The Secret Diary of Han, Aged 0x29

Archive for April 2006

Alert Archiving

Outline for new Alert Archiving
Two new columns in Netcool
1. Archived (int)

0 => not_archived
1 => archived
2 => has_archivable_update

Value of 0 for not_archived is chosen because this is the default value for this field

2. ArchiveID (unsigned64)
id of base alert archive record

Archiving algorithm:
1. Scan updated alerts for “Archived in [0,2]”
For each alert found:

2. Read alert. Read journal entries for alert
3. If archived = 0 insert new base alert record for alert
else, if archived = 2 update existing, insert new delta record alert, using archive
4. Set archived to 1, if new base, set ArchiveID to ID. Clear out journal entries

Netcool Alert Journal:
Serial => Serial of alert
Chrono => Timestamp
KeyField => Primary key Serial:0:Chrono
Text1 .. Text16 => value

Insert new base:
save following fields:
Acknowledged, AckUser, Agent, AlertGroup, AlertKey, CausedBy, ComponentClass
ComponentUrl, Customer, CusetomerService, CustomerUrl, DataCenter, FirstOccurrence
Identifier, IncidentType, LastOccurrence, Manager, NMosCauseType, Node, NodeAlias,
Serial, ServerLifeCycle, Severity, Smart24Cat, Smart24Group, Smart24Ref, Smart24Ticket
Smart24TicketUrl, Summary, Tally, TestFlag, Type

Update existing:
retrieve base by ID, update following values:
– Acknowledged (2)
– AckUser (2)
– Customer (1)
– CustomerService (1)
– CustomerURL (1)
– DataCenter (1)
– LastOccurrence
– NodeAlias (1)
– ServerLifeCycle (1)
– Smart24Cat (1)
– Smart24Group (1)
– Smart24Ticket (3)
– Smart24TicketUrl (3)
– Tally
– Type ? (not necessary if set by trigger)
Most are set only once during the lifetime of the alert, but are not available in the beginning. LastOccurrence and Tally are updated continously, but need not be kept track of separately
(1): Updated by enrichment => only for problems
(2): Updated by Ack script –> also saves script result
(3): Updated by Create ticket tool –> also saves script result
Insert Delta record
– Delta type
* Script
* Alert Clear (auto)
* Alert Clear (manual)
– Script results (from Journal)
– User (script / manual clear)
– Timestamp

Migration procedure
– Can be done offline
– Read alert archive records
Collapse all with same identifier, occurring within reasonable time (~ 1 week) into one alert, by going through in order of ID, and updating fields from “update existing” above, and by creating delta records for scripts that were run.
– Only do for last 6 months


Written by Han

April 21, 2006 at 14:50

Posted in Uncategorized