Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Interests
See all
Community resources
Top groups
Explore all groups
Community resources
Celebration

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root

Avatar

1 badge earned

Collect

Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!

Challenges
Coins

Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.

Recognition
Ribbon

Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!

Leaderboard

Join now to unlock these features and more

Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Get started Tell me more
Atlassian Community about banner
4,557,678
Community Members
 
Community Events
184
Community Groups

Can you search for alerts that don't have an incident association

Diego Link
Diego Link Jan 08, 2022

I am new to OPsGenie and also coming from pagerDuty and finding the workflow in OpsGenie to be very cumbersome when you have a large amount of incoming alerts. It all revolves around acknowledging alerts

I start  my workflow by looking at un-acked alerts.    Since these alerts  should be addressed. My problems are:

  • Auto incident-associated aren't auto-acked
  • There's no way to search for alerts that are associated to an incident (That I can see from the search fields). Hence the subject of my question - this would make the process more streamlined but not really solve it 
  • Going to the incident and showing associated alerts only allows me to close the alerts not ack them.  The incident is still opened and acked but incoming alerts that are auto-associated remain un-acked - creating noise
  • For some reason not all alerts even with the same message do not seem to get auto associated.
    • Selecting those alerts and associating to an incident also does not acknowledge them and worse the action DESELECTS the alerts requiring the user to reselect them and acknowledge them

We have 50+ services with a continual flow of alerts.   Finding and selecting and acknowledging alerts  is not really scalable under my current understanding of this UX.

Now maybe the issue is I should not look at un-acknowledged alerts , but then I still want to see what alerts aren't associated to an incident. Those will help me perhaps write incident rules   Again with the summary of my question - can I search for alerts that are no associated to an incident?

And finally is there a better workflow that I'm missing here.

 

 

 

 

Answer
Watch
Like Be the first to like this
255 views

1 answer

0 votes
Agaci Avinas
Agaci Avinas
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
Jan 10, 2022
Hi Diego,
Welcome to Opsgenie. I am Agaci, happy to help you today. Please find answers for your workflow below,
  • Auto incident-associated aren't auto-acked
                 
              You do not have to worry about associated alert being auto-ack because notifications would not be triggered for alerts associated with Incidents.
  • There's no way to search for alerts that are associated to an incident (That I can see from the search fields). Hence the subject of my question - this would make the process more streamlined but not really solve it 
               You could make use of the alert search queries. To search alerts associated with the Incident you could use query like - details.key: "incident-id" and message: "test"
  • Going to the incident and showing associated alerts only allows me to close the alerts not ack them. The incident is still opened and acked but incoming alerts that are auto-associated remain un-acked - creating noise
  
              For Associated alerts in an Incident, the notification flow would be suppressed. Only the owner and Responder alert would sent the notifications. You could learn more about different alert types in this link.
  • For some reason not all alerts even with the same message do not seem to get auto associated.
  • Selecting those alerts and associating to an incident also does not acknowledge them and worse the action DESELECTS the alerts requiring the user to reselect them and acknowledge them
 
          You could make use of the search query to list the alerts with same message which is not associated with any Incident. Below query could help you with that.
message: "test" and not details.value: "Associated"
You might want to take a look at your incident rules, to make sure that the filter are matching and creating /associating incidents based on the Alert messages.
Regards,
Agaci 
Reply

Suggest an answer

Log in or Sign up to answer
Opsgenie
Opsgenie
DEPLOYMENT TYPE
CLOUD
TAGS
AUG Leaders

Atlassian Community Events

See all events