satterly
commented
3 years ago You can do this one of two ways. The first way is to not automate this and let a human decide when to create a ticket. This can be semi-automated in that an operator right-clicks an alert to create a ticket from the alert details.
The other way is to feed alerts through complex event processing (CEP) engine prior to forwarding to Alerta which does all the correlation you need. There are many open-source and commercial offerings.
Dear Alerta community
We are looking for a way to correlate multiple alarms and only trigger a single action (open ticket when a customer is down). For example, when there is a fiber cut, we receive two alarms, one that is related to the port in the aggregation switch that is down and other alarm for the ICMP of the CPE that is located at the customer location. There are other more complex scenarios where multiple alarms are going to be received at the same time due to a fiber cut and I would like to know if there is a way to analyze the last 100 or so alarms within a period of time and only trigger an action instead of creating of opening 100 independent tickets that have the same root cause, in other words, create a single ticket and add all circuits affected as custom fields to the ticket.
Thank you