Monitor vSAN events in Slack with VMC on AWS

by
Slack vSAN alert notification screenshot
For example, this is the result, Slackbot notification of vSAN storage exceeding threshold alert.

I’ll describe in this blog how to monitor vSAN events in Slack with VMC on AWS. Creating a Slack notification alert of vSAN threshold exceeding, using vRLIC (vRealize Log Insight Cloud).

Background

Why do you need to monitor on Slack vSAN threshold exceeding events in VMC on AWS?

Monitor vSAN events are one of the most common gotchas in VMC on AWS.

When the vSAN Cluster reaches 70% of its storage utilization, Additional Hosts have added automatically to the Cluster.

You cannot change this behavior through configurations. Therefore monitoring the vSAN storage utilization is key in production.

Until the September 2021 release, there was no default VMC notification on AWS before adding a new host. A new Alert introduced In September when the vSAN Cluster reaches 65% of capacity usage, VMC will send an email to organization users.

The Slack notification use case of monitoring the vSAN cluster usage before reaching 65% is helpful for other monitoring use cases. For instance, alert on noisy neighbor VM’s.

Monitoring VSAN cluster usage with a vCenter alert

Pre-requisite for Slack alert notification, vCenter Alert configuration.

First, open the vCenter in VMC on AWS and define a new datastore Alarm.

vSAN Alarm Definition on vCenter screenshot
Go to Datastores, select workloadDatastore, click on the configure tab, click on Alarm Definitions, and click on Add.
New Alarm Definition vCenter screenshot
Add an Alarm name and click next. We will use the alarm name in the following steps.
Alarm definition rule 1 conditions screenshot
Under the IF condition, choose Datastore Disk Usage.
In the operator, select “if above.”
In the threshold enter threshold percentage, in my example, 65%.
Alarm 1 reset rule screenshot
Leave the reset of conditions as-is.
Review the Alarm definition, confirm enable this alarm screenshot
Review the alarm definition afterward, confirm the rule is enabled, and then click create.
Alarm triggered screenshot
You will see the vCenter alarm once conditions are met, as in this example.

Second part vRealize log insight(vRLIC) webhook and Alert configuration

Webhook Configuration
how to loginto vRLIC from VMC on AWS screenshot
In the VMC console, click on the nine tiles and click on vRealize log insight cloud(vRLIC)
Create new webhook Slack endpoint VRLIC(vRealize log insigh cloud) screenshot
In vRLIC on the left-hand menu, expand configurations and go to webhook configuration.
Afterward, click on New Webhook and then select Slack Endpoint and enter Destination URL.
You can find the slack side definition of the slack documentation here.
Alert Definitions configuration
Alert definitions vrlic vrealize log insight cloud screenshot
Now after setting the webhook, set up an alert.
Expand alerts, go to alert definitions, and click create a new alert on the left-hand menu.
create alert definition screenshot
You will need to fill in all of the description and query names.

Please make sure that the query text contains and matches the alert name as defined in vCenter? vRLIC will pick the name from the logs. Make sure you select under trigger condition 1, notification towards the slack endpoint we just created.
Alert confirmation in the logs under log explorer screenshot
Under Logs explorer, you can see the query working in action catching the alert as seen in the logs.
Under Triggered Alerts you will see the new alert being noticed.
It may take several minutes before vRLIC propagates the alert creation correctly and triggers an alert when performing testing.
Slack vSAN alert notification screenshot
In conclusion, this is the result of slack notification with all of the relevant metadata.
It helps monitor your infrastructure, and you can use it for additional use cases.

If you found this useful, please feel free to leave a comment or to reach out directly.

Back to the original site

https://schwartzman.org

Leave a Comment