'Alert Cleared' messages follow the same escalation chain as the original alerts, this is awful for an after hours team. We would like 'Alert Cleared' alerts to be sent only via email and not follow the same path as the critical outage alert. Otherwise, it results in everyone being woken up to be told that 'everything is fine'.
I completely agree. We want to use voice notifications (plus SMS and email) for critical after-hours alerts, but we want the cleared notifications go to SMS and email only. It is very important to the team that a voice call in the middle of the night be an actual, actionable problem, so we need the capability to send Alert Cleared notifications through a different escalation chain.
Agreed.
If acknowledgements and clears both depend on the Enable Alert Cleared Notifications under Settings then I would think that no additional changes would be needed. Or a filtering arrangement would work too. As long as I can keep the current alert flow intact which allows integrating all kinds of wonderful tools...... Thanks
Within our teams we want the email to go out but not for the first stage. We use the first stage for our ticketing system to generate a ticket. Within the ticketing system we mute the auto-responses to avoid email loops from LogicMonitor and our ticketing system addresses. Here lies the issue: Once the alert is acknowledged or cleared another email is generated to all recipients in all stages which creates another ticket. Having the ability to remove acknowledged & cleared emails for a specific stage would solve our issue while still providing emails to other team members within other stages that the issue is being worked on or fixed.
AdvisorDoes this control make more sense at a per-user level, or a per-chain level? i.e. do I as user Steve want to say for all alerts, regardless of how I received them, I only ever want to get the Acks or Clears via at most SMS (even if I got them via voice call). Or for all alerts, regardless of how I received them, I only ever want to get the Acks or Clears via email (even if I got them via sms or voice call). This would affect that user, for all chains, but be controllable by that user. Or does it make more sense to have this control be at the chain level?So whoever creates the alert escalation controls which mechanisms are used for Acks/Clears? This would be specific to a chain (so a less critical set of alerts may have the acks sent via email, while a more critical set will have acks sent via SMS, too). But users would not be able to individually control this themselves (unless they had rights to change the chain.) If it was changed, it would affect all users that are destinations of that chain.
To me it makes more sense at the per-chain level, and that would be sufficient for how we use the product.
AdvisorSo, firstly, apologies that this has taken so long to get to...What I describe above (allowing filters per rule, for Ack, clear, SDT, etc) is still planned, but due to various dependencies on things changing in the UI, still a ways out. What I would like to do in the short term is to simply make, as dfischer proposed, the Suppress Alert Clear option also suppress the Ack and SDT messages. So if this is selected (and probably renamed something like Suppress alert status updates) an alert will still escalate (through multiple stages); an increase in severity will still be sent; but messages regarding Acks, SDTs and clears will not. To my mind these are logically similar. If you do not want a notification of an alert ending (so you no longer have to deal with it), you probably also do not want to know that someone put it in SDT, or Acked, so you also do not have to deal with it. So this does not address people that use the first stage for ticketing systems, but should cover most other use cases. Feedback?
