Filtering is based on the following adjustable conditions:

  • Number of monitoring agent locations reporting an error
  • Duration of a period during which an Error is reported
  • Number of failed tasks
  • State of an Owner Device
  • Specific type of error, or error code

Each new response is evaluated by a filter in the following order:

  • Error Code Check: Compares the received error code (for example, HTTP 404 Not Found) with the list of ignored errors defined in the filter.
  • Task Number Check: Verifies whether the number of failed tasks is greater than or equal to the value specified in the filter.
  • Monitoring Agent Locations Check: Verifies whether the number of failed monitoring locations meets or exceeds the value specified in the filter. When this threshold is reached, the Error Duration Timer starts.
  • Error Duration Timer Check: Compares the error duration with the value defined in the filter.
  • Owner Device State Check: Verifies whether the owner device is DOWN. If it is, alert notifications are not sent (applies only to notification filters).

Default Filter

When a new monitoring device is created, the Default Filter is applied automatically. This filter requires an error to be confirmed by at least two monitoring locations before an alert is sent, helping reduce false positives caused by temporary network issues.

The Default Filter is generally recommended. However, if only one monitoring location is used, this requirement is automatically bypassed, and any detected error will trigger an alert.

If the number of available monitoring locations is lower than the threshold defined in a filter, that filter is not applied.

Examples:

  • Error is not confirmed by at least XX monitoring locations:
    A Device is set up to monitor a company web portal from 15 worldwide monitoring locations. The owner of the Device doesn’t want to wake up at night due to alerts caused by temporary network issues occurring simultaneously at two backbone providers. Therefore, the Filter is configured to ignore errors unless they are confirmed by at least three monitoring locations.
  • Error is detected in less than XX tasks:
    An organization has a wide sub-network with four routers, which are holding all incoming and outgoing traffic. The routers are configured to be interchangeable in case one of the routers is temporarily overloaded. The monitoring is configured to detect a situation when two, or more, routers are inaccessible from any geographic location. The best practice in this situation is to create a Device with four ICMP (ping) Tasks and assign a Filter. The Filter is configured to Ignore Errors unless the Error is detected in at least two ICMP Tasks.
  • Default Filter behavior:
    The Default Filter suppresses alerts unless an error is confirmed by two or more locations. In reports, only errors confirmed by at least two locations are counted. A single-location error does not result in a DOWN state.