Specify and manage pattern identifier attributes for alert grouping
The Alert Aggregation Learner analyzes alerts and identifies patterns using a defined set of alert and configuration item (CI) attributes. By configuring these attributes as pattern identifiers, you can control which characteristics are used to group alerts. This customization creates meaningful alert groups, improving alert management and response times by reducing noise and enabling focus on critical issues.
시작하기 전에
Role required: evt_mgmt_admin
프로시저
-
Select the Unlock Feature Identifier Attributes icon (
) and move attributes from the Available list to the Selected list.
주:Properties from CMDB CI via dot-walking are not populated.The Configuration Item attribute is automatically considered as an identifier and should not be added explicitly to the Feature Identifier Attributes section. The pattern is defined as a combination of the configuration item and your selected feature identifier attributes.
-
Selecting the Lock Feature Identifier Attributes icon (
).
다음에 수행할 작업
- Ensure a corresponding event rule exists: Verify that there is an event rule set up to assign or populate the newly defined pattern identifier attributes to the incoming alerts. Event rules define how attributes are assigned to alerts based on certain conditions.
- Run the Service Analytics Attribute Populator for Historical Alerts job: After the new event rule is in place, this job is used to retroactively populate the pattern identifier attributes for existing alerts that were created before the new attributes were defined. It ensures that even past alerts (historical alerts) have the necessary attributes filled in for grouping them properly.