Synchronize alert response with grouping by ensuring alert management jobs runs after alert grouping jobs—this prevents duplicate actions like incident creation on secondary alerts.
始める前に
Role required: admin
このタスクについて
By default, the alert grouping job (Service Analytics group alerts using RCA/Alert Aggregation) and the alert management job (Event Management - Evaluate Scoped Alert Rules
Management0) run independently of each other. To synchronize the alert response with automated alert grouping (for example, to avoid creating an incident on a secondary alert), you must enable the property
evt_mgmt.avoid_int_enabledto ensure that the Alert Management job is executed after the Alert Grouping job is completed. This property is accessible from the Event Management Properties page (). In addition, you must configure the relevant alert management rule (for example, for incident creation), to filter out all secondary alerts.
注: If only one alert exists when the Alert Management job runs, an incident is created. When a second alert arrives later, the next Alert Grouping job forms a group, makes the new alert as secondary, and creates a new
incident.
手順
-
Navigate to .
-
If you want to avoid incidents on secondary alerts, select the Enable Avoid Incidents on Secondary alerts and wait for Grouping job to be executed check box.
-
Select Save.
-
To filter out secondary alerts, navigate to .
-
Select the relevant rule.
-
In the Alert Management Rule form, select the Alert Filter tab.
-
In the Condition area, select And.
-
Add a condition:
- Role in Group
- is not
- Secondary
-
Select Update.