DEX alert grouping

  • Release version: Australia
  • Updated March 12, 2026
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of DEX Alert Grouping

    DEX alert grouping consolidates multiple alerts triggered by the same metric rule into a single alert group, streamlining management and enhancing response efficiency. This mechanism allows for quicker issue resolution by reducing the number of individual alerts users need to manage.

    Show full answer Show less

    Key Features

    • Alert Consolidation: Alerts are grouped based on the same metric rule, showing a total count of secondary alerts next to the primary alert.
    • Event and Alert Classification: DEX events are classified in the Events table and alerts are recorded in the Alerts table, with specific fields indicating their source and metric type.
    • Alert Correlation Rules: Governed by the DEX Metric Correlation Rule, which specifies when alerts should be grouped.
    • Time-Based Grouping: Alerts can be grouped based on predefined time intervals, minimizing disruptions for responders and lowering resolution times.

    Key Outcomes

    When alerts are grouped, users benefit from a clearer overview of system events, leading to faster identification and resolution of issues. Proper configuration of grouping rules and time intervals can significantly enhance operational efficiency and response times.

    When several alerts are triggered from events governed by the same metric rule in DEX, the alert grouping mechanism automatically consolidates them. This mechanism reduces the need for users to manage individual alerts, streamline their response process, and enable faster issue resolution.

    When alerts are grouped, you see the total count of secondary alerts grouped next to the primary alert number.

    DEX events and alerts representation

    In the Events table [em_event], any event with the Source field value as DEX is classified as a DEX event. For DEX, the Type field displays DEX Metric Rules as DEX alerts are generated based on DEX metric rules. When for any event, the State of the event is Processed, an alert is generated and saved in the Alerts table [em_alert].

    In the Alerts table [em_alert], select any alert to access its details. An alert that is created from a DEX event, displays the Source field value as DEX. The Metric name field value appears as either DEX App Metric or DEX Device Metric. For an alert, the Metric name field value is DEX Device Metric. The Configuration item field shows the name of the corresponding application or device. For the alert whose corresponding Group field shows Rules-based, are the DEX alert groups.

    Rule for alert correlation

    In All > Event Management > Rules > Alert Correlation Rules, the DEX Metric Correlation Rule determines when alerts must be grouped and provides necessary details.
    Note:
    For one application and one metric rule, there’s only one alert in DEX. DEX creates alert groups when the metric rule is the same, regardless of whether the configuration items are the same or different. When the problem is resolved, closing the primary alert also closes the secondary alerts within the same group.

    Time-based alert grouping

    Time-based alert grouping automatically groups alerts according to predefined time intervals, which is advantageous for services generating numerous alerts. Consolidated alerts result in fewer disruptions for responders and contribute to shorter resolution times.

    In the System Properties table [sys_properties], the property sn_dex.alert.correlation_rule.device.period defines the time period in seconds for grouping and correlating similar metric rule-based DEX alerts. In the Value field, you can enter the desired time duration in seconds. For example, to set a 5-minute gap between alert groupings, enter 300. Entering 0 disables the rule.

    Let's consider an example: Alert A1 is generated for rule R1 from device D1. After two minutes, alerts A2 and A3 are generated for the same rule R1, but from devices D2 and D3 respectively. With A1 being the first alert, it's designated as the primary alert, and A2 and A3 are grouped as secondary alerts under A1.

    Now, suppose you have set the time duration to 300 seconds (5 minutes). If no alerts for rule R1 are generated within five minutes, and then after this period, alerts A4, A5, and A6 are generated for the same rule, a new group is formed. Alert A4 becomes the primary alert, and A5 and A6 are grouped under A4.

    However, if any alert is generated for rule R1 within five minutes, it's considered as a secondary alert to A1 and grouped accordingly.