Forum Discussion

Horace_Cheung's avatar
Horace_Cheung
7 years ago

Alert Triage (i.e. Grouping & Alert Reduction)

Hi,

Per discussion with Russ G. & Kenyon W. & Jake C. yesterday, I would like to submit this as a feature request to the DEV team and see whether there is any way to add this feature into future roadmap. In short, it'll be great if end user can configure multiple incident/alerts into 1 group and generate only 1 alert (with highest severity). Here is an example of Tomcat being shutdown which shows a number of alerts generated:

1. Tomcat shutdown ‘critical’ alert is generated (1 alert) 

2. ActiveMQ consumer count of specific queue alert has reached zero ‘Error’ alert (about 10-12 alerts for our case) 

In this case end user would like to be able to configure such that LM will consolidate all alerts into one critical alert (i.e. all AMQ 'Error' alerts are cleared)? I saw something like this in PagerDuty and must say it’s a great feature to have in LogicMonitor to reduce # of alerts being processed by the TechOps team: https://www.pagerduty.com/blog/alert-triage/

Thanks & Best Regards,

Horace

alert
troubleshooting

3 Replies

Sort By
Replies have been turned off for this discussion
  • Mosh's avatar
    Mosh
    Icon for Professor rankProfessor
    6 years ago

    We have the same problem, and our workaround has been to develop our own dashboard (using the REST APIs) and implement alert de-duplication in our own presentation layer.

    I think every LogicMonitor customer, if asked, would want this. It's a feature in most enterprise grade monitoring solutions.

    I would like to be able to configure regular expressions for alert de-duplication rules.  These could be configured in Settings and applied to devices using the same Applies To approach as for data, event and config sources.  In the de-dupe rule ti should be possible to define the single new alert that will replace the de-duplicated alerts.