Event not associated with Alert (random)

a_soto87
Tera Contributor

‎12-12-2023 06:33 AM

So - I'm seeing that some Closing Events will not related to an Alert despite there being an alert created for New Events. When I go to reprocess the Event often times I find that the alert is already closed, because another New/Closing set of events came in with the same Message Key (this is expected behavior, but I wonder if the reason it reprocesses the earlier Closing Event and does not associated it with the Alert is because the alert is now closed?

 

Is the 'Process' behavior based on when the process is kicked off and then evaluating the time of event vs initial event time on the alert to determine if it should be linked? I'm not understanding why this is occurring.

 

Here's the example in detail:

Event (New) - ToE is 12/09 08:01:11

Alert - Created on 12/09 08:01:19

Event (Closing) - ToE 10:42:12

Not related to alert so the alert remains Open

End user works Incident, resolved alert, alert confirms via API that alert has cleared in our monitoring system thereby allowing closure of Alert.


I find out that this happened so I just, moments ago, set the event to Ready, to reprocess, and it processes but it still won't related to the Alert.

 

Appreciate the help!

0 Helpfuls
  • 422 Views
2 REPLIES 2

AJ-TechTrek
Giga Sage
Giga Sage

‎12-12-2023 06:51 AM

@a_soto87 ,

 

Hi,

 

You should check the Event Management properties for that, Also if message key if different or your Event Properties say open a new alerts if old alert is closed then this will happen.

 

Please check the configuration once again.

 

Please mark as helpful or accept solution if this resolve your issue

 

 

Thanks

Ajay

0 Helpfuls

a_soto87
Tera Contributor
In response to AJ-TechTrek

‎12-12-2023 06:54 AM

Thanks for the response. No such property to affect that, the message key is the same, and it would never create a new alert, even if that property was turned on, because it's a closing event.

0 Helpfuls