Getting too many ProTop alerts? Here's how to fine-tune the alerts you see in your feed on the ProTop portal.
ProTop arrives with dozens of alerts ready to fire "out of the box," and many do.
These alert definitions reside in your [PROTOP]/etc/alert.[siteid].cfg. It is a copy of etc/alert.cfg, customized according to your site-specific needs. If you do not have an etc/alert.[siteid].cfg, take a moment and copy etc/alert.cfg to it now. The etc/alert.cfg file is overwritten by each ProTop update, so you don't want to make customizations there.
NOTE: The metric names at the start of each alert definition in your etc/alert.[custid].cfg do not always match case usage with the metric name in the alerts you see in the portal. For instance, sqlStats in an alert title corresponds with SQLStats in your etc/alert/[custid].cfg file. So, when trying to find a metric in your alert config file, be sure to use a case insensitive approach (grep -i ; findstr /i; NotePad++ etc)
NOTE: Your etc/alert.[custid].cfg is re-read every monitoring interval. There is no need to restart anything for these changes to take effect.
0. What does this alert mean?
Before you can accurately adjust which alerts appear in your feed, you must know what they mean. Over 100 alerts are enabled by default. Each default alert has a corresponding page in this knowledgebase and can be found by searching here for the metric name, the first string in the alert subject.
The alert subject is in yellow in the image below, and the metric name in the red box is "sqlStats." Enter sqlStats (not case sensitive) in the search box above to find articles about sqlStats, including the article that explains it that begins "Alert."
1. I don't care about this alert. Make it go away!
If you see an alert that you believe does not apply to you or do not care about it, the simplest way to reduce that noise is to comment it out in your etc/alert.[siteid].cfg file. For example, we see this alert for sqlStats -1 < 0:
If you do not use SQL clients in your environment and have no intention of doing so in the future, then edit your etc/alert.[siteid].cfg file, find the line(s) that begins SQLStats and add a # to the beginning of the line, so it looks like this:
#SQLStats num < 0 "" "daily" "&1 &2 &3" alert
Save the file; you will no longer see this alert in your alerts feed on the ProTop Portal.
2. I care about this alert, but I'm getting too many (the threshold is too low for my environment).
For instance, we see here multiple alerts for LatchReq exceeding the threshold, which is set to 3000000 by default:
If you know your total latch requests regularly exceed 5000000 and it is not a problem for your application, set the threshold higher. Edit your etc/alert.[siteid].cfg, find the line that begins with latchReq (yes, llowercase"L") and change 3000000 to a number above which you want to be alerted, say 5500000 and save the file. You will see alerts only when total latch requests in a monitoring interval exceed 5500000.
3. What is a "blue" alert or alerts that start with a number in parentheses; how do I make it disappear?
Blue alerts are "info" alerts. One type of "info" alert is a message that ProTop finds in the database log and passes along to the ProTop Portal as an alert. For example:
You can control how ProTop handles these db message alerts in your etc/messages.custid.cfg file.
Edit the file and look for the line that begins with the error number in parentheses that you see in the alert. "794" in the example above. Change the second parameter on the line from "info" to "ignore" and save the file. ProTop will pick up the change in the next few minutes and stop sending that message as an alert.