Javascript must be enabled to download our products and perform other essential functions on the website.

ionicons-v5-m
ionicons-v5-j
Buy Now Download Free Trial
ionicons-v5-m
ionicons-v5-f

Alert Suppression, Event Escalation, Event Deduplication

Understanding how Alert Suppression, Event Escalation, and Event Deduplication work together can give you the tools to have fine grained control over your alerting environment.

Escalation Suppression Deduplication

Alert Suppression

When a monitor first detects a problem, it consults with its Alert Suppression rules to determine whether the monitor should go into Alert state or not. So this is the first filter in the alert path. If the alert is suppressed, the monitor is not in Alert state and no further alerting is considered.

Action List - Event Escalation

If a monitor is in Alert state at the end of it's check, it consults it's list of actions that might contain a list of Event Escalation alerts. This step is where the set of actions to run is determined. Event Escalation can be enabled and configured on a monitor-by-monitor basis.

Event Deduplication

There are two kinds of Event Deduplication -- Simple and Advanced. Below we'll discuss Advanced, as Simple doesn't have any affect on actions that are run.

After getting a list of possible actions to fire during the Event Escalation step, the alert is check to see if it is a 'new' alert. If it is new, the actions are fired as normal. But, if the event is not 'new', that means it's a duplicate. 'New' and 'duplicate' are determined by looking at fields in the event.

If an event is a duplicate:

  • By default, actions are not fired on duplicate events
  • You can indicate actions should continue to be fired, until the alert is acknowledged.

PA File Sight

Help Map