Virutal Alert Creation - Event Management

dhanrajb
Tera Guru

‎07-12-2024 06:24 AM

Hello Everyone,

 

I have a problem in primary alerts (i.e., Virtual Alerts created by SNOW). I was working on Tag based alert clustering, I can see there are more than 1 primary alert is being created for a group of Secondary Alerts.

 

Lets say for an example,

i. An "alert1" is being created at 09:00:00, which will wait for 5 minutes to get grouped with another alert based on tag.

ii. Another "alert2" is coming in at 09:01:00, which got clustered with the "alert1".

iii. Now both alert1 and alert2 became secondary alerts. New primary alerts "alert3" & "alert4" is created within 1 second interval, but here only "alert3" have the details of secondary alerts but not alert4.

 

In this scenario, I believe there should be only one primary alert will be created for a group of secondary. I'm not sure where should I check for the Primary alert that is being created.

 

Please advice and Thanks in Advance.

 

Regards,

Dhanraj.

Labels:
  • 705 Views
4 REPLIES 4

AlexTripp
Tera Contributor

‎08-02-2024 07:30 AM

Happen to figure out what was wrong here? Noticed this is happening with 1 of my 3 tag based definitions and can't seem to track down the issue.

0 Helpfuls

dhanrajb
Tera Guru
In response to AlexTripp

‎08-06-2024 09:23 PM

Hi @AlexTripp ,

 

As far I drilled down, I found this is due to the random insertion of events into the instance. Because of the processing time of the event to alert. But still some logics in this issue are not related to this statement. Need to work with Snow HI Ticket.

0 Helpfuls

AlexTripp
Tera Contributor
In response to dhanrajb

‎08-07-2024 06:10 AM

Thanks for the update. Started a ticket with HI yesterday.

 

Mine issue might be a tiny bit different but parallelly related to yours. Basically, when getting a large amount of alerts all at the same time (20ish) that should all cluster into a single group, they are creating a varying amount of groups with different amount of secondaries. Again, should just be a single group based on criteria but not working that way.

 

Will try to update this thread when I get an answer.

0 Helpfuls

dhanrajb
Tera Guru
In response to AlexTripp

‎09-01-2024 11:47 PM

Hi @AlexTripp ,

 

Hope you are doing well. Any luck with HI Ticket? and I see another issue in Tag Clustering Engine. I have udpated the plugin and I don't see the clustering is happening. Are you facing this issue? I'm not sure, I am the only one going through this.

 

Posting this for awareness🙂.

 

Thanks,

Dhanraj.

0 Helpfuls