Creating and Updating Correlation Policies

Correlation policy management

Follow the below steps to view and manage the Alert correlation policies.

Correlate Burst policy:

Follow the below steps to create a 'Correlate Burst' policy.

Click on '+' buton to create a new Correlation policy and select the policy type as 'Correlate Burst'

As highlighted in the below screen, define the correlation burst policy settings appropriately.

Set correlated alert group’s minimum severity. (Note: Incident’s severity is set to highest severity, if one of the grouped alert’s severity is higher than policy’s severity)

Raise Count: Alert burst count (minimum)

Raise Rate (seconds): Rate of Alerts burst count within the defined time (seconds)

Group Expiry (minutes): Time window (for how long) to keep this policy active to group the burst of alerts

Auto clear after last update (minutes): Clear the Alert automatically after defined time (if there is ‘NO’ clear / recover message for the alert) (Note: when set to ‘0’, alert will be cleared automatically if there is a clear / recover message for the same)

As shown in the below screen, Limit the Correlation burst policy scope to specific alert source (Nagios, vROps etc..) or it’s attributes (Site / application name etc.. )

Group by 'Attributes' helps to correlate and group the alerts based on Alert attribute (one or more) selection.

Once the correlation policy is selected, make sure the policy's Enabled status is set to 'Yes'.

Correlate Group policy:

Follow the below steps to create a 'Correlate Group' policy.

Click on '+' buton to create a new Correlation policy and select the policy type as 'Correlate Group'

As highlighted in the below screen, define the correlation group policy settings appropriately.

Set correlated alert group’s minimum severity. (Note: Incident’s severity is set to highest severity, if one of the grouped alert’s severity is higher than policy’s severity)

Group Expiry (minutes): Time window (for how long) to keep this policy active to group the burst of alerts

Auto clear after last update (minutes): Clear the Alert automatically after defined time (if there is ‘NO’ clear / recover message for the alert) (Note: when set to ‘0’, alert will be cleared automatically if there is a clear / recover message for the same)

As shown in the below screen, Limit the Correlation burst policy scope to specific alert source (Nagios, vROps etc..) or it’s attributes (Site / application name etc.. )

Group by 'Attributes' helps to correlate and group the alerts based on Alert attribute (one or more) selection.

Click on 'Save' to create the correlation policy.

Once the correlation policy is selected, make sure the policy's Enabled status is set to 'Yes'.