Incident creation based on 2 or more alerts


#1

Hello, I would like to know if is possible to create incident rules based on 2 or more alerts being present.

For example, we have multiple Internet service providers in a site, and an Incident happens when 2 or more of those connection go down. I want to be able to create an incident based that criteria.

And it would be even better if we had the same same capability to create de incident with the options present for delaying/suppressing notifications (like when de duplication reaches 2 in a certain amount of time)

Any help is appreciated!


#2

Hi @davidban77 this is not currently possible, but we do have a feature request open for this functionality in which I can add you to. It would definitely be nice to have incidents created based on deduplication count of an alert, or presence of 2 or more alerts, as I could see how those conditions would mean that there is an incident.


#3

Great, thanks @Samir and is great to know that there is a feature requests opened for it, so please add to me it.

In the meantime I think I can workaround it with by polling and looking for 2 or more related alerts that will then trigger an incident. It would not have the ability to associate existing or new alerts to the incident though, but it should be good for the time being.


#4

Hi @davidban77 yes that’s a great workaround for the time being. Hopefully that enhancement gets implemented soon so the functionality is built into the platform.