Alerting rules evaluation
The scope of an alerting profile is defined by
- The management zone.
- Severity rules.
- Event filters.
These conditions are combined by the AND logic. An event must fulfill all conditions to trigger a notification based on the profile.
Management zone
The management zone filter reduces the amount of data the alerting profile evaluates. Instead of checking all the data your environment generates, you can focus on just the parts coming from the specified management zone.
By default a new alerting profile uses All
management zones, which means that no filter is applied. In most cases you should apply the management zone filter to reduce the profile scope to the scope of your teams' responsibility. Keep in mind that management zones can overlap. If a problem is detected on a service that is defined within multiple management zones, multiple filters will be applied.
Severity rules
Severity rules filter events based on their severity level. For each alerting profile, you can specify up to 100 severity rules. These rules are combined by the OR logic. An event fulfilling any of the rules triggers a notification based on the profile.
You can use the following criteria:
- Severity level.
- How long the problem is open before an alert is sent out—this enables you to avoid alerts for low-severity problems that don't affect customer experience and therefore don't require immediate attention.
- optional Monitoring entities that have any or all of the specified tags
Rule criteria are combined by the AND logic. All of them must be fulfilled for the rule to be invoked.
Event filters
Event rules filter events based on their properties. For each alerting profile, you can specify up to 20 event rules. Particularly for auto-remediation use cases, it’s helpful to trigger specific actions based on detailed information that’s captured during abnormal situations, for example, triggering alerts in cases where problems are related to process crashes.
You can use the following criteria:
- Predefined events Event type
- Custom events Title and description of the event
Each of criteria can be inverted by using the negate option. For example, it turns the begins with criterion into does not begin with.
The rules are combined by the following logic:
- All rules that contain negated criteria are grouped by the AND logic.
- All other rules are grouped by the OR logic.
- These two groups (negated and non-negated) are grouped by the AND logic.