslog - devices can be configured to forward syslog records to your Statseeker server, and alerts can be configured to trigger in response to the content of these messages
  • Trap - SNMP trap messages can be forwarded to your Statseeker server, and alerts can be configured to trigger in response to the content of these messages
  • Threshold - thresholds can be configured against any timeseries metric monitored by Statseeker (see Threshold Configuration for details), and alerts can be configured to trigger in response to threshold breaches
  • Ping - ping state as recorded from any ping poller monitoring the device
Note: Statseeker allows for multiple ping pollers to be distributed throughout your network (see Observability Appliances for details). When multiple pollers are available, each device has a designated default poller and can have any number of additional pollers monitoring it. When:

  • Event Type = Device and Field = Ping State, the alert will only respond to ping state changes recorded by the default poller
  • Event Type = Ping and Field = Ping State, the alert can be configured to respond to ping state changes recorded by any specified pollers. including the default poller
Data Type Requires Alert Type = Event; Syslog; Trap
Select the data type the alert will be configured against. This is a filtered list only displaying those data types currently being monitored by your server.
Threshold Requires Alert Type = Threshold
Select the threshold the alert will be configured against
Field Requires Data Type
Select a state field associated with the selected Data Type
States Requires Field or Alert Type = Threshold
Select the states that will trigger the alert
Regex Requires Alert Type = Syslog; Trap
Specify a RegEx to filter Syslog\Trap message records by content. Receipt of a message that satisfies the filter will result in the alert being triggered.
Entity/Group Filter Only events originating from the specified device or group can trigger alerts - not all entities are presented at once, begin typing to filter the list
Time Filter Matching events that occur within the specified time period will generate alerts. For more information on generating these, see Time Filters
Time Filter Mode Determines if the alert is triggered by events in effect at the beginning of the alerting period.
Example: You have an alert that references an 'on transition' threshold. If at the start of the alerting period (as specified by the Time Filter), the threshold is in breach.

  • Ignore all events outside time filter range - no alert is triggered until the threshold transitions once again
  • Alert if down or breached at start of time filter range - an alert is triggered at the start of the reporting period
Waiting Requires Field = Ping State, SNMP State, or ifOperStatus
Specify the action to be taken when device ping/SNMP, or interface ifOperStatus down events are received, see Waiting Policies for details
Behavior Requires Waiting = Yes - Wait on down events over a specified period
Specify the behavior to employ when down events are received, see Bundling Policies for details
URL The URL (including port) to which the HTTP POST request will be sent. The URL must be accessible from the Statseeker server.
Webhook Template The message template to use for the alert configuration:

  • Microsoft Teams (Simple) - a basic message template with no customization
  • Microsoft Teams (Advanced) - a template allowing customization of the message content
  • ServiceNow - a ServiceNow integration with customizable content
  • PagerDuty - a PagerDuty integration with customizable content
  • Slack (Simple) - a basic message template with no customization
  • Slack (Advanced) - a template allowing customization of the message content
Check Event Filters Runs the alert configuration against the Events database and returns recent events that would trigger the alert.
Preview Webhook Message Display a preview of the message content. This is useful when adding variables to your alert message subject line or body.
Preview JSON Payload Display the payload of the POST request that will be sent. This is useful when customizing or troubleshooting webhook messages.
Send Test Webhook Test connectivity to webhook target and alert configuration by sending a test webhook message.
Save Alert Save the current alert configuration.

Microsoft Teams (Advanced)

This template can be used to integrate with Teams via a previously configured Teams Workflow. For assistance with configuring the target workflow in Teams, refer to Microsoft's Documentation.

This template allows customization of the message title and content.

  • Set Template = Send an HTTP Webhook
  • Use Filter Settings to define the alert trigger
  • Specify the URL - this is the URL of the Teams Workflow that is handling incoming webhooks
  • Set Webhook Template = Microsoft Teams (Advanced)
  • Configure the alert Title and Content - these fields accept both plain text and Message Variables
    Note: Leaving the Title or Content fields blank will revert the field to the default content as seen in any of the (Simple) templates.

Note: All Microsoft Teams webhook alerts include a link to the Default Device Viewer dashboard, filtered to the device triggering the alert.
Field Description
Template Alert template to use, for details on templates see Alert Templates

Note: the available templates can be edited from within Administration:

  • Select Administration > Network Discovery - Advanced Options > Advanced Options and click File Edit Mode
  • Add a new item 'alerting_allowed_templates', set the values, and click Save

The allowed templates can be specified as a space\tab separated list with values of:

  • 'email_simple'
  • 'email_custom'
  • 'email_advanced'
  • 'syslog'
  • 'script'
  • 'webhooks'

Example:

'alerting_allowed_templates' 'email_custom' 'syslog'
Name Name of the alert configuration
Status
  • Enabled - alerts are sent for this configuration
  • Disabled - the alert configuration is retained once saved, but does not generate alerts
Time Zone Used in conjunction with the time filter
Enable Logging Only enable logging when troubleshooting alerting issues
Filter Settings > Name (Optional)

Specify a name for the filter
Filter Settings > Enabled
  • Enabled - the filter configuration is applied when assessing potential alert triggers
  • Disabled - the filter configuration is saved with the alert, but not when assessing potential alert triggers
Filter Settings > Hide Collapses the filter
Filter Settings > Delete Deletes the filter
Alert Type What will trigger the alert:

  • Event - many data types include 'state' fields. When a monitored state changes, Statseeker records an event (detailing the state change), which can be used to trigger an alert.
    Examples:
    • Ping up/down events (availability from a device's default ping poller only)
    • SNMP availability changes
    • Interface operation status (ifOperStatus) changes
    • UPS battery status
  • Syslog - devices can be configured to forward syslog records to your Statseeker server, and alerts can be configured to trigger in response to the content of these messages
  • Trap - SNMP trap messages can be forwarded to your Statseeker server, and alerts can be configured to trigger in response to the content of these messages
  • Threshold - thresholds can be configured against any timeseries metric monitored by Statseeker (see Threshold Configuration for details), and alerts can be configured to trigger in response to threshold breaches
  • Ping - ping state as recorded from any ping poller monitoring the device
Note: Statseeker allows for multiple ping pollers to be distributed throughout your network (see Observability Appliances for details). When multiple pollers are available, each device has a designated default poller and can have any number of additional pollers monitoring it. When:

  • Event Type = Device and Field = Ping State, the alert will only respond to ping state changes recorded by the default poller
  • Event Type = Ping and Field = Ping State, the alert can be configured to respond to ping state changes recorded by any specified pollers. including the default poller
Data Type Requires Alert Type = Event; Syslog; Trap
Select the data type the alert will be configured against. This is a filtered list only displaying those data types currently being monitored by your server.
Threshold Requires Alert Type = Threshold
Select the threshold the alert will be configured against
Field Requires Data Type
Select a state field associated with the selected Data Type
States Requires Field or Alert Type = Threshold
Select the states that will trigger the alert
Regex Requires Alert Type = Syslog; Trap
Specify a RegEx to filter Syslog\Trap message records by content. Receipt of a message that satisfies the filter will result in the alert being triggered.
Entity/Group Filter Only events originating from the specified device or group can trigger alerts - not all entities are presented at once, begin typing to filter the list
Time Filter Matching events that occur within the specified time period will generate alerts. For more information on generating these, see Time Filters
Time Filter Mode Determines if the alert is triggered by events in effect at the beginning of the alerting period.
Example: You have an alert that references an 'on transition' threshold. If at the start of the alerting period (as specified by the Time Filter), the threshold is in breach.

  • Ignore all events outside time filter range - no alert is triggered until the threshold transitions once again
  • Alert if down or breached at start of time filter range - an alert is triggered at the start of the reporting period
Waiting Requires Field = Ping State, SNMP State, or ifOperStatus
Specify the action to be taken when device ping/SNMP, or interface ifOperStatus down events are received, see Waiting Policies for details
Behavior Requires Waiting = Yes - Wait on down events over a specified period
Specify the behavior to employ when down events are received, see Bundling Policies for details
URL The URL (including port) to which the HTTP POST request will be sent. The URL must be accessible from the Statseeker server.
Webhook Template The message template to use for the alert configuration:

  • Microsoft Teams (Simple) - a basic message template with no customization
  • Microsoft Teams (Advanced) - a template allowing customization of the message content
  • ServiceNow - a ServiceNow integration with customizable content
  • PagerDuty - a PagerDuty integration with customizable content
  • Slack (Simple) - a basic message template with no customization
  • Slack (Advanced) - a template allowing customization of the message content
Title Message title
Content Specify the message content. This content can include text and variables.

Note:

  • Variables - select from a list of short-codes to include variable data relating to the event\infrastructure generating the alert, see Message Variables for details
  • Preview Webhook Message / Preview JSON Payload can be used to preview the output
Title Date Format Select an alternate date-time format to be used for event times when a date-time variable is included in the webhook Title
Body Date Format Select an alternate date-time format to be used for event times when a date-time variable is included in the email body
Check Event Filters Runs the alert configuration against the Events database and returns recent events that would trigger the alert.
Preview Webhook Message Display a preview of the message content. This is useful when adding variables to your alert message subject line or body.
Preview JSON Payload Display the payload of the POST request that will be sent. This is useful when customizing or troubleshooting webhook messages.
Send Test Webhook Test connectivity to webhook target and alert configuration by sending a test webhook message.
Save Alert Save the current alert configuration.

ServiceNow

The ServiceNow integration requires:

  • Installation of ServiceNow's Event Management Core plugin - webhooks generated by Statseeker will create ServiceNow events
  • Creation of a user account with the evt_mgmt_integration role
    • The account's User ID and password will be referenced in the Statseeker alert configuration
  • ServiceNow workflows and tables to manage events generated by Statseeker webhook messages

Refer to ServiceNow's Documentation for assistance.

  • Set Template = Send an HTTP Webhook
  • Use Filter Settings to define the alert trigger
  • Update the pre-filled URL to target the specific instance of your ServiceNow service, replacing <instancename> with your ServiceNow instance name
  • Set Webhook Template = ServiceNow
  • Set Username and Password for an account with:
    • Access to the specified service endpoint (URL)
    • The evt_mgmt_integration role
  • Typically, the default values for Node, Resource, Description, and Type will provide the data most suited to those values. These values can be altered with basic text and Message Variables.
  • Optionally, assign a Message Key
    Note: A Message Key can be used to group alerts to prevent alert 'spamming'. ServiceNow treats subsequent events with the same Message Key as updates to the initial event, rather than as new events.

    By default, Message Keys are in effect for 4 hours. This value can be modified by updating the evt_mgmt.active_interval system property within ServiceNow.

    Suggested values for Message Key are the Node (typically, device name {{event.general.device}}) or a combination of Node and Resource.


  • Set the Severity for the alert
  • Optionally, set Metric Name to assist with incident categorization and reporting within your ServiceNow environment
    Note: Metric Name is a free-text field, analogous to a label or tag. Consider standardizing these values across your environment to assist incident reporting and analysis.


  • Optionally, set Additional Info fields.

    These can be used to provide additional information regarding the incident through Message Variables, or include troubleshooting resources such as runbook links.

Field Description
Template Alert template to use, for details on templates see Alert Templates

Note: the available templates can be edited from within Administration:

  • Select Administration > Network Discovery - Advanced Options > Advanced Options and click File Edit Mode
  • Add a new item 'alerting_allowed_templates', set the values, and click Save

The allowed templates can be specified as a space\tab separated list with values of:

  • 'email_simple'
  • 'email_custom'
  • 'email_advanced'
  • 'syslog'
  • 'script'
  • 'webhooks'

Example:

'alerting_allowed_templates' 'email_custom' 'syslog'
Name Name of the alert configuration
Status
  • Enabled - alerts are sent for this configuration
  • Disabled - the alert configuration is retained once saved, but does not generate alerts
Time Zone Used in conjunction with the time filter
Enable Logging Only enable logging when troubleshooting alerting issues
Filter Settings > Name (Optional)

Specify a name for the filter
Filter Settings > Enabled
  • Enabled - the filter configuration is applied when assessing potential alert triggers
  • Disabled - the filter configuration is saved with the alert, but not when assessing potential alert triggers
Filter Settings > Hide Collapses the filter
Filter Settings > Delete Deletes the filter
Alert Type What will trigger the alert:

  • Event - many data types include 'state' fields. When a monitored state changes, Statseeker records an event (detailing the state change), which can be used to trigger an alert.
    Examples:
    • Ping up/down events (availability from a device's default ping poller only)
    • SNMP availability changes
    • Interface operation status (ifOperStatus) changes
    • UPS battery status
  • Syslog - devices can be configured to forward syslog records to your Statseeker server, and alerts can be configured to trigger in response to the content of these messages
  • Trap - SNMP trap messages can be forwarded to your Statseeker server, and alerts can be configured to trigger in response to the content of these messages
  • Threshold - thresholds can be configured against any timeseries metric monitored by Statseeker (see Threshold Configuration for details), and alerts can be configured to trigger in response to threshold breaches
  • Ping - ping state as recorded from any ping poller monitoring the device
Note: Statseeker allows for multiple ping pollers to be distributed throughout your network (see Observability Appliances for details). When multiple pollers are available, each device has a designated default poller and can have any number of additional pollers monitoring it. When:

  • Event Type = Device and Field = Ping State, the alert will only respond to ping state changes recorded by the default poller
  • Event Type = Ping and Field = Ping State, the alert can be configured to respond to ping state changes recorded by any specified pollers. including the default poller
Data Type Requires Alert Type = Event; Syslog; Trap
Select the data type the alert will be configured against. This is a filtered list only displaying those data types currently being monitored by your server.
Threshold Requires Alert Type = Threshold
Select the threshold the alert will be configured against
Field Requires Data Type
Select a state field associated with the selected Data Type
States Requires Field or Alert Type = Threshold
Select the states that will trigger the alert
Regex Requires Alert Type = Syslog; Trap
Specify a RegEx to filter Syslog\Trap message records by content. Receipt of a message that satisfies the filter will result in the alert being triggered.
Entity/Group Filter Only events originating from the specified device or group can trigger alerts - not all entities are presented at once, begin typing to filter the list
Time Filter Matching events that occur within the specified time period will generate alerts. For more information on generating these, see Time Filters
Time Filter Mode Determines if the alert is triggered by events in effect at the beginning of the alerting period.
Example: You have an alert that references an 'on transition' threshold. If at the start of the alerting period (as specified by the Time Filter), the threshold is in breach.

  • Ignore all events outside time filter range - no alert is triggered until the threshold transitions once again
  • Alert if down or breached at start of time filter range - an alert is triggered at the start of the reporting period
Waiting Requires Field = Ping State, SNMP State, or ifOperStatus
Specify the action to be taken when device ping/SNMP, or interface ifOperStatus down events are received, see Waiting Policies for details
Behavior Requires Waiting = Yes - Wait on down events over a specified period
Specify the behavior to employ when down events are received, see Bundling Policies for details
URL The URL (including port) to which the HTTP POST request will be sent. The URL must be accessible from the Statseeker server.
Webhook Template The message template to use for the alert configuration:

  • Microsoft Teams (Simple) - a basic message template with no customization
  • Microsoft Teams (Advanced) - a template allowing customization of the message content
  • ServiceNow - a ServiceNow integration with customizable content
  • PagerDuty - a PagerDuty integration with customizable content
  • Slack (Simple) - a basic message template with no customization
  • Slack (Advanced) - a template allowing customization of the message content
Username The username of an account with access to the specified service endpoint (URL)
Password The password for the specified Username
Node Default = {{event.general.device}}

The name of the device associated with the event
Resource Default = {{event.general.entity}}

The entity triggering the alert.

For ping or SNMP availability, this will be the poller (the Statseeker server or a deployed Observability Appliance) monitoring the device.

For interface events, this will be the interface itself.
Description Default = {{event.general.text}}

The event description
Type Default = {{event.general.entity_type}}

The type of entity (device, port, etc.) triggering the event
Metric Name A label or tag applied to the alert record to assist reporting and analysis
Message Key An identifier used to group alerts, preventing alert 'spamming'. By default, Message Keys are in effect for 4 hours. ServiceNow treats subsequent events with the same Message Key as updates to the initial event, rather than as new events.

Suggested values for Message Key are the Node (typically, device name {{event.general.device}}) or a combination of Node and Resource.
Severity The severity of the event triggering the alert, used to assist prioritization when managing alerts
Additional Info Use key:value pairs to include any additional information that may be relevant to the event, or assist in alert management
Date Format Select an alternate date-time format to be used for event times when a date-time variable is included in the message
Check Event Filters Runs the alert configuration against the Events database and returns recent events that would trigger the alert.
Preview JSON Payload Display the payload of the POST request that will be sent. This is useful when customizing or troubleshooting webhook messages.
Send Test Webhook Test connectivity to webhook target and alert configuration by sending a test webhook message.
Save Alert Save the current alert configuration.

PagerDuty

The PagerDuty template requires a previously configured Events API V2 integration within your PagerDuty instance, refer to PagerDuty's Documentation for details.

This template allows customization of the message title and content.

  • Set Template = Send an HTTP Webhook
  • Use Filter Settings to define the alert trigger
  • Do not update the URL - the pre-filled URL (https://events.pagerduty.com/v2/enqueue) is required
  • Set Webhook Template = PagerDuty
  • Set Routing Key (also referred to as Integration Key) for the specific PagerDuty service that will receive the alert
  • Set the Severity for the alert
  • Typically, the default values for Summary, Source, and Component will provide the data most suited to those values. These values can be altered with basic text and Message Variables.
  • Optionally, assign a De-duplication Key
    Note: A De-duplication Key can be used to group alerts to prevent alert 'spamming'. PagerDuty treats subsequent events with the same De-duplication Key as updates to the initial event, rather than as new events.

    De-duplication Keys are in effect for as long as the initial incident remains in an open state (triggered or acknowledged) within PagerDuty.

    Suggested values for De-duplication Key are the Source (typically, device name {{event.general.device}}) or a combination of Source and Component.


  • Optionally, set Group and Class values to assist with incident categorization and reporting within your PagerDuty environment
    Note: Group and Class are free-text fields, analogous to metadata or tags. Consider standardizing these values across your PagerDuty environment to assist incident reporting and analysis.


  • Optionally, set Custom Details fields.

    These can be used to provide additional information regarding the incident through Message Variables, or include troubleshooting resources such as runbook links.

Field Description
Template Alert template to use, for details on templates see Alert Templates

Note: the available templates can be edited from within Administration:

  • Select Administration > Network Discovery - Advanced Options > Advanced Options and click File Edit Mode
  • Add a new item 'alerting_allowed_templates', set the values, and click Save

The allowed templates can be specified as a space\tab separated list with values of:

  • 'email_simple'
  • 'email_custom'
  • 'email_advanced'
  • 'syslog'
  • 'script'
  • 'webhooks'

Example:

'alerting_allowed_templates' 'email_custom' 'syslog'
Name Name of the alert configuration
Status
  • Enabled - alerts are sent for this configuration
  • Disabled - the alert configuration is retained once saved, but does not generate alerts
Time Zone Used in conjunction with the time filter
Enable Logging Only enable logging when troubleshooting alerting issues
Filter Settings > Name (Optional)

Specify a name for the filter
Filter Settings > Enabled
  • Enabled - the filter configuration is applied when assessing potential alert triggers
  • Disabled - the filter configuration is saved with the alert, but not when assessing potential alert triggers
Filter Settings > Hide Collapses the filter
Filter Settings > Delete Deletes the filter
Alert Type What will trigger the alert:

  • Event - many data types include 'state' fields. When a monitored state changes, Statseeker records an event (detailing the state change), which can be used to trigger an alert.
    Examples:
    • Ping up/down events (availability from a device's default ping poller only)
    • SNMP availability changes
    • Interface operation status (ifOperStatus) changes
    • UPS battery status
  • Syslog - devices can be configured to forward syslog records to your Statseeker server, and alerts can be configured to trigger in response to the content of these messages
  • Trap - SNMP trap messages can be forwarded to your Statseeker server, and alerts can be configured to trigger in response to the content of these messages
  • Threshold - thresholds can be configured against any timeseries metric monitored by Statseeker (see Threshold Configuration for details), and alerts can be configured to trigger in response to threshold breaches
  • Ping - ping state as recorded from any ping poller monitoring the device
Note: Statseeker allows for multiple ping pollers to be distributed throughout your network (see Observability Appliances for details). When multiple pollers are available, each device has a designated default poller and can have any number of additional pollers monitoring it. When:

  • Event Type = Device and Field = Ping State, the alert will only respond to ping state changes recorded by the default poller
  • Event Type = Ping and Field = Ping State, the alert can be configured to respond to ping state changes recorded by any specified pollers. including the default poller
Data Type Requires Alert Type = Event; Syslog; Trap
Select the data type the alert will be configured against. This is a filtered list only displaying those data types currently being monitored by your server.
Threshold Requires Alert Type = Threshold
Select the threshold the alert will be configured against
Field Requires Data Type
Select a state field associated with the selected Data Type
States Requires Field or Alert Type = Threshold
Select the states that will trigger the alert
Regex Requires Alert Type = Syslog; Trap
Specify a RegEx to filter Syslog\Trap message records by content. Receipt of a message that satisfies the filter will result in the alert being triggered.
Entity/Group Filter Only events originating from the specified device or group can trigger alerts - not all entities are presented at once, begin typing to filter the list
Time Filter Matching events that occur within the specified time period will generate alerts. For more information on generating these, see Time Filters
Time Filter Mode Determines if the alert is triggered by events in effect at the beginning of the alerting period.
Example: You have an alert that references an 'on transition' threshold. If at the start of the alerting period (as specified by the Time Filter), the threshold is in breach.

  • Ignore all events outside time filter range - no alert is triggered until the threshold transitions once again
  • Alert if down or breached at start of time filter range - an alert is triggered at the start of the reporting period
Waiting Requires Field = Ping State, SNMP State, or ifOperStatus
Specify the action to be taken when device ping/SNMP, or interface ifOperStatus down events are received, see Waiting Policies for details
Behavior Requires Waiting = Yes - Wait on down events over a specified period
Specify the behavior to employ when down events are received, see Bundling Policies for details
URL The URL (including port) to which the HTTP POST request will be sent. The URL must be accessible from the Statseeker server.
Webhook Template The message template to use for the alert configuration:

  • Microsoft Teams (Simple) - a basic message template with no customization
  • Microsoft Teams (Advanced) - a template allowing customization of the message content
  • ServiceNow - a ServiceNow integration with customizable content
  • PagerDuty - a PagerDuty integration with customizable content
  • Slack (Simple) - a basic message template with no customization
  • Slack (Advanced) - a template allowing customization of the message content
Routing Key An identifier (also referred to as Integration Key) for the specific PagerDuty service that will receive the alert
Summary Default = {{event.general.text}}

The event description
Severity The severity of the event triggering the alert, used to assist prioritization when managing alerts
Source Default = {{event.general.device}}

The name of the device associated with the event
Component Default = {{event.general.entity_type}}

The type of entity (device, port, etc.) triggering the event
De-duplication Key An identifier used to group alerts, preventing alert 'spamming'. PagerDuty treats subsequent events with the same De-duplication Key as updates to the initial event, rather than as new events.

De-duplication Keys are in effect for as long as the initial incident remains in an open state (triggered or acknowledged) within PagerDuty.

Suggested values for De-duplication Key are the Source (typically, device name {{event.general.device}}) or a combination of Source and Component.
Group A label or tag applied to the alert record to assist reporting and analysis
Class A label or tag applied to the alert record to assist reporting and analysis
Custom Details Use key:value pairs to include any additional information that may be relevant to the event, or assist in alert management
Date Format Select an alternate date-time format to be used for event times when a date-time variable is included in the message
Check Event Filters Runs the alert configuration against the Events database and returns recent events that would trigger the alert.
Preview JSON Payload Display the payload of the POST request that will be sent. This is useful when customizing or troubleshooting webhook messages.
Send Test Webhook Test connectivity to webhook target and alert configuration by sending a test webhook message.
Save Alert Save the current alert configuration.

Slack (Simple)

Use of this template requires:

  • A pre-configured Slack App with Incoming Webhooks enabled
  • A workspace to contain the app
    • The Webhook URL for the workspace will be referenced in the Statseeker alert configuration
  • A channel assigned to receive messages from the app

Refer to Slack's Documentation for assistance.

This is a basic message template with no customization.

  • Set Template = Send an HTTP Webhook
  • Use Filter Settings to define the alert trigger
  • Specify the URL - the Webhook URL for the target workspace containing your Slack app
  • Set Webhook Template = Slack (Simple)

Note: All Slack webhook alerts include a link to the Default Device Viewer dashboard, filtered to the device triggering the alert.
Field Description
Template Alert template to use, for details on templates see Alert Templates

Note: the available templates can be edited from within Administration:

  • Select Administration > Network Discovery - Advanced Options > Advanced Options and click File Edit Mode
  • Add a new item 'alerting_allowed_templates', set the values, and click Save

The allowed templates can be specified as a space\tab separated list with values of:

  • 'email_simple'
  • 'email_custom'
  • 'email_advanced'
  • 'syslog'
  • 'script'
  • 'webhooks'

Example:

'alerting_allowed_templates' 'email_custom' 'syslog'
Name Name of the alert configuration
Status
  • Enabled - alerts are sent for this configuration
  • Disabled - the alert configuration is retained once saved, but does not generate alerts
Time Zone Used in conjunction with the time filter
Enable Logging Only enable logging when troubleshooting alerting issues
Filter Settings > Name (Optional)

Specify a name for the filter
Filter Settings > Enabled
  • Enabled - the filter configuration is applied when assessing potential alert triggers
  • Disabled - the filter configuration is saved with the alert, but not when assessing potential alert triggers
Filter Settings > Hide Collapses the filter
Filter Settings > Delete Deletes the filter
Alert Type What will trigger the alert:

  • Event - many data types include 'state' fields. When a monitored state changes, Statseeker records an event (detailing the state change), which can be used to trigger an alert.
    Examples:
    • Ping up/down events (availability from a device's default ping poller only)
    • SNMP availability changes
    • Interface operation status (ifOperStatus) changes
    • UPS battery status
  • Syslog - devices can be configured to forward syslog records to your Statseeker server, and alerts can be configured to trigger in response to the content of these messages
  • Trap - SNMP trap messages can be forwarded to your Statseeker server, and alerts can be configured to trigger in response to the content of these messages
  • Threshold - thresholds can be configured against any timeseries metric monitored by Statseeker (see Threshold Configuration for details), and alerts can be configured to trigger in response to threshold breaches
  • Ping - ping state as recorded from any ping poller monitoring the device
Note: Statseeker allows for multiple ping pollers to be distributed throughout your network (see Observability Appliances for details). When multiple pollers are available, each device has a designated default poller and can have any number of additional pollers monitoring it. When:

  • Event Type = Device and Field = Ping State, the alert will only respond to ping state changes recorded by the default poller
  • Event Type = Ping and Field = Ping State, the alert can be configured to respond to ping state changes recorded by any specified pollers. including the default poller
Data Type Requires Alert Type = Event; Syslog; Trap
Select the data type the alert will be configured against. This is a filtered list only displaying those data types currently being monitored by your server.
Threshold Requires Alert Type = Threshold
Select the threshold the alert will be configured against
Field Requires Data Type
Select a state field associated with the selected Data Type
States Requires Field or Alert Type = Threshold
Select the states that will trigger the alert
Regex Requires Alert Type = Syslog; Trap
Specify a RegEx to filter Syslog\Trap message records by content. Receipt of a message that satisfies the filter will result in the alert being triggered.
Entity/Group Filter Only events originating from the specified device or group can trigger alerts - not all entities are presented at once, begin typing to filter the list
Time Filter Matching events that occur within the specified time period will generate alerts. For more information on generating these, see Time Filters
Time Filter Mode Determines if the alert is triggered by events in effect at the beginning of the alerting period.
Example: You have an alert that references an 'on transition' threshold. If at the start of the alerting period (as specified by the Time Filter), the threshold is in breach.

  • Ignore all events outside time filter range - no alert is triggered until the threshold transitions once again
  • Alert if down or breached at start of time filter range - an alert is triggered at the start of the reporting period
Waiting Requires Field = Ping State, SNMP State, or ifOperStatus
Specify the action to be taken when device ping/SNMP, or interface ifOperStatus down events are received, see Waiting Policies for details
Behavior Requires Waiting = Yes - Wait on down events over a specified period
Specify the behavior to employ when down events are received, see Bundling Policies for details
URL The URL (including port) to which the HTTP POST request will be sent. The URL must be accessible from the Statseeker server.
Webhook Template The message template to use for the alert configuration:

  • Microsoft Teams (Simple) - a basic message template with no customization
  • Microsoft Teams (Advanced) - a template allowing customization of the message content
  • ServiceNow - a ServiceNow integration with customizable content
  • PagerDuty - a PagerDuty integration with customizable content
  • Slack (Simple) - a basic message template with no customization
  • Slack (Advanced) - a template allowing customization of the message content
Check Event Filters Runs the alert configuration against the Events database and returns recent events that would trigger the alert.
Preview Webhook Message Display a preview of the message content. This is useful when adding variables to your alert message subject line or body.
Preview JSON Payload Display the payload of the POST request that will be sent. This is useful when customizing or troubleshooting webhook messages.
Send Test Webhook Test connectivity to webhook target and alert configuration by sending a test webhook message.
Save Alert Save the current alert configuration.

Slack (Advanced)

Use of this template requires:

  • A pre-configured Slack App with Incoming Webhooks enabled
  • A workspace to contain the app
    • The Webhook URL for the workspace will be referenced in the Statseeker alert configuration
  • A channel assigned to receive messages from the app

Refer to Slack's Documentation for assistance.

This is a template allowing customization of the message title and content.

  • Set Template = Send an HTTP Webhook
  • Use Filter Settings to define the alert trigger
  • Specify the URL - the Incoming Webhook URL for the target channel in your Slack app
  • Set Webhook Template = Slack (Advanced)
  • Configure the alert Title and Content - these fields accept both plain text and Message Variables
    Note: Leaving the Title or Content fields blank will revert the field to the default content as seen in any of the (Simple) templates.

Note: All Slack webhook alerts include a link to the Default Device Viewer dashboard, filtered to the device triggering the alert.
Field Description
Template Alert template to use, for details on templates see Alert Templates

Note: the available templates can be edited from within Administration:

  • Select Administration > Network Discovery - Advanced Options > Advanced Options and click File Edit Mode
  • Add a new item 'alerting_allowed_templates', set the values, and click Save

The allowed templates can be specified as a space\tab separated list with values of:

  • 'email_simple'
  • 'email_custom'
  • 'email_advanced'
  • 'syslog'
  • 'script'
  • 'webhooks'

Example:

'alerting_allowed_templates' 'email_custom' 'syslog'
Name Name of the alert configuration
Status
  • Enabled - alerts are sent for this configuration
  • Disabled - the alert configuration is retained once saved, but does not generate alerts
Time Zone Used in conjunction with the time filter
Enable Logging Only enable logging when troubleshooting alerting issues
Filter Settings > Name (Optional)

Specify a name for the filter
Filter Settings > Enabled
  • Enabled - the filter configuration is applied when assessing potential alert triggers
  • Disabled - the filter configuration is saved with the alert, but not when assessing potential alert triggers
Filter Settings > Hide Collapses the filter
Filter Settings > Delete Deletes the filter
Alert Type What will trigger the alert:

  • Event - many data types include 'state' fields. When a monitored state changes, Statseeker records an event (detailing the state change), which can be used to trigger an alert.
    Examples:
    • Ping up/down events (availability from a device's default ping poller only)
    • SNMP availability changes
    • Interface operation status (ifOperStatus) changes
    • UPS battery status
  • Syslog - devices can be configured to forward syslog records to your Statseeker server, and alerts can be configured to trigger in response to the content of these messages
  • Trap - SNMP trap messages can be forwarded to your Statseeker server, and alerts can be configured to trigger in response to the content of these messages
  • Threshold - thresholds can be configured against any timeseries metric monitored by Statseeker (see Threshold Configuration for details), and alerts can be configured to trigger in response to threshold breaches
  • Ping - ping state as recorded from any ping poller monitoring the device
Note: Statseeker allows for multiple ping pollers to be distributed throughout your network (see Observability Appliances for details). When multiple pollers are available, each device has a designated default poller and can have any number of additional pollers monitoring it. When:

  • Event Type = Device and Field = Ping State, the alert will only respond to ping state changes recorded by the default poller
  • Event Type = Ping and Field = Ping State, the alert can be configured to respond to ping state changes recorded by any specified pollers. including the default poller
Data Type Requires Alert Type = Event; Syslog; Trap
Select the data type the alert will be configured against. This is a filtered list only displaying those data types currently being monitored by your server.
Threshold Requires Alert Type = Threshold
Select the threshold the alert will be configured against
Field Requires Data Type
Select a state field associated with the selected Data Type
States Requires Field or Alert Type = Threshold
Select the states that will trigger the alert
Regex Requires Alert Type = Syslog; Trap
Specify a RegEx to filter Syslog\Trap message records by content. Receipt of a message that satisfies the filter will result in the alert being triggered.
Entity/Group Filter Only events originating from the specified device or group can trigger alerts - not all entities are presented at once, begin typing to filter the list
Time Filter Matching events that occur within the specified time period will generate alerts. For more information on generating these, see Time Filters
Time Filter Mode Determines if the alert is triggered by events in effect at the beginning of the alerting period.
Example: You have an alert that references an 'on transition' threshold. If at the start of the alerting period (as specified by the Time Filter), the threshold is in breach.

  • Ignore all events outside time filter range - no alert is triggered until the threshold transitions once again
  • Alert if down or breached at start of time filter range - an alert is triggered at the start of the reporting period
Waiting Requires Field = Ping State, SNMP State, or ifOperStatus
Specify the action to be taken when device ping/SNMP, or interface ifOperStatus down events are received, see Waiting Policies for details
Behavior Requires Waiting = Yes - Wait on down events over a specified period
Specify the behavior to employ when down events are received, see Bundling Policies for details
URL The URL (including port) to which the HTTP POST request will be sent. The URL must be accessible from the Statseeker server.
Webhook Template The message template to use for the alert configuration:

  • Microsoft Teams (Simple) - a basic message template with no customization
  • Microsoft Teams (Advanced) - a template allowing customization of the message content
  • ServiceNow - a ServiceNow integration with customizable content
  • PagerDuty - a PagerDuty integration with customizable content
  • Slack (Simple) - a basic message template with no customization
  • Slack (Advanced) - a template allowing customization of the message content
Title Message title
Content Specify the message content. This content can include text and variables.

Note:

  • Variables - select from a list of short-codes to include variable data relating to the event\infrastructure generating the alert, see Message Variables for details
  • Preview Webhook Message / Preview JSON Payload can be used to preview the output
Title Date Format Select an alternate date-time format to be used for event times when a date-time variable is included in the webhook Title
Body Date Format Select an alternate date-time format to be used for event times when a date-time variable is included in the email body
Check Event Filters Runs the alert configuration against the Events database and returns recent events that would trigger the alert.
Preview Webhook Message Display a preview of the message content. This is useful when adding variables to your alert message subject line or body.
Preview JSON Payload Display the payload of the POST request that will be sent. This is useful when customizing or troubleshooting webhook messages.
Send Test Webhook Test connectivity to webhook target and alert configuration by sending a test webhook message.
Save Alert Save the current alert configuration.

Custom

A template requiring that you manually create the message payload.

  • Set Template = Send an HTTP Webhook
  • Use Filter Settings to define the alert trigger
  • Specify the URL to which the HTTP POST request will be sent
  • Set Webhook Template = Custom
  • Specify the Auth Method (none, bearer token, basic, custom header) and configure the authentication header
  • Configure the HTTP POST Content (payload)
    Note:

    • The Content is sent as the body of the HTTP POST request and must be valid JSON
    • The Content can include variables as described in Message Variables
    • The Preview JSON Payload option will validate and preview the payload

Field Description
Template Alert template to use, for details on templates see Alert Templates

Note: the available templates can be edited from within Administration:

  • Select Administration > Network Discovery - Advanced Options > Advanced Options and click File Edit Mode
  • Add a new item 'alerting_allowed_templates', set the values, and click Save

The allowed templates can be specified as a space\tab separated list with values of:

  • 'email_simple'
  • 'email_custom'
  • 'email_advanced'
  • 'syslog'
  • 'script'
  • 'webhooks'

Example:

'alerting_allowed_templates' 'email_custom' 'syslog'
Name Name of the alert configuration
Status
  • Enabled - alerts are sent for this configuration
  • Disabled - the alert configuration is retained once saved, but does not generate alerts
Time Zone Used in conjunction with the time filter
Enable Logging Only enable logging when troubleshooting alerting issues
Filter Settings > Name (Optional)

Specify a name for the filter
Filter Settings > Enabled
  • Enabled - the filter configuration is applied when assessing potential alert triggers
  • Disabled - the filter configuration is saved with the alert, but not when assessing potential alert triggers
Filter Settings > Hide Collapses the filter
Filter Settings > Delete Deletes the filter
Alert Type What will trigger the alert:

  • Event - many data types include 'state' fields. When a monitored state changes, Statseeker records an event (detailing the state change), which can be used to trigger an alert.
    Examples:
    • Ping up/down events (availability from a device's default ping poller only)
    • SNMP availability changes
    • Interface operation status (ifOperStatus) changes
    • UPS battery status
  • Syslog - devices can be configured to forward syslog records to your Statseeker server, and alerts can be configured to trigger in response to the content of these messages
  • Trap - SNMP trap messages can be forwarded to your Statseeker server, and alerts can be configured to trigger in response to the content of these messages
  • Threshold - thresholds can be configured against any timeseries metric monitored by Statseeker (see Threshold Configuration for details), and alerts can be configured to trigger in response to threshold breaches
  • Ping - ping state as recorded from any ping poller monitoring the device
Note: Statseeker allows for multiple ping pollers to be distributed throughout your network (see Observability Appliances for details). When multiple pollers are available, each device has a designated default poller and can have any number of additional pollers monitoring it. When:

  • Event Type = Device and Field = Ping State, the alert will only respond to ping state changes recorded by the default poller
  • Event Type = Ping and Field = Ping State, the alert can be configured to respond to ping state changes recorded by any specified pollers. including the default poller
Data Type Requires Alert Type = Event; Syslog; Trap
Select the data type the alert will be configured against. This is a filtered list only displaying those data types currently being monitored by your server.
Threshold Requires Alert Type = Threshold
Select the threshold the alert will be configured against
Field Requires Data Type
Select a state field associated with the selected Data Type
States Requires Field or Alert Type = Threshold
Select the states that will trigger the alert
Regex Requires Alert Type = Syslog; Trap
Specify a RegEx to filter Syslog\Trap message records by content. Receipt of a message that satisfies the filter will result in the alert being triggered.
Entity/Group Filter Only events originating from the specified device or group can trigger alerts - not all entities are presented at once, begin typing to filter the list
Time Filter Matching events that occur within the specified time period will generate alerts. For more information on generating these, see Time Filters
Time Filter Mode Determines if the alert is triggered by events in effect at the beginning of the alerting period.
Example: You have an alert that references an 'on transition' threshold. If at the start of the alerting period (as specified by the Time Filter), the threshold is in breach.

  • Ignore all events outside time filter range - no alert is triggered until the threshold transitions once again
  • Alert if down or breached at start of time filter range - an alert is triggered at the start of the reporting period
Waiting Requires Field = Ping State, SNMP State, or ifOperStatus
Specify the action to be taken when device ping/SNMP, or interface ifOperStatus down events are received, see Waiting Policies for details
Behavior Requires Waiting = Yes - Wait on down events over a specified period
Specify the behavior to employ when down events are received, see Bundling Policies for details
URL The URL (including port) to which the HTTP POST request will be sent. The URL must be accessible from the Statseeker server.
Webhook Template The message template to use for the alert configuration:

  • Microsoft Teams (Simple) - a basic message template with no customization
  • Microsoft Teams (Advanced) - a template allowing customization of the message content
  • ServiceNow - a ServiceNow integration with customizable content
  • PagerDuty - a PagerDuty integration with customizable content
  • Slack (Simple) - a basic message template with no customization
  • Slack (Advanced) - a template allowing customization of the message content
Auth Method Authentication method that will be used. One of:

  • None - no Authentication required
  • Bearer Token - creates an authorization header with a token-based credential
  • Basic Auth - uses a username and password (encrypted) combination
  • Custom Header - define key-value pairs as authentication header parameters
Bearer Token (Requires Auth Method = Bearer Token)

Authentication token. When specified, it will include a valid header in the webhook POST request.

Authorization: Bearer <token>

Username (Requires Auth Method = Basic Auth)

Username to use when generating the authorization header of the webhook POST request.
Password (Requires Auth Method = Basic Auth)

Password to use when generating the authorization header of the webhook POST request.
Custom Header (Requires Auth Method = Custom Header)

Key-value pairs to be included in the webhook POST request header. This is useful when the target service requires custom headers for authentication.
Content
Note: Must be valid JSON

Specify the HTTP POST payload.

Note:

  • Variables - select from a list of short-codes to include variable data relating to the event\infrastructure generating the alert, see Message Variables for details
  • Preview JSON Payload can be used to both validate the payload format and preview the output
Title Date Format Select an alternate date-time format to be used for event times when a date-time variable is included in the webhook Title
Check Event Filters Runs the alert configuration against the Events database and returns recent events that would trigger the alert.
Preview Webhook Message Display a preview of the message content. This is useful when adding variables to your alert message subject line or body.
Preview JSON Payload Display the payload of the POST request that will be sent. This is useful when customizing or troubleshooting webhook messages.
Send Test Webhook Test connectivity to webhook target and alert configuration by sending a test webhook message.
Save Alert Save the current alert configuration.

[top]

Webhook Alerting Logs

All outgoing webhook alert messages are detailed in the Python Log. These logs can assist in troubleshooting webhook configuration issues, detailing when the webhook was sent and the message outcome.

For details on accessing Statseeker logs, see Log Viewer.

[top]


Bundling Policy

Bundling refers to holding onto alerts for a specified period of time and then sending all alerts generated over that period in a single alert email. This allows for a more efficient handling of events where several alerts are raised in a very short period of time, often in response to a single cause. Each alert configuration contains a bundling policy specific to that alert configuration; consequently, only alerts generated by that configuration are bundled according to that bundling policy.

Basic bundling options are available for the Email (simple) and Email with custom content (simple) templates. These options are:

  • No - no bundling occurs, and an alert is sent for each event
  • Yes - bundle the alerts for a specified duration
  • The duration of the bundling period

Once an event occurs and an alert is generated, Statseeker will hold onto the alert and collect any other alerts generated from the same alert configuration until the specified bundling period is complete. At that time, a single alert email is sent detailing every alert collected over the bundling period.

Advanced bundling options are available for the Email with custom content (advanced) template. The bundling options available here are:

  • No - no bundling occurs, and an alert is sent for each event
  • Yes, with a duration - as per the bundling options offered with the simple templates
  • Yes, choose bundle times

When the bundle times option is selected, the following fields are made available:

  • Bundle from - the time of day to begin bundling
  • Send email at - the time of day and days of the week, to stop bundling and send an alert email
Note: Webhook alerting templates do not explicitly support standard bundling options. However, some templates (ServiceNow, PagerDuty, and Custom) can be configured to duplicate this behavior via de-duplication functionality and a Waiting policy.