Email Alert Summarization For Like Events

Looking for a way to include or group multiple events for common nodes and interfaces into one email. For example, an interface goes down on switchXX, SW holds the alert for a defined amount of time (say 300 sec) and awaits additional, related events before sending. This email shows a list of all of these matching events instead of sending an email for each.

Another application we use for different systems has this function and it reduces the volume of emails into the NOC queue. Bonus, if the event clears and does not reoccur in the same time period, the alert is never sent.

I cannot find a way to group events like this. Is it possible? I've seen another suggestion to schedule an hourly job to email any active alerts - doesn't really accomplish the goal. The root of the issue is one of the alert recipients is a ticketing desk, which raises an incident for every email.

Thanks

Find more posts tagged with

Alerts

Accepted answers

All comments

m_roberts

Hi,

I believe you are going to be best to utilise the 'delay' condition parameter and the enhanced Complex Alert options to achieve this goal. The complex alert feature in the Trigger condition tab will allow you to define a completely new trigger condition, which will come in to play after the first condition generates a match.

The following resources will help:

support.solarwinds.com/.../Create-complex-alert-conditions

Complex Conditions

https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-building-complex-conditions-sw971.htm

https://documentation.solarwinds.com/en/success_center/orionplatform/content/onboarding/advance_alerts/core-ob_alerts_multielement_triggers.htm

Good luck and hope this helps.