• Enable CMDB correlation (sa_analytics.agg.query_cmdb_correlation_enabled).
• Enable Network Traffic correlation (sa_analytics.agg.query_network_traffic_correlation_enabled).
• Enable ML based Automation correlation (sa_analytics.specific_patterns_enabled).
• Enable Text based correlation (sa_analytics.text_based_group_enabled).
• “Group by” property, with comma-separated list of field names that need to have matching values across alerts to allow alerts to be grouped together. The property can contain alert field names (such as assignment_group), CI field names (such as alert_cmdb_ci.location), alert additional info field names (such as additional_info.state) or alert tags (such as t_data_center). When the specified field values match each other between alerts, those alerts can be grouped together (sa_analytics.agg.group_alert_with_same_group_by_fields).
• Max number of relations between CIs in a topology which form a CMDB group (sa_analytics.agg.query_cmdb_graph_walk_nodes).
• Use all CMDB relations for CMDB group correlation (evt_mgmt.related_cis_get_all_relation_types).

To group alerts without a CI as Text-based or ML based groups, set sa_analytics.enable_no_ci_grouping to true. Ensure the Feature Identifier includes both the node and metric name. For details on configuring the feature identifier, see Specify and manage pattern identifier attributes for alert grouping.

By default, a work note appears in the Activities tab when a group is created or updated, showing the grouping reason.