DX Operational Intelligence

Expand all | Collapse all

Automatic unacknowledging of updated alerts on SOI r4.0 CU1

Jump to Best Answer
  • 1.  Automatic unacknowledging of updated alerts on SOI r4.0 CU1

    Posted 05-27-2016 08:48 AM

    Hi everyone

     

    Does the Service Operations Insight r4.0 CU1 release address the issue of updated alerts coming up with the 'acknowledged' tick?

     

    Regards

    Thanks.



  • 2.  Re: Automatic unacknowledging of updated alerts on SOI r4.0 CU1

    Posted 06-01-2016 10:29 AM

    Hello Doctor Ngobeni,

     

    I'm not aware of this problem, if you have encountered this problem and received a Test Fix in previous release, please let me know the patch number, I will check if this is included in 4.0 CUM1.

     

    Regards

    Brahma



  • 3.  Re: Automatic unacknowledging of updated alerts on SOI r4.0 CU1

    Posted 06-02-2016 03:18 AM

    Hi Brahma

     

    I'm running SOI r4.0 with the RO89152 patch installed. I realize now that my question isn't clearly expressed so I'll give it another try.

     

    When an alert arrives on the SOI oneclick client and an operator marks it as acknowledged, for example, SOI received the following alert below and I acknowledged it.

    Shortly after, the same host sent the same snmp alert only this time with a different summary. As an operator, if I had to work with several other alerts at a time I would ignore this alert because i previously acknowledged it.

     

    I wanted to know if SOI has the functionality to remove that acknowledged tick in the event that the simulated event above happens in our production space.

     

    Thanks in advance

    Doctor Ngobeni



  • 4.  Re: Automatic unacknowledging of updated alerts on SOI r4.0 CU1
    Best Answer

    Posted 06-02-2016 03:41 AM

    Hi Doctor Ngobeni,

    The Summary is not considered to be a differentiator to identify this as a new Alert.

    The cause of the problem is still the same, and thus SOI considers this to be the same Alert the Operator is working on.

    If you have cases where the new message is due to a different problem, but it still gets merged with the existing one, then we should have a look at the policy how the Alert ID is created to distinguish between different root causes.

     

    As background: If the summary would be considered to trigger a new Alert (e.g. replacing the previous one), cases like "Disk is full 94%" then "95%" then "96%" would always be considered a new problem, although the Operator is already aware of this and working on it.

     

    MichaelBoehm