Alert Clustering tag and alert clustering tag definition

Vaibhav_241 · ‎09-03-2024

Hi,

In event management I want to know when we create alert clustering tag or tag definition is there any way we can define which alert will be primary alert and secondary??
and other query is after creating any tag definition there is alert correlation rule automatically generated based on that tag definition, i tried to give relationship as same node and same ci in list view but it is not working and i did not found any relationship field in that automated generated alert correlation. Please help me if anyone know.

Thanks,

Vaibhav

Ryan Zulli · ‎09-04-2024

Although the TBAC uses the alert correlation rules (advanced scripts) we treat it as an automated correlation rule, and the primary alert will always be a virtual of the highest severity alert within that cluster. As for the relationships, you've seen the message at the top of the script ::

This alert correlation rule and its advanced mode script were created automatically by Tag Based Alert Clustering Engine.

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! ANY MANUAL MODIFICATION TO THIS SCRIPT MAY BE OVERRIDDEN !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

we do not suggest modifying these rules.

Vaibhav_241 · ‎09-04-2024

Hi Ryan, thanks for your answer

for that relationship part i found solution but as you told that, the primary alert will always be a virtual alert or the highest severity alert within that cluster, so there is no way that we can set primary and secondary alerts for TBAC.