Event Management - Alert correlation and management rules execution order

ENo · 3 weeks ago

We have a requirement to not generate incidents for some alerts based on CI relationships and existing alerts. To do this we have tried to use a combination of Alert Correlation Rules and Alert Management Rules (basically do not generate incident if alert is correlated (secondary)). But this does not work and it seems that the problem is that the Alert Correlation Rule we have created is executed AFTER the Alert Management Rule. According to this post it should be the opposite:
Event Management : Leverage Alert Correlation and Grouping for Noise Reduction

Is there a way to change the order of execution for these rule types or is there another way to solve our requirement?

ENo · 2 weeks ago

We have found the cause of our problem. Our correlation rule was not working as expected and since we had CMDB correlation enabled, this mislead us to believe that it was working. The CMDB correlation rule seems to run periodically in background and will therefore be run after the alert management rule. Testing further with a correct correlation rule indicates that the order of execution is as stated in this post:

Event Management : Leverage Alert Correlation and Grouping for Noise Reduction