Forum Discussion
Solved
Alert grouping does not work
Hi team, We have an analytics rule that will run every hour. We have configured the alert grouping to "Grouping alerts into a single incident if all the entities match" for the 7-day time frame. ...
- It will not work if the incidents are closed unless the switch to re-open a closed matched incident is enabled. I don't see any reason why it wouldn't have worked before you closed everything.
Steven_Su Have you verified that the incidents in each alert matches exactly (number and names) to the one another?
Hi GaryBushey
Yes, for example, i search the IP entity and find all the incidents related to it. They only have 1 entity and it is the same, but the alerts were not aggregated into a single incident.
- I see that these are all closed. Do you have your analytic rule grouping set to re-open an incident if a matching alert is to be added to it. It would be below the area your original screenshot shows.
- Hi,
Because the alert grouping did not work, I manually add the automation to close the ticket if the entity matches the condition.
If the alert grouping still works, then the column "Alerts" in my last screenshot will increase whenever a same alert is fired. But in my screenshot, it is not. So it really make me confused.- It will not work if the incidents are closed unless the switch to re-open a closed matched incident is enabled. I don't see any reason why it wouldn't have worked before you closed everything.