Help Center> Application Operations Management> User Guide (2.0)> Alarm Management> Alarm Noise Reduction> Creating a Grouping Rule
Updated on 2024-06-28 GMT+08:00
View PDF

Creating a Grouping Rule

You can filter alarm subsets and then group them based on the grouping conditions. Alarms in the same group are aggregated to trigger one notification.

As shown in Figure 1, when Alarm Severity under Grouping Condition is set to Critical, the system filters out the critical alarms, and then combines these alarms based on the specified mode. The combined alarms can then be associated with an action rule for sending notifications.

Figure 1 Grouping process

Procedure

You can create up to 100 grouping rules.

  1. Log in to the AOM 2.0 console.
  2. In the navigation pane, choose Alarm Management > Alarm Noise Reduction.
  3. On the Grouping Rules tab page, click Create and set parameters such as the rule name and grouping condition. For details, see Table 1.

    Figure 2 Creating a grouping rule
    Table 1 Grouping rule parameters

    Category

    Parameter

    Description

    -

    Rule Name

    Name of a grouping rule.

    Enter up to 100 characters and do not start or end with an underscore (_). Only letters, digits, and underscores are allowed.

    Enterprise Project

    Enterprise project.

    • If you have selected All for Enterprise Project on the global settings page, select one from the drop-down list here.
    • If you have already selected an enterprise project on the global settings page, this option will be dimmed and cannot be changed.

    Description

    Description of a grouping rule. Enter up to 1024 characters.

    Grouping Rule

    Grouping Condition

    Conditions set to filter alarms. After alarms are filtered out, you can set alarm action rules for them.

    Value range and description:

    • Alarm Severity: severity of a metric or event alarm. Options: Critical, Major, Minor, and Warning. Example: Alarm Severity Equals to Critical
    • Resource Type: resource type selected when you create an alarm rule or customize alarm reporting. Options: host, container, process, and so on. Example: Resource Type Equals to container
    • Alarm Source: name of the service that triggers the alarm or event. Options: AOM, LTS, CCE, and so on. Example: Alarm Source Equals to AOM
    • Tag: alarm identification attribute, which consists of the tag name and tag value and can be customized. Example: Tag aom_monitor_level Equals to infrastructure
    • XX Exists: indicates the alarm whose metadata contains parameter XX. Example: For Alarm Source Exists, the alarms whose metadata contains the provider will be filtered.
    • XX Regular Expression: indicates the alarm whose parameter XX matches the regular expression. Example: For Resource Type Regular Expression host*, the alarms whose resource type contains host will be filtered.

    Rule description:

    • You can create a maximum of 10 parallel conditions, each of which can contain up to 10 serial conditions. One or more alarm action rules can be set for each parallel condition.
    • Serial conditions are in the AND relationship whereas parallel conditions are in the OR relationship. An alarm must meet all serial conditions under one of the parallel conditions.

    For example, if two serial conditions (that is, Alarm Severity = Critical and Provider = AOM) are set under a parallel condition, critical AOM alarms are filtered out, and notification actions are performed based on the alarm action rule you set.

    Combination Rule

    Combine Notifications

    Combines grouped alarms based on specified fields. Alarms in the same group are aggregated for sending one notification.

    Notifications can be combined:

    • By alarm source: Alarms triggered by the same alarm source are combined into one group for sending notifications.
    • By alarm source + severity: Alarms triggered by the same alarm source and of the same severity are combined into one group for sending notifications.
    • By alarm source + all tags: Alarms triggered by the same alarm source and with the same tag are combined into one group for sending notifications.

    Initial Wait Time

    Interval for sending an alarm notification after alarms are combined for the first time. It is recommended that the time be set to seconds to prevent alarm storms.

    Value range: 0s to 10 minutes. Recommended: 15s.

    Batch Processing Interval

    Waiting time for sending an alarm notification after the combined alarm data changes. It is recommended that the time be set to minutes. If you want to receive alarm notifications as soon as possible, set the time to seconds.

    The change here refers to a new alarm or an alarm status change.

    Value range: 5s to 30 minutes. Recommended: 60s.

    Repeat Interval

    Waiting time for sending an alarm notification after the combined alarm data becomes duplicate. It is recommended that the time be set to hours.

    Duplication means that no new alarm is generated and no alarm status is changed while other attributes (such as titles and content) are changed.

    Value range: 0 minutes to 15 days. Recommended: 1 hour.

  4. Click Confirm.

More Operations

After creating a grouping rule, perform the operations listed in Table 2 if needed.

Table 2 Related operations

Operation

Description

Modifying a grouping rule

Click Modify in the Operation column.

Deleting a grouping rule
  • To delete a single rule, click Delete in the Operation column in the row that contains the rule.
  • To delete one or more rules, select them and click Delete above the rule list.

Searching for a grouping rule

Enter a rule name in the search box in the upper right corner and click .
Parent topic: Alarm Noise Reduction