Marid Action while deduplicating alerts


#1

We use Marid script proxy to take actions on some of the alerts. Currently, Marid receives actions such as Create,Ack,UnAck,AddNote,Assign/Take Ownership,Close,Delete (and custom actions).

Opsgenie already smartly deduplicates an alert if it receives an incoming alert with same alias as an existing one. To make good use of this feature, is it possible to add “Deduplication” as an action on Marid? Every time an alert is de-duped, we would like Marid to receive an action, so that when an alert has occurred n number of times we can take some action on it.


#2

Hi Navneeth,

We have this in the backlog, and I agree it does make sense to add such a trigger! We are adding complex features in the close future, so I’m unable to tell if we are going to implement this in the short term.

However, I think you could work around it for now. I believe the List Alerts Request contains the count property by default. Do you think polling the API periodically and analyzing the response could do the same trick? You could look for if count=n and additional content from the alert fields, then decide to take action or not.

Is this useful?

As always - thanks for the valuable feedback. I’ll be adding this thread to the item we have!


#3

That could prove to be a little tricky given the volume of alerts we receive. List Alerts request has a limit of 100 alerts, which means, we will have to write loops to check all open alerts for their counts. We will also have to incorporate some logic to filter out alerts that have already been “processed” by Marid.

For now, we do use the List Alerts work-around, but I don’t think this solution scales well for teams/orgs with plenty of open alerts at any given time.

Hence, it would be nice to see this added to Marid/Opsgenie in the (near) future.

Thanks!


#4

We will be taking a look for sure, together with other triggers we are missing at this point!

As an additional note to the solution we’ve briefly discussed - you can simply add an indicator to the alert you’ve processed already via the Add Extra Properties Request.

I’ve seen a custom ticketing integration before, which was working based on the above logic. Was checking the alert list, and if any entries were above count=x, it ran the Get Alert request, complied the request towards the ticketing system and sent it, then based on the response it added back a ticket number as extra property. If this alert remained open for a long time with the high count, when the script is running the Get Alert request it could look for the extra parameter you’ve added to it.

In any case, I’ve added this thread to the item and will bring it up at our planning meeting! The trigger would make a lot of sense indeed.