Incident Status Based Deduplication
Use Incident Status Based Deduplication to deduplicate all alerts to an existing open incident for a Service
Incident Status Based Deduplication works on the logic that all alerts that come in for a Service are related to the same issue. So, if there is an open incident for a Service - that is, the incident is in the
Acknowledgedstate, all incidents that come in for this Service will get deduplicated against the existing, open incident within the specified time window.
- The User Role associated with the user in the Team must have required permissions to manage Services (ability to manage Deduplication Rules).
- 1.Navigate to Services -> Service Overview -> select or search for your desired service.
- 2.On the extreme right, expand the accordion -> In the Automation section, View All
- 3.In the Automation Rules section, Add Deduplication Rules
- 4.Select an Alert Source from the drop-down -> Add New Rule
- 5.Incident Status Based Deduplication Rules can be added in two ways:
- 1.Create a rule specifying the Label as
past_incident["is_suppressed"], Condition as
==and Value as
- 2.Add an appropriate deduplication time window.
- 3.Click on Save Rule to complete.
- 1.You can copy and paste the rule below and change the Rule Execution Priority accordingly.
2. Add an appropriate deduplication time window.
3. Click on Save Rule to complete.
1. I have added the Deduplication Rule
past_incident.is_suppressed == falsemanually to an existing Service to deduplicate all alerts against any open incident for the Service. Nevertheless, I do not see Incident Status Based Deduplication taking place as expected. What am I missing?
Once the Deduplication Rule
past_incident.is_suppressed == falseis added manually to an existing Service, please move the rule
downbased on the Rule Execution Priority you wish to have. If you do not want any of your other Deduplication Rules to be executed for the Service, move the newly added Deduplication Rule to the top of the list of rules.