Ops Intelligence Asset Intelligence Observability Robotic Data

Alerts

Last updated 4 years ago

Alerts

This section explains on how to create alert endpoints so that alerts can be ingested from source to target system. It also allows to define Correlation and Suppression policies on alerts.

Click on Alerts tab on Project Configuration page.

Alert Endpoint (Target)

Select ‘Alert Endpoint’ tab. Click on ‘+’ to create new endpoints.
Select ‘Target’ and enter Name, Description
Select Event Type (ex: Splunk Alerts, Solarwinds Alerts, vROps Alerts, etc).
Select Endpoint Type (ex: REST, MACAW Notification, CSV Data, Webhook, Email, etc)
Click Save.

A sample screen as displayed below.

Alert Endpoint (Source)

Click on ‘+’ to add the source alert endpoint.
Enter Name, Description, select Event Type and Endpoint Type. Click on Save.
From the Alert Endpoints home page, on the context menu of the endpoint, click Enable.

Alert Mappings

Click on ‘Alert Mapping’ tab.
click ‘+’ to select both source and target alert endpoints and chose if this mapping needs to be enabled or not
The following figure shows some of the alert mappings done in a demo environment.

Correlation Policies

A Correlation policy allows to group similar alerts, for example, grouped by environment, alert type, source system, IP address, etc.

There are two types of Correlation policies - Correlate Burst and Correlate Group.

How to create a correlation policy?

Navigation: Project Configuration -> Alerts -> Correlation Policies Click on ‘+’ to create new correlation policy

select either ‘Correlate Burst’ or ‘Correlate Group’.
Enter correlation group severity, Groupby and other details.

A sample input screen for correlation policy is as given below.

How to create a Suppression policy?

Navigation: Project Configuration-> Alerts-> Suppression Policies

Suppression policies help to suppress unnecessary alert noise raised for example during a maintenance window, etc. There are two types of policies - Suppress, Suppress Flapping Alerts. Click on ‘+’ to create a suppression policy.

Enter Name, Description, when the suppress needs to be automatically cleared, does it require repeated run, etc.
A Sample suppression policy is as shown below.

PreviousIncidents NextMessages

Last updated 4 years ago

Alerts

This section explains on how to create alert endpoints so that alerts can be ingested from source to target system. It also allows to define Correlation and Suppression policies on alerts.

Click on Alerts tab on Project Configuration page.

Alert Endpoint (Target)

Select ‘Alert Endpoint’ tab. Click on ‘+’ to create new endpoints.
Select ‘Target’ and enter Name, Description
Select Event Type (ex: Splunk Alerts, Solarwinds Alerts, vROps Alerts, etc).
Select Endpoint Type (ex: REST, MACAW Notification, CSV Data, Webhook, Email, etc)
Click Save.

A sample screen as displayed below.

Alert Endpoint (Source)

Click on ‘+’ to add the source alert endpoint.
Enter Name, Description, select Event Type and Endpoint Type. Click on Save.
From the Alert Endpoints home page, on the context menu of the endpoint, click Enable.

Alert Mappings

Click on ‘Alert Mapping’ tab.
click ‘+’ to select both source and target alert endpoints and chose if this mapping needs to be enabled or not
The following figure shows some of the alert mappings done in a demo environment.

Correlation Policies

A Correlation policy allows to group similar alerts, for example, grouped by environment, alert type, source system, IP address, etc.

There are two types of Correlation policies - Correlate Burst and Correlate Group.

How to create a correlation policy?

Navigation: Project Configuration -> Alerts -> Correlation Policies Click on ‘+’ to create new correlation policy

select either ‘Correlate Burst’ or ‘Correlate Group’.
Enter correlation group severity, Groupby and other details.

A sample input screen for correlation policy is as given below.

How to create a Suppression policy?

Navigation: Project Configuration-> Alerts-> Suppression Policies

Enter Name, Description, when the suppress needs to be automatically cleared, does it require repeated run, etc.
A Sample suppression policy is as shown below.