Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Add new note to alert on deduplication

Cameron McAuley
Cameron McAuley
Contributor
November 7, 2024

The idea of duduplication is great when it comes to reducing alert fatigue.

But in practice there is a possiblity of essential information being missed as on duduplication, the alert's message/description does not change.

In the following question, the answer mentioned that a note could be created on a deduplication event, detailing any new information:

https://community.atlassian.com/t5/Opsgenie-questions/Can-I-update-alert-field-message-with-latest-deduplicated-alert/qaq-p/1712754

However, I have not found any information on how this would actually be set up in the settings of a given integration. (for example Sumo Logic.)

This is our current flow which I dont think will work:

 

CREATE ALERT

Rule: If action equals create and alias equals terminated_instance, create alert with P2 priority

CLOSE ALERT

Rule: If action equals recover then close alert

ADD NOTE TO ALERT

Rule if action equals create and alias equals terminated_instance, create note

The reason it wont work is that it will always go into 'Create Alert' logically, if action equals create and alias equals terminated instance. So it will never reach the 'Add Note' logic. Am I right?

Can anyone give some guidance?

Answer
Watch
Like Be the first to like this
158 views

1 answer

1 vote
Cameron McAuley
Cameron McAuley
Contributor
November 7, 2024

Ok so the problem is the action field.It needs to be unique or else it wont go to the note logic.

But it can't be unique as all payloads coming from sumologic will have 'create'.

And even if it was unique and a note is added, that means that the Alert count will not increase as this time it doesn't enter the 'Create Alert' logic...

View More Comments
Wei Wung
Wei Wung
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
November 9, 2024

Hi @Cameron McAuley 

Thank you for reaching out!  It is the deduplication process (as you correctly pointed out, the Create Alert rule) that you would use to update the Note field when the alert is deduplicated.  How this is done is actually very simple.

For example, if you need the alert message and description to be added as a new entry in the Note field each time there is a deduplication, you would do the following:

  1. Edit the Create Alert rule of the integration in question
  2. Copy the configurations from the Message field and the Description field and paste them into the Note field and save the Create Alert rule.
  3. Shown below is an example screenshot for the Create Alert rule of the Sumo Logic integration:
    2024-11-08_15-55-04.png

What this will do is that each time the Create Alert rule is triggered, all the information that is parsed for the Message and Description fields will get added to the Note field.  This will happen during alert creation as well as alert deduplication. 

As for notifications, no "Add Note" notification will be sent out since the Note is added by the Create Alert rule as part of the deduplication process due to an Open alert having the same alias value. 

Hope the above answers your question.

Best Regards,

~Wei

Wei Wung
Like Steffen Opel _Utoolity_ likes this
Cameron McAuley
Cameron McAuley
Contributor
November 11, 2024

Thanks @Wei Wung

This information helps a lot.

I notice you left the {{note}} within the field. Is that required?

Thanks

Like
Reply

Suggest an answer

Log in or Sign up to answer
Opsgenie
Opsgenie
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
FREE
TAGS
AUG Leaders

Atlassian Community Events

    See all events