Hello colleagues,
I have a question regarding the Group type on alerts. We have out of the box aggregation enabled in our instance so we aggregate alerts in CMDB or Automated groups. I know that Automated groups are created based on CI and metric name and CMDB are based on relationship of CIs in CMDB. There is also hierarchy for Group types where Automated group type is higher than CMDB.
What I would like to find out why the group type is sometimes changed from Automated to CMDB? Is it because the alerts with same CI and metric name are aggregated and then new alert with same CI is received but has different metric name, so the group is changed? Or there is some another reason?
Also, there are Work notes on aggregated (correlated) alerts created by system that inform about on which base the alerts were grouped, which alert in group was set as primary for group and also, the group was changed from Automated to CMDB. Could you please advise where these work notes are coming from? I was looking for all the studio and have not found any rule or script that would contain this sentence.
Thank you in advance for your advices,
Martin
