cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Alert grouping does not work

Steven_Su
Contributor

‎May 23 2022 12:40 AM

‎May 23 2022 12:40 AM

Alert grouping does not work

Hi team,

 

We have an analytics rule that will run every hour. We have configured the alert grouping to "Grouping alerts into a single incident if all the entities match" for the 7-day time frame. 

 

However, the incidents are keeping triggering every hour. May I know if there is any approach to troubleshoot the issue or how to check the config? Thanks

Steven_Su_0-1653291174403.png

Steven_Su_1-1653291192376.png

 

Labels:
602 Views
0 Likes
6 Replies
Reply
6 Replies
Gary Bushey

‎May 23 2022 04:14 AM

‎May 23 2022 04:14 AM

Re: Alert grouping does not work

@Steven_Su Have you verified that the incidents in each alert matches exactly (number and names) to the one another?

0 Likes
Reply
Steven_Su

‎May 23 2022 08:23 PM

‎May 23 2022 08:23 PM

Re: Alert grouping does not work

Hi @Gary Bushey 

Yes, for example, i search the IP entity and find all the incidents related to it. They only have 1 entity and it is the same, but the alerts were not aggregated into a single incident.

Steven_Su_0-1653362523098.png

 

0 Likes
Reply
Gary Bushey

‎May 24 2022 04:37 AM

‎May 24 2022 04:37 AM

Re: Alert grouping does not work

I see that these are all closed. Do you have your analytic rule grouping set to re-open an incident if a matching alert is to be added to it. It would be below the area your original screenshot shows.
0 Likes
Reply
Steven_Su

‎May 24 2022 06:51 PM

‎May 24 2022 06:51 PM

Re: Alert grouping does not work

Hi,
Because the alert grouping did not work, I manually add the automation to close the ticket if the entity matches the condition.
If the alert grouping still works, then the column "Alerts" in my last screenshot will increase whenever a same alert is fired. But in my screenshot, it is not. So it really make me confused.
0 Likes
Reply
best response confirmed by Steven_Su (Contributor)
Gary Bushey

‎May 25 2022 03:41 AM

‎May 25 2022 03:41 AM

Solution

Re: Alert grouping does not work

It will not work if the incidents are closed unless the switch to re-open a closed matched incident is enabled. I don't see any reason why it wouldn't have worked before you closed everything.
0 Likes
Reply
Steven_Su

‎May 26 2022 02:05 AM

‎May 26 2022 02:05 AM

Re: Alert grouping does not work

Hi Gary,

Yes, you are correct. The function will not work if the ticket is already closed. We enable to re-opening to resolve the issue as recommended. Thanks.
0 Likes
Reply