Awhile back I implemented a "core alert" on OCUM that sends an alert to our NOC for nearly all critical, error, and warning events. We are currently on 7.1. My problem is, I only want this alert to send for events on our production cluster. We have a DR and test cluster as well. The problem, as far as I can tell, is that I can't simply go to the Resources tab and select the production cluster, as this only applies to cluster level alerts. In other words, if I understand correctly, I need to go to each item in the drop-down list - volumes, LUNs, SVMs, etc - and use filters to select every one of the related objects that belong to the production cluster. I keep thinking - there has to be an easier way. Does anyone have advice on how to easily exclude every object from a test cluster without having to do this?
It sounds as if you have defined a list of event types that are of interest i.e. that you would like to result in alerts being generated. Which seems reasonable ... although the events themselves are a strange mix of concrete and abstract e.g. "Failed Fan" vs. "Performance Incident". What would be the consequences if the list of possible events were to be enhanced or changed in a future version of OCUM/ONTAP?
I thought it might be possible to use "Resources -> Exclude" to filter out events from the non-production systems. However when I tried that, it appears that it is not possible to use "Exclude" without first having used "Include". And once a resource of type "Cluster" has been included, OCUM no longer allows the Alert definition to be saved, because it refers to event types that are not associated with clusters 😞
So I am not sure if it is possible to do this within OCUM or not. If the alerts are being forwarded into a trouble ticketing system e.g. the Remedy AR System, maybe it would possible to "post-process" them there?
(But see my other post here about not being able to get script output in Alert email notifications.)