Alert correlation rules with regex expression

Madhan27
Mega Guru

‎07-08-2025 01:39 PM

HI Community,

 

I would appreciate your guidance in the Event Management space. Where I need to create a alert correlation rule, When the message key is passing the information in the event rule as an regex expression like "{Event Message Key}{Node}{Type}{Time}" as the message key. 

Note: Event message key can come from any of these values
(ex: 

  1. DataProc 
  2. Vertex AI 
  3. Networking 

I am confused how we need to set the condition for the rule if the message key is ????

 

Madhan27_0-1752005208674.png

 

 

TIA

#eventmanagement #alertcorrelation #alertgrouping

Labels:
0 Helpfuls
  • 323 Views
2 REPLIES 2

Jeff K1
Kilo Guru

‎07-09-2025 05:53 AM

My apologies, I'm not quite understanding your use case.

What I think I understand so far:

You use RegEx at the Event Rule level to create the Message Key.

What are you attempting to do with it at the Alert Management Rule level?

Generally, the Message Key is used to filter out duplication of events so that only a single Alert is created even if multiple events with the exact same message key are created. That is all done internally. Any filtering I usually do at the Alert Management Rule level is on other fields.

Maybe if I could understand your exact use case better, I might be able to assist a bit more.

Thanks!

0 Helpfuls

Madhan27
Mega Guru
In response to Jeff K1

‎07-09-2025 06:34 AM

Thank you, there's a change in the requirment. I dont see any option to delete this post. Do you have any idea where to do so?

0 Helpfuls