The override table provides a convenient way to enumerate exceptions to the default rule condition.
It allows you to minimize the number of rule variations created due to minor differences in the thresholds applicable to specific entity groups, entities or tags.
For example, assuming that the default condition is
value > 50, the below configuration applies a different threshold (
value > 70) for entities starting with
Override tables can be created on the Overrides tab in the rule editor.
The table must have at least one rule where each row represents a single rule consisting of filter and threshold columns.
The rules are processed from top to bottom. If the rule filter matches the given window, the processing stops (subsequent rows are ignored) and the rule thresholds are checked. An alert is triggered if the threshold condition for either
WARNING level is satisfied.
In case no matching rules are found for the given window, the default condition, as specified on the Overview tab, is evaluated.
The Depends On condition, when enabled on the Condition tab, is checked for both the override rule and the default condition.
Rows can be inserted, removed, and copied by right-clicking on the row index column.
The filter matches the window if it satisfies all filter columns including:
- Entity group column
- Entity column
- Tag columns (optional)
In the example above, the rule matches entities with a name beginning with
nurswgthat are members of the
disk_prodgroup and applies only to windows with tag
The tag columns are present when the rule is grouped by tags on the Overview tab.
Empty columns are ignored. For example, if the entity group is not defined for the current row, the filter checks only the entity and tag columns.
The entity and the tag columns support
* as the wildcard character.
| ||The rule matches all windows.|
| || ||The rule matches entities that are members of the |
| || ||The rule matches entities with name starting with |
| ||abc||The rule matches windows with |
| || || ||The rule matches windows for members of the |
The threshold condition is a boolean expression built from the numeric function, the comparison operator, and the threshold value.
/* Function Operator Threshold */ value > 70 percentile(75) <= 50 max() = 60
An alert is triggered if either the
WARNING condition returns
When one of the threshold conditions is satisfied, the alert is assigned a severity level based on which threshold s met:
WARNING conditions are
ERROR level takes precedence.
If no override rule matches the window and the alert is eventually triggered by the default condition, the alert is assigned the severity level specified on the Logging tab.
The metric in this example measures disk space usage and is collected with
mount_point tags. The numeric values range between 0% and 100%. The alert must be raised if disk utilization exceeds 80% unless a custom threshold is found in the Overrides table.
value > 80
- Rules are processed from top to bottom. There are 4 rules in the table.
- Row 1: Since the value cannot be greater than 100%, this rule effectively disables alerts for
- Row 2. This rule raises
ERRORalert if disk usage exceeds 50% for entity
- Row 3. This rule raises
ERRORalert if disk usage on
/mount point exceeds 90% for entity
nurswgvml007. Note that once a rule is matched, the default condition is not evaluated for this window, and therefore an alert is be raised for
nurswgvml007with disk usage of 85%.
- Row 4. Raise
ERRORalert if disk usage exceeds 60% for any entity in the
disk_prodgroup. Otherwise, raise
WARNINGalert, if disk usage is greater than 30% for the same entities.
- If no rule is matched, evaluate the default condition.
Multiple Override Tables
Multiple override tables can be created to trigger different email or webhooks.
If a window changes its status based on Override rules, the event can trigger a specific email or webhook identified by name. Otherwise, it triggers all notifications except those classified as Use in Overrides Only.