Sign in to follow this  
Horace Cheung

Alert Triage (i.e. Grouping & Alert Reduction)

Recommended Posts

Hi,

Per discussion with Russ G. & Kenyon W. & Jake C. yesterday, I would like to submit this as a feature request to the DEV team and see whether there is any way to add this feature into future roadmap. In short, it'll be great if end user can configure multiple incident/alerts into 1 group and generate only 1 alert (with highest severity). Here is an example of Tomcat being shutdown which shows a number of alerts generated:

1. Tomcat shutdown ‘critical’ alert is generated (1 alert) 

2. ActiveMQ consumer count of specific queue alert has reached zero ‘Error’ alert (about 10-12 alerts for our case) 

In this case end user would like to be able to configure such that LM will consolidate all alerts into one critical alert (i.e. all AMQ 'Error' alerts are cleared)? I saw something like this in PagerDuty and must say it’s a great feature to have in LogicMonitor to reduce # of alerts being processed by the TechOps team: https://www.pagerduty.com/blog/alert-triage/

Thanks & Best Regards,

Horace

  • Upvote 2

Share this post


Link to post
Share on other sites

We have the same problem, and our workaround has been to develop our own dashboard (using the REST APIs) and implement alert de-duplication in our own presentation layer.

I think every LogicMonitor customer, if asked, would want this. It's a feature in most enterprise grade monitoring solutions.

I would like to be able to configure regular expressions for alert de-duplication rules.  These could be configured in Settings and applied to devices using the same Applies To approach as for data, event and config sources.  In the de-dupe rule ti should be possible to define the single new alert that will replace the de-duplicated alerts.

Edited by Mosh

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this