Forum Discussion
Solved
Alert grouping does not work
Hi team, We have an analytics rule that will run every hour. We have configured the alert grouping to "Grouping alerts into a single incident if all the entities match" for the 7-day time frame. ...
- It will not work if the incidents are closed unless the switch to re-open a closed matched incident is enabled. I don't see any reason why it wouldn't have worked before you closed everything.
Hi GaryBushey
Yes, for example, i search the IP entity and find all the incidents related to it. They only have 1 entity and it is the same, but the alerts were not aggregated into a single incident.
I see that these are all closed. Do you have your analytic rule grouping set to re-open an incident if a matching alert is to be added to it. It would be below the area your original screenshot shows.
- Hi,
Because the alert grouping did not work, I manually add the automation to close the ticket if the entity matches the condition.
If the alert grouping still works, then the column "Alerts" in my last screenshot will increase whenever a same alert is fired. But in my screenshot, it is not. So it really make me confused.- It will not work if the incidents are closed unless the switch to re-open a closed matched incident is enabled. I don't see any reason why it wouldn't have worked before you closed everything.
- Hello I have a same problem, the alerts are not grouped into incident even though there was matching entities .I don't have any automation to close the incidents. In my case one of the entities is the list of operation and the list also matches with order but still not grouping . If there is list in the entities can this prevent it from being grouped even though list is matching?
