Hold/Wait time for the Alert creation
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-28-2022 12:37 AM
Hi,
I have scenario,
" Hold the alert creation for Type=x for 600 seconds, if another event comes within 600 seconds (10 minutes) the timer should restarts."
Please guide me how to achieve this.
Thanks,
Guru
- Labels:
-
Event Management
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-11-2022 05:14 AM
Thanks Rahul for your response, yes I did and working fine.
Missed to update here after changes.
Thanks,
Guru
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-24-2023 08:50 AM
I am implementing this as well but mainly with event/alert rules and some subflows. Here's my current methodology:
- Event rule captures original info, sets 'Monitor' flag and Alert Severity to "Warning".
- Alert rule conditions look for 'Monitor' flag, 'State' = "Open" (no clear received yet), and 'Created' before 10 minutes ago - when a monitored alert is found to be open and older than 10 minutes, run subflow that restores original 'Severity'.
- Other Alert rules then react to the Alert now that 'Severity' has been raised - this lets the handling of the escalated Alert be done on an individual basis per Alert type if desired.
I think this creates some consistency and keeps maintenance at the rule/low-code level without needing any custom fields. I'm still working and testing this, but let me know if you'd like to see the final product or have any questions.
