Rule-based Alert Correlation groups should not ungroup when Primary Alert is closed

bs-noahkang
Tera Contributor

‎09-28-2023 12:43 PM - edited ‎09-28-2023 12:46 PM

Hi all,

 

Currently I am working on creating my own Alert Correlation rules to manage alerts on our systems, and I've been running into an issue where after creating a group of Alerts that are grouped together via a rule, they unlink/ungroup themselves after the Primary Alert is closed.

After messing around with CMDB/Automated OOB grouping, I've also noticed that the Group Alerts that were generated from the OOB scripts don't unlink when the primary alert is closed. I'm not certain if I'm missing a script that's required to keep the Alerts grouped together despite a state change to "Closed."

Attached are images (with redacted test information) showing how the Alerts are grouping together correctly when open, but ungrouping when closed.

Something to also note: These items are all linked together via CMDB L1/L2 relationships (these are all L2 CIs that connect/share a L1 relationship)

Please let me know if I may be missing something or if I need to edit an out-of-the-box script somewhere.

All the best,
Noah


Rule-based Correlation Example:

test data + grouping.png

 

Ungrouping when closed:

test data + grouping 2.PNG

Preview file
36 KB
Preview file
40 KB
0 Helpfuls
  • 499 Views
1 REPLY 1

JosephSan
Tera Expert

‎12-11-2024 07:17 AM

Hi Noah,

I have exactly the same problem. Have you found a solution since your last post?

Have a good day.

Joseph

0 Helpfuls