- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-21-2023 11:29 PM - edited 06-22-2023 07:39 AM
In Event Management,
Event E1 - 7.00(Time of event)---> Alert A1 is generated---> Incident INC1 is created
Event E2(same event with different message key) - 7.02-----> Alert A2 is generated(secondary alert, since pattern matches which is defined in automated alert correlation) ------> No incident created
Since A1 and A2 are grouped based on automated alert correlation, Virtual alert is generated as primary alert and incident INC2 is created
Now INC2 will become duplicate incident of INC1, Then what is the purpose of grouping? Is this how it actually works?
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-22-2023 08:14 PM
Now INC2 will become duplicate incident of INC1, Then what is the purpose of grouping? Is this how it actually works?---> This is how it actually works. Same behavior also in case of CMDB based alert grouping.
Imagine for ur case instead of 2 50 event arrived and alert genertaed-- If it matches the pattern then Automated Grouping will happen and 1 Primary Incident will be Created corresponding to Primary Alert and rest attached you know.
Regards
RP
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-22-2023 08:14 PM
Now INC2 will become duplicate incident of INC1, Then what is the purpose of grouping? Is this how it actually works?---> This is how it actually works. Same behavior also in case of CMDB based alert grouping.
Imagine for ur case instead of 2 50 event arrived and alert genertaed-- If it matches the pattern then Automated Grouping will happen and 1 Primary Incident will be Created corresponding to Primary Alert and rest attached you know.
Regards
RP
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-23-2023 12:46 AM
Thank you @Rahul Priyadars
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-28-2023 06:06 AM
Hi All,
I've a question in relation to this topic. Excuse-mu if a reuse the thread but I just need a clarification:
When you say " INC2 will become duplicate incident of INC1", is it meant that an automated process will mark INC2 as a duplicate of INC1 or do they remain independent and the relation have to be created manually?
Thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-31-2023 03:01 AM - edited 07-31-2023 03:03 AM
@Amar_Be Two tickets INC1 and INC2 will be raised for the same issue so that's why I've mentioned as duplicate incident.
INC2 is a virtual alert created incident and it is created automatically with the same information as INC1.
