Alert correlation - Primary and secondary Alerts

aarthyp · ‎03-09-2020

Have 3 queries - PLEASE HELP !!

1. We have created Alert correlation rule for classifying Primary and secondary alerts.But in our case, Both Primary and Secondary alerts are fetched from the monitoring tool at the same time. So even before incident is created for primary alert, secondary Alert is created and hence correlation is not happening. Please advice.
2. The group field which classifies the alert as Primary and Secondary is getting cleared once the alert is closed. Because of this we are unable to pull report on incident count reduction due to correlation.
3. The incident raised out of Event management is auto closed when it not updated by an event for past 24 hours.Is there any way to stop the incidents from auto closing. - please advice.

Ashutosh Munot1 · ‎03-10-2020

Hi,

I can try to help at some extent:

1) For the same node or CI?

2) Can you show which field, Because as far as i know we use parent field for this.

3) There are schedule jobs in system which auto closes the alert and hence incident not update for specific time. Event Management - auto close alerts

Thanks,
Ashutosh

aarthyp · ‎03-11-2020

Hi Ashutosh,

Thanks for your reply!!

1. Different Node. We have given No relationship.

2. I mean to say the rule based group gets cleared as soon as the Alerts are closed as shown below.

3. Yes. Can we do modification to this auto closing Alerts like modifying closure comments?