Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Understanding and Utilizing Opsgenie's Alert Activity Logs

In the realm of Opsgenie, the Alert Activity Log serves as a comprehensive record, detailing every event associated with a specific alert. This log is instrumental in tracing the alert's journey, from its inception to its final routing. Here's a detailed breakdown of the information contained within these logs and how to interpret them for effective incident management.

Components of the Alert Activity Log

The Alert Activity Log encapsulates:

  • Notifications dispatched, including the recipient and timestamp.
  • Notifications that were suppressed, accompanied by the reasons for suppression.
  • The integration responsible for generating the alert, along with the specific action invoked.
  • Designated teams to which the alert was directed.
  • Global and team-specific policies that were applied.
  • Employed routing rules.
  • Invoked escalations.

Tracing the Alert's Pathway

The Activity Log is invaluable for retracing the alert's trajectory, encompassing every team, escalation, routing rule, and policy that played a role in its routing. This is particularly beneficial when:

  • An anticipated escalation, policy, or routing rule isn't applied. The log can help pinpoint discrepancies, such as a misconfigured policy altering the alert's responder field, leading to unexpected routing.
  • Alerts seem to have inappropriate responders. It's advisable to scrutinize the policies to ensure no extraneous responders are being appended or omitted. A frequent oversight involves the removal of the {{responders}} dynamic field, which eliminates all responders associated with the alert.
  • A team routing rule directs an alert straight to a schedule, bypassing any set escalations. In such cases, the log might display:
    Added as recipient due to team[support team via routing rule (Default Routing Rule)] >> sch[support team_schedule].

It's imperative to recognize that escalations are invoked only when explicitly referenced by a routing rule. When an escalation is activated, the log will manifest as:

Added as recipient due to team[support team via routing rule (Default Routing Rule)] >> esc[support team_escalation] >> sch[support team_schedule].

Efficiently Navigating the Activity Log

To swiftly locate specific events within the log, utilize the search functionality (CTRL + F) with the following keywords:

  • Escalations: “esc”
  • Schedules: “sch”
  • Policies: “policy/policies”
  • Routing Rules: “routing rule”

Troubleshooting with the Activity Log

The Activity Log is the primary resource when notifications appear misdirected. Here are some diagnostic phrases and their implications:

Scenario: A user wasn't alerted.

Search Phrases and Resolutions:

  • “is disabled”: Indicates a disabled notification method, escalation, or schedule.
    • Resolution: Enable the pertinent notification method or schedule.
  • “user has no active rules”: The targeted user lacks active notification rules.
    • Resolution: Implement or activate notification rules for the user.
  • “No on-call user exists”: The routed schedule lacks active users.
    • Resolution: Incorporate users to the specified schedule.
  • “does not target anyone”: The routing rule is set to "No One".
    • Resolution: Modify the routing rule to target a user or escalation.
  • “Skipped notifying. User has seen this alert”: Notifications cease once a user views an alert.
    • Resolution: Engage with alerts requiring immediate action.

Scenario: Team-based alert policies weren't applied.

Search Phrases and Resolutions:

  • “doesn't have an owner team”: The alert lacks an owner team, preventing team-based policy application.
    • Resolution: Assign the integration to a team or include a team in the {{responder}} field within the integration settings.

Conclusion

Opsgenie's Alert Activity Log is an indispensable tool, offering a granular view of alert interactions. By understanding and effectively navigating this log, teams can ensure efficient and accurate incident management, optimizing their response strategies.

 

In order to ensure that we continue to provide useful content, please let us know if this Article is helpful (Thumbs Up/Down). Also, to help us improve, feel free to provide additional feedback (directly in the community).

0 comments

Comment

Log in or Sign up to comment
TAGS
AUG Leaders

Atlassian Community Events