Adding fresh content to the original alert during deduplication


#1

Hi guys,

I wanted to drop by and share an interesting - currently a bit hidden - feature with all of you. A bit of a background story first, though.

In OpsGenie, we do a deduplication process based on the alias field of the alert. This field is just like the others - you can dynamically parse out parts of the incoming payload and populate it automatically. Take a look at the default Nagios integration settings for example:

This means, whenever a request hits the endpoint which matches the Create Alert rules of the integration, the value of the alias field is set according to that template. In this particular example, it will be the name of the host and the service description, divided with an underscore.

Now - whenever Nagios sends another alert, which matches the Create Alert Rule of the integration, and is regarding the same hostname and description, instead of creating another alert, OpsGenie will increase the count property of the already existing - and open - alert to 2.

Deduplication is a very handy feature which reduces alert fatigue significantly. Every once in awhile, though, you would like to see some informational updates even if the alert has been deduplicated.

…and here come the trick:

You can add content built from the payload to your alerts during deduplication in the form of a silent “Note”. All you have to do is:

  • Find the Create Alert rule in your integration (Advanced Setting tab)
  • Spot the “Notes:” field on the bottom of the rule
  • Build the note template you want to use when the alert is deduplicated. You can use the blue boxes on the right side.

Something like this (in the case of Nagios):

Another popular use-case for this is when you are deduplicating emails based on the subject - but the body can be different. In that case, you could easily add the “message” dynamic field to the Notes: field, and each time a new email comes in with the same subject, OpsGenie would pass the body of the email as a new note!

You can use it in many different cases - new CPU usage metrics, remaining space of your discs, etc. Basically in any case, when an alert is raised after a certain threshold and you don’t necessarily want to have a new one - but interested in the new content.

Got questions? Feel free to reply here or find us on the chat! :slight_smile:


Override existing open alert with more data
New alert generated as Note Added to existing alert