Introduction

An alert correlation policy defines user settings (described below) that OpsRamp applies in taking first response actions on alerts.

Policy modes

The following policy modes are supported:

  • Off
  • Observed
  • Recommend
  • On

Off

In this mode, the policy is inactive and has no effect on your alerts. You can use this mode to review a newly defined policy, before changing into one of the other modes.

Observed

This mode allows you to simulate the effect of a policy, without impacting your alerts.

In this mode, the policy creates an observed alert, which simulates the original alert. The observed alert shows the actions that would have been taken on the original alert, if the policy were in On mode. The observed alert includes a link to the original alert.

Recommend

In this mode, the policy creates a recommendation for actions that you should take on the alert. Recommendations are based on OpsRamp’s learning from historical alerts. The recommendation includes a link to take the action.

On

In this mode, the policy takes automated actions on your alerts.

Filter criteria setting

This setting selects alerts to which the policy applies.

Suppress seasonal alerts setting

With this setting, OpsRamp suppresses alerts that, it has learned, occur regularly, at around the same time. For example, an high CPU utilization alert that occurs nightly at around 1:00 AM due to a scheduled backup job on a server, that usually goes back to OK state, by 1:30 AM.

Suppress specific alerts setting

With this setting, you can train OpsRamp to suppress alerts that are expected and do not need any action. For example, alerts from test servers during application updates.

Snooze specific alerts setting

With this setting, you can train OpsRamp to snooze alerts for a given time. The snooze action suppresses alerts for a given time period and then unsuppresses the alert.

You can provide training data using a training file.

What to do next