I am currently attempting to set-up an ITOM demo to demonstrate the ability to group alerts based on simple criteria.
To demonstrate this I will be having events indicating that a "Timmy" has fallen into a well. The idea being that I want to group these alerts for a shared resource (The node)
I have set-up an Alert Clustering Definition with the following configuration:
Filter = Type is "sim-tool-well-alarm"
Custom Description = "Multiple timmies have fallen in the well!"
Clustering timeframe = 10 minutes
Alert Clustering Tag = Exact match on Alert field "node"
The output of this is not quite what I expected, as I am ending up with multiple alert group alerts, some of which have no child alerts.
The outcome I am trying to achieve is a single alert group indicating that multiple timmies have fallen into the well. Is Alert Clustering the appropriate place to do this? If so, can I prevent this alert group duplication?
Thanks,
Duncan.
