I've been wondering if there are any documents/write-ups regarding "Acknowledge" button as the trigger condition to execute the alert action. But, as far as I know, there's no straight forward method. If there are any, please do let me know as I'm about to share to you guys my work around. Just to give some idea, we will be doing a '2-step alert.' The 1st alert contains the 'Alert Condition' and once "Acknowledged", the 2nd alert would be triggered and will be the one to execute the Alert Action. The 2nd Alert would be automatically removed to the Active Alerts windows so user don't have to do anything, since the reset condition is to automatically reset after 15 seconds.
Here are the steps:
1. Create the 1st Alert.
The first alert would contain the 'Trigger Condition' (Ex: Node is Down etc.). User may or may not define trigger action for this alert. User may also leave the 'Reset Condition' to be just 'if the condition is no longer true (default).'
Basically, this alert would do nothing once the trigger condition is met. It would just be displayed in active alerts window. Furthermore, we will just be using this alert to trigger the 2nd alert.
2. Create the 2nd Alert.
This is where the trick lies. The trigger condition in this alert would be:
2.1 I want to Alert on: Audit Event
2.2 Audit Event > Action Type > 'Alert Acknowledged' AND
2.2 Audit Event > Alert Name > Contains > Insert the "alert name"
----> You have to carefully name the alert/s that would be created. Since the "alert name" would be the trigger condition, make sure it doesn't have any duplicate alert that has the same name. User may add additional triggering condition for the 2nd alert such as: using unique alert variable, alert message etc to further define the triggering condition and make it more unique.
3. Define 'Reset Condition' for the 2nd Alert
Reset Condition = Automatically reset after (15) seconds. You can input any time you want.
4. Define 'Trigger Action' for the 2nd Alert
Here, I decided to use the GET/POST HTTP alert action since we will integrating with 3rd party ticketing tool (Request Tracker). You may select whichever alert would satisfy your requirement.
5. Define 'Reset Condition' for the 2nd Alert
Just skip this part since this alert would be automatically be removed in Active Alerts windows after (15) seconds.
As such, once the 1st alert is 'acknowledged', 2nd alert would be triggered, displayed in alert action window, and execute the GET/POST HTTP or whatever alert action you configured. 2nd alert would be automatically removed in Active alerts window and would just be used to execute the alert action you want the 1st action to have.
1st Alert is in Active Alerts windows and Acknowledged.
2nd Alert would execute the alert action you want for the 1st alert to have and would be removed after certain period of time you defined
This document's goal is to give user an idea and it is up to him/her to explore and try other condition that would satisfy his/her requirement.
Hope this helps.