One of our users reached out because they would automatically like to group alarms together that are related to the same location (ie site). This site is mentioned as a property. Is it possible to do so? How can I do this? Does this functionality belong to the core DataMiner software?
Thanks in advance,
Dennis
Yes, this is possible by using the Automatic Incident Tracking feature. This feature will try to group alarms together that belong to the same incident, taking into account certain information on the alarm. If you’re unfamiliar with this feature we have a blog post https://community.dataminer.services/automatic-incident-tracking/ and a nice introduction video about it https://www.youtube.com/watch?v=m6ITgtTFz1E.
Since DataMiner version 10.1.4, you can configure Automatic Incident Tracking to use any alarm, element, view or service property in its grouping algorithm. The configuration is done in the analytics configuration file, by default at C:\Skyline DataMiner\analytics\configuration.xml. In that file, you will find a section
<item type="skyline::dataminer::analytics::workers::configuration::XMLConfigurationProperty<class std::vector<class std::shared_ptr<class skyline::dataminer::analytics::workers::configuration::IGenericPropertyVisitorConfiguration>,class std::allocator<class std::shared_ptr<class skyline::dataminer::analytics::workers::configuration::IGenericPropertyVisitorConfiguration> > > >"> <Value /> <Accessibility>2</Accessibility> <Name>GenericProperties</Name> </item>
The properties you want to group on should be added inside the <value> tag in that section. I’m not exactly sure what type of property this ‘site’ is. If it is an element property, the following will do.
<item type="skyline::dataminer::analytics::workers::configuration::XMLConfigurationProperty<class std::vector<class std::shared_ptr<class skyline::dataminer::analytics::workers::configuration::IGenericPropertyVisitorConfiguration>,class std::allocator<class std::shared_ptr<class skyline::dataminer::analytics::workers::configuration::IGenericPropertyVisitorConfiguration> > > >">
<Value>
<item type="skyline::dataminer::analytics::workers::configuration::GenericElementPropertyVisitorConfiguration">
<enable>true</enable>
<threshold>0</threshold>
<name>site</name>
</item>
</Value>
<Accessibility>2</Accessibility>
<Name>GenericProperties</Name>
</item>
The threshold field is a number between 0 and 1 that can be used to only group alarms on that property whenever the proportion of elements having an alarm around that point is greater than the configured threshold. The idea here is that when multiple elements with the same property value have alarms at the same time, it is more likely that property value is relevant for the incident. Setting this value to 0 means that any two alarms on elements with the same value for that property will be grouped together, as long as they have the same focus value and occurred around the same time. Setting it to 1 means that alarms will only be grouped together if all element having that property value are in alarm together.
If it is an alarm property, the following can be used.
<item type="skyline::dataminer::analytics::workers::configuration::XMLConfigurationProperty<class std::vector<class std::shared_ptr<class skyline::dataminer::analytics::workers::configuration::IGenericPropertyVisitorConfiguration>,class std::allocator<class std::shared_ptr<class skyline::dataminer::analytics::workers::configuration::IGenericPropertyVisitorConfiguration> > > >">
<Value>
<item type="skyline::dataminer::analytics::workers::configuration::GenericAlarmPropertyVisitorConfiguration">
<enable>true</enable>
<name>site</name>
</item>
</Value>
<Accessibility>2</Accessibility>
<Name>GenericProperties</Name>
</item>
Obviously, if you want to add more than one property, this can be done by adding multiple <item> sections inside the <value> tag. Once you configured your properties, you will have to restart your DataMiner. More information can be found at https://docs.dataminer.services/user-guide/Basic_Functionality/Alarms/Working_with_alarms/Advanced_analytics_features_in_the_Alarm_Console.html#automatic-incident-tracking.
As Wouter indicated, the easiest way if you want clean permanent grouping by location, you can set that up by default. If you use IDP (DataMiner Infrastructure Discovery and Provisioning app (IDP) - DataMiner Dojo), you have structured management of all locations, buildings, racks, floors, etc. If you disable the auto-grouping, you can right click on the headers of multiple columns in the Alarm Console and also do layered grouping (e.g. group on location and then by rack). 
The option Tobe mentioned is definitely also something everybody should be looking into. Of course that is a more dynamic grouping, where DataMiner will make a assessment of which alarms are likely to be related to the same incident. And if alarms occur at around the same time, on devices hosted in the same rack or location, then indeed they are more likely to be related to the same incident (and hence they are more likely to be grouped automatically by this capability).
Hi Dennis,
This is possible yes.
In order to do this, you should first make sure the property is added as a column in the alarm console.
Next you need to disable the option Automatically group according to arrangement
After that you can right-click any column header and select Group by this field
In my example I want to group by the OS of my servers.
The result is this:
I hope this is what you're looking for?
Hi Bruno, Tobe and Wouter, thanks for those great replies, much appreciated! I've forwarded the link of this post to the user!
Other alternative is to use the Correlation rule engine, to define a rule that groups alarms based on property. The same is possible for Views, Services, Elements, parameter, table index, etc.
Further details are available in our documentation: Grouping alarms in Correlation rules | DataMiner Docs