This section explains on how to create alert endpoints so that alerts can be ingested from source to target system. It also allows to define Correlation and Suppression policies on alerts.
Click on Alerts tab on Project Configuration page.
Select ‘Alert Endpoint’ tab. Click on ‘+’ to create new endpoints.
Select ‘Target’ and enter Name, Description
Select Event Type (ex: Splunk Alerts, Solarwinds Alerts, vROps Alerts, etc).
Select Endpoint Type (ex: REST, MACAW Notification, CSV Data, Webhook, Email, etc)
A sample screen as displayed below.
Click on ‘+’ to add the source alert endpoint.
Enter Name, Description, select Event Type and Endpoint Type. Click on Save.
From the Alert Endpoints home page, on the context menu of the endpoint, click Enable.
Click on ‘Alert Mapping’ tab.
click ‘+’ to select both source and target alert endpoints and chose if this mapping needs to be enabled or not
The following figure shows some of the alert mappings done in a demo environment.
A Correlation policy allows to group similar alerts, for example, grouped by environment, alert type, source system, IP address, etc.
There are two types of Correlation policies - Correlate Burst and Correlate Group.
How to create a correlation policy?
Navigation: Project Configuration -> Alerts -> Correlation Policies Click on ‘+’ to create new correlation policy
select either ‘Correlate Burst’ or ‘Correlate Group’.
Enter correlation group severity, Groupby and other details.
A sample input screen for correlation policy is as given below.
How to create a Suppression policy?
Navigation: Project Configuration-> Alerts-> Suppression Policies
Suppression policies help to suppress unnecessary alert noise raised for example during a maintenance window, etc. There are two types of policies - Suppress, Suppress Flapping Alerts. Click on ‘+’ to create a suppression policy.
Enter Name, Description, when the suppress needs to be automatically cleared, does it require repeated run, etc.
A Sample suppression policy is as shown below.