The alert management function is a central alert inbox function for SAP Focused Run. All alerts from all tools are coming together in the alert inbox.
Questions that will be answered in this blog are:
- How does the alert inbox work?
- How can I get a good overview of all the alerts?
- How can I mail an alert?
- Which actions can I perform on an alert?
- Can I set up my own alert dashboard?
- Can I have Focused Run automatically confirm some of the alerts, when the system detects all is ok again?
- Which alerts are sent to the Alert inbox?
- How to organize alert handling?
- How to execute alert review?
- How to reduce the amount of open alerts?
- How can I configure Focused Run to send mails for specific alert situations?
- How can I setup multiple mail receivers?
- How can I setup multiple mail groups?
- How can I change the layout of the mail?
To open the Alert Inbox, click on the Fiori tile:
Don't let yourself be distracted by the high number. This is the total unfiltered amount of alerts. It will contain alerts from production and non-production systems. It will be important and non-important alerts.
Now the open alert overview dashboard will open:
There is a lot of information on this screen.
Top left are the open alerts by source. This means the open alerts by application, instance, database. In the middle top are the open alerts by category (like availability, exceptions, etc). Top right is the open alerts by current rating. Bottom left is the top type of open alert by type of metric that is causing the alert. Bottom right is the distribution of open alerts by age.
The alerts are centralized and can have diverse sources:
- System monitoring
- Interface monitoring
- Cloud monitoring
- Batch job monitoring
- Configuration and security monitoring
- All other tools
Processing an alert
From the overview you can choose two ways to start:
- On the top right section click on the Critical alerts that are currently still open.
- On the left, select the open alert list icon:
Both options will bring you to the list of open important alerts:
The sorting is done from Very High and then High, etc, already. The most important open current alerts are on top. This list can also be exported to Excel.
Clicking on an alert will open the details:
Here you can see the history and current status. It can be that the alert is till red, but it can also be that Focused Run detects that the current situation is now ok. It will still leave the alert open for you to analyse and confirm.
You can click on the Actions button to get the follow up action menu:
- Confirm the alert will close the alert.
- Add a comment: add text to the alert.
- Add or change a processor: assign a user ID who should pick up the alert and is responsible for the alert.
- Trigger an alert reaction (for example to SAP solution manager IT service desk or outbound integration to for example ServiceNow)
- Send notification will give you the option to mail the alert:
Using the action log button:
you can see the action log for the alert:
An alert is sent to the alert inbox. But for each alert you can configure as well if an alert is e-mailed, and/or send to external tool like ServiceNow.
The alert inbox has a scope filter just like all the other Focused Run tools. Use it to filter the alerts for you most important systems (most likely the productive systems, or even filter on the core S4HANA and/or ECC systems).
Depending on your organizational structure and amounts of systems, you need to agree on how you handle the alerts. Aspects to be taken care of:
- Prioritization of alerts; which ones go first? Solutions:
- Use filters for important systems
- First red alerts, then yellow alerts
- Fine tune alert thresholds to reduce invalid red alerts
- Assign processor or not: for larger teams do assign a processor to keep track
- Fill out comments for alerts that take longer to solve, so you track what has been done
- Consider to postpone alerts that require a change to get fixed (and the change takes a longer time to implement)
- Using the SLA functions or not?
- Who is allowed to confirm an alert?
You can use the initial alert dashboard, or the alert reporting overview, or create your own dashboards:
The overview shows the open alerts:
Clicking on any colored bar will bring you to the detailed list. From the list you can filter down to the details.
At the start of your SAP Focused Run implementation you should at least weekly review this. It gives you insights into:
- The type of alerts most frequently popping up
- The systems that generate the most alerts
- The average time an alert is open
When you are getting more mature and used to solving the issues
Open alert reduction
To reduce the open alerts consider this sequence:
- Solve the issues in the systems: clean up, apply permanent solutions
- Fine tune the metric thresholds for false alerts, and classify not so important alerts as yellow: keep red for the important alerts
- Work on the resolution time: also here, focus on the red alerts which are important
Bad practices (often deployed by KPI drive service providers):
- Increase thresholds, without clean up or without solving the issues permanently
- Simply close each repetitive alert fast without checking and solving the root cause for repetitive failure
- Only look at subsection of the alerts
- Don’t look at self monitoring items (without solving self monitoring issues)
- Blame Focused Run for having bugs (without looking for OSS notes and without reporting issues)
- Don’t confirm the alerts (so they keep open and don’t send new mails, or don’t create new ServiceNow tickets)
If you are confronted with such a service provider, use the alerting reporting tools also for the closed alerts to find evidences of such behaviors.
After incidents you have (mainly in your productive system), check if Focused Run generated the proper alert or not.
Cases that can happen:
- Focused Run did alert the situation, but it was not picked up fast enough by the processors: organizational measures, or consider the mail sending option
- Focused Run did measure the situation, but the alert was not configured (for example batch job alert was not set)
- Focused Run did measure the situation, but the threshold was not reached: lower the threshold in the template
- Focused Run did measure the situation, but it was not specific enough. This can happen with SM21 system messages. Consider creation of very specific custom metrics for specific messages (for example for application server connectivity loss to database).
- Focused Run did not measure the situation: check if you can activate an out-of-the-box monitoring item for the situation. Not all measurements are active in the templates by default. If no out-of-the box exists, consider creating a custom metric. Or check if you can monitor side-effects of occurring bad situations.
The goal of this analysis is to keep improving the alerting accuracy: alerts should not be missed and valid (not false).
Automatic confirmation of alerts
For some type of alerts, you might want to activate the automatic confirmation. This automatic confirmation is set at template level. Read this blog on the details. If it is set, the alert will still be created. The alert will remain open until the system detects the issue is gone. If gone, the system will automatically close the alert.
Alert management search
With the looking glass left you goto the Alert search overview. Here you can search in any way you want on the alerts, including free text search:
Top right you select extra specific filter criteria:
Custom alert page
By clicking on the + icon on the left button bar, you can add your own alert page:
The UI is the same as for the tactical dashboards.
Setting up alert consumer
First we will set up the alert consumer. Goto the Alert Consumer Variant configuration tile:
In the next screen click on the Plus symbol to create a new Alert Consumer:
Initially there is no mail template and no recipient list.
We will create these in the steps below. When these are created, they can be used in the drop downs. Save the consumer and don’t forget to put the status to Active.
Maintain recipient list
From the alert consumer screen create a new recepient list:
Give it a name and add the e-mail addresses for the group. There can be one or multiple. Save the list.
Maintain e-mail template
Create a new e-mail template:
On the left hand side you can see the variables you can use. On the right hand side you construct the mail template. Preview is possible but shows limited functionality only. Save after you are happy with the mail.
Using the alert consumer
Now we have created the alert consumer with the mail template and recipient list. We can goto the monitoring template maintenance to assign the alert consumer. In the alerts tab of the template that you want to alert on, goto the Alerts tab:
For the type of alert switch the Automatic notification to Use Variant. In the Notifications tab below, you can now assign the created variant. Save the settings.
After the template change: do not forget to Apply and Activate the template for use.
Testing and mail sending
To test your settings: use a development system or sandbox to test your event. Then check in SOST that the mail is properly created:
<< This blog was originally posted on SAP Focused Run Guru by Frank Umans. Repost done with permission. >>