Grouping of Alerts based on CI,

Sravani36
Tera Expert

‎07-02-2023 08:14 PM

Hi,

 

The Alert Grouping in the Production instance only occurs based on the "Configuration Item Class". if the Alerts generated in 10 min (600)  are from the same "Configuration Item Class" they are grouped together. Now we want to group the Alerts considering the same "CI", "Feature Identifier" and "Configuration Item Class"  How do group them considering all this. 

Sravani36_0-1688354008183.png

Thank you

-Sravani C

 

0 Helpfuls
  • 1,205 Views
2 REPLIES 2

Rahul Priyadars
Giga Sage
Giga Sage

‎07-03-2023 12:44 AM

as of now i need to dig more 

But seems u need to write RULE Based Correlation script  as pattern based Learned Patterns may not help u much based on ur Use Case given.

 

Regards

RP

0 Helpfuls

Sravani36
Tera Expert
In response to Rahul Priyadars

‎07-04-2023 09:43 PM

Hi @Rahul Priyadars for grouping the alert in a certain time period there is a system property "sa_analytics.agg.query_dynamic_window"

if we increase the time to group 2 alerts then the first alert triggered will create an incident? because for now only virtual alert is triggering an incident when grouping is done for 2 alerts in 10min. If we extend the time to 60 min will it take time to create a virtual alert and the incident?

 

Thanks

Sravani C

0 Helpfuls