Hi SN Community,
I've been using Tag based alert correlation for some cases of alerts with no CI. It has been working well until a few weeks ago, where the alert grouping does not work, or the rule is being disabled with the following message :
Alert correlation rule processing duration was 1335 seconds for alert Alert2769572. Group alerts with same t_node tag from *Source*
My setup is as follows:
-An event rule to extract the tag and add a t_node tag to events
-A Cluster definition that checks if the source is the one I'm looking for
See below config
I also have a case open with SN tracking this issue. Are you also using tag based correlation? Are you also experiencing problems?
