How to prevent child alerts from generating incidents (alert aggregation)

Mp1999 · ‎06-27-2024

Hello everyone,

I would like to know if there is a way, through business rules or any other method, to create incidents only for the parent alert and not for the child alerts that are generated. I am attaching an image. Thanks in advance

Pratiksha · ‎06-27-2024

Check the trigger condition for this. It should work.

Please accept the answers and mark them helpful 🙂

View solution in original post

Pratiksha · ‎06-27-2024

alert management rule - > trigger condition should check if the parent field is empty on the alert. Also, you can make sure that incident is getting created only for primary alerts.

Mp1999 · ‎06-27-2024

Hi @Pratiksha ,

My filters are set up like this, but I still see alerts that are part of a group, such as the secondary group, continue to generate incidents:

Pratiksha · ‎06-27-2024

Group should be primary or empty.

Also, OOB their is an alert management rule for primary alerts. Check it out in your PDI

Mp1999 · ‎06-27-2024

Thank you very much, @Pratiksha I have achieved my goal, but I still have one question: regarding alerts that have the group CMDB, how do these alerts behave and why do they never trigger incidents? Thank you very much in advance!