It was a pain in the rear, but I was able to work something out.
You have to start by building the "Information Base Categories" table in Dashboard> Config > Configurations > Information Base Categories. I have attached an Excel Export.
--> NOTE: If you use ConnectWise, this is also helpful for workflow and reporting.
The second thing that I had to do is to go through each and every monitor and assigned a "Ticket Category". This holds true for Internal as well as Remote monitors.
The third thing I did was to built 3 Internal monitors, that are essentially the same except for the time check for when the Ticket was created, and the alert Template.
....The first monitor check for ticket.status=1 (new), and age of 7 minutes. If positive, it Alerts with Template 1
..............The Times in the Alert Template have Ticket and email 8am to 5pm M-F, the rest(after hours) include Call and SMS
.......................TIP: when setting the alerts in the Template, do not span your time through Midnight. It will be faulty. In my case I had to
.......................create an entry from 5 pm tp 11:59 pm and the another for 12:00 am to 8 am.
...............Alert Template 1 has a contact Called "First Responder"; Our Dispatcher updates this contact (Under Navigation Tree Contacts),
................with the information for the Engineer OnCall every Monday morning.
....The second monitor uses a time check for age of ticket of 67 minutes, and uses a similar Alert Template, but with a different Contact, named Second Responder. The goal here is that if the First Responder doe snot respond, the Second Responder gets an alert an hour later.
....The third monitor uses a time check for age of ticket of 127 minutes, and uses a Third Template.
The how you want to route the alerts, how often and if they go to same individual or you escalate, is very unique to each MSP. This is how we operate.
This is the logic in the First Monitor;
Interval: 900 seconds
Monitor Mode and Duplication Alert Frequency: Once Per Day
Table to Check: ticekts
Field to Check: StartDate
Check Condition: LessThan
Result: DATE_ADD(NOW(),Interval -7 Minute)
Identity Field: (Select Name From clients WHERE clients.ClientID = Tickets.ClientID limit 1)
((SELECT `Disable Alerting` <> 1 FROM v_extradatacomputers WHERE v_extradatacomputers.computerid=Tickets.ComputerID)
AND tickets.category in (117,118,160,161,166,168,169,170,171,172,173,174,175,176,177,178,213)
AND ((Select Count(*) From maintenancemode Where maintenancemode.computerid=Tickets.ComputerID) = 0)
AND (Select OS like '%server%' FROM Computers WHERE Computers.ComputerID=Tickets.ComputerID)
AND tickets.StartedDate>DATE_ADD(NOW(),interval -2 day)
AND tickets.status = 1)
The `Disable Alerting` is to avoid Critical alert sent for system where Alerting has been disabled.
A way around the Ticket Category, would be to use the a key word in the Ticekt Subject or Body. You then change the Monitor's Additional Condition query to look for this key word, something like "LTCriticalAlert".