Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Why all incoming alert are associated with the only existing incident

serge calderara
serge calderara
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
June 28, 2021

Dear all,

I have an Incident which has been previously created from an Alert through the following Incident rule :

chrome_HGwIJZ5vCL.png

Then as a test I have a created manually a dummy Alert of P2 priority only with a different Alias than initial Alert which create the incident.

By doing so the created alert below, has been associated to the current incident BUT it has nothing to do with it as it is an other one, I was expected that a different incident would be created.

chrome_fVh9WWdXD4.png

Why opsgenie did not create  new Incident ?

What is the rule that Opsgenie apply in order to know if it should create a new incident or associate the Alert to existing one ?

Thanks for clarification

regards

Answer
Watch
Like Be the first to like this
313 views

1 answer

0 votes
Samir
Samir
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
June 30, 2021

Hi @serge calderara 

 

If an incident is created through an incident rule, and that incident remains open, then all other alerts that are created that match that same incident rule, will be associated with the same incident.

 

So essentially there can only be 1 open incident per incident rule at a time.

 

Thanks,

Samir

View More Comments
serge calderara
serge calderara
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
June 30, 2021

Hello @Samir ,

So in other words based on my configuration screen of Incident rules define in the current ticket, that means that any Alert where Priority = HIGH will be attached to that same Incident even if Alert as different Alias ?

Regards

serge

Like
Samir
Samir
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
June 30, 2021

Yes that's correct, it will be associated to the same incident until that incident is closed. Once the incident is closed, if a new alert matches that incident rule, a new incident will be created.

Like
serge calderara
serge calderara
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
June 30, 2021

@Samir Thanks for clarifiction

One more thing. 

If in the Incdent rule I have the criteria as below :

Priority=HIGH
Alert title CONTAINS "Network Incident for instance"

If an Incident is already OPEN based rule above then Alert will be associated to that open incident.

Now if a new Alert occurs with PRIORITY=HIGH and ALert title is " Server Down"

Then no incident will be created correct ?

Depending on Incident rule settings I guess I could have more than 1 Incident OPEN at same time correct ?

regards

Like
Samir
Samir
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
June 30, 2021

Yes that's correct, assuming that filter is set to "match all conditions below".

Like
serge calderara
serge calderara
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
July 1, 2021

Hello @Samir thanks for your reply.

In practice what could be by experience a sampple filter on incident rule which will associate alert in a more logical way and not only for priority ?

Should I base the rules on the title of the alert, the service, ?

thanks for sharing

regards

Like
Samir
Samir
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
July 1, 2021

It really depends on what sort of alerts indicate that you want an incident created. If there is something in the message of the alert that indicates an incident should be created, then filter on the message.

 

It comes down to which criteria dictates whether there should be an incident created or not, so it depends on your alerting setup and incident management practices.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Opsgenie
Opsgenie
TAGS
AUG Leaders

Atlassian Community Events

    See all events