how can I make the message key unique so that a new alert/incident is always raised from a certain event
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎11-14-2017 02:11 AM
How can I make the message key unique so that a new alert/incident is always raised from a certain event?
Generally we use the default behavior so that related events are linked to a single Alert via the Message Key however we have a new requirement for a certain type of event that we need to configure to always raise a new alert/ incident, even if 2 seemingly identical events are received in close succession whilst the first is still being managed. What is the easiest way of making sure the Message Key is always unique so that a new alert is raised, even though there is nothing obvious to distinguish the events. Should I use a date/time stamp?
- Labels:
-
Event Management
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎11-14-2017 03:24 AM
Anna
In Event Management->Settings->Properties there is a property "Minimum time in seconds before updating an alert for identical events" with default value as 86400
Probably you could try making it as 0
I haven't tried this.
If it is Ok, please try this and let me know, if it worked.
Thank you
Ram
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎11-14-2017 03:49 AM
Along with this, please set value for the property "Closing alerts will:" to "Do nothing"
With this combination, what I expect to happen is that, for each event an alert should be created and its status to be updated to closed immediately.
But incidents created for each event (and in turn each alert) will not be closed automatically.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎11-14-2017 03:58 AM
Hi Ram
Thank you for your reply but my concern is that these are global system properties and I only want one particular event to always raise a new Alert/ incident, however we have many other events that need to follow normal correlation rules. I think I need to devise a means to make the message key unique each time so that they are always seen as unique events. The events in question are sent on email and I have an Inbound Action to convert these to events so what I am looking for is the best way to configure this inbound action so that it will always assign a unique message key to these events. That way I do not need to change system properties and impact how other events are processed.
Regards
Anna
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎11-14-2017 07:17 AM
Hi Anna
Understand your requirement better now.
Your idea of setting the message key to date time stamp, while creating the event, sounds like the best option.
If you find a better option, please let me know.
Thank you,
Ram
