Intelligent Alert Grouping (IAG)
Automatically group incoming alerts with a similar open incident and save your team from alert noise
Last updated
Automatically group incoming alerts with a similar open incident and save your team from alert noise
Last updated
Intelligent Alert Grouping (IAG) employs a real-time algorithm based on machine learning to consolidate interconnected alerts into a unified, active incident. This proves especially beneficial for incident responders by minimizing the volume of distracting information, enabling them to concentrate on their immediate responsibilities. As time progresses, the grouping algorithm evolves to comprehend emerging alert patterns and respond to human actions, enhancing the precision of its grouping choices and contributing to even swifter incident resolution.
Intelligent Alert Grouping (IAG) looks at alerts from a single Service. If you want alerts from different Services to be grouped, you may need to reconfigure your Service to send all related alerts to the same Service.
Note: This feature will be available for accounts in the Enterprise plan.
While creating a new Service:
Navigate to the Services tab where you can start creating a new Service. Among other details given as inputs necessary for creating the Service, enable the toggle for Intelligent Alert Grouping (IAG).
Next, choose a time interval as the Grouping Window. Available options are shown in the drop-down.
By clicking Save and Continue, you can proceed with Service creation which will result in the immediate enablement of Intelligent Alert Grouping (IAG).
For an existing Service:
Navigate to the Services tab. For the selected Service, click the More action and select Edit Service.
Here, you can enable the toggle for Intelligent Alert Grouping (IAG).
Next, choose a time interval as the Grouping Window. Available options are shown in the drop-down.
By clicking Save Changes, Intelligent Alert Grouping (IAG) will be enabled for the Service.
When enabled, you can identify the incidents that have auto-grouped alerts in the Incident List with the help of the highlighted icon in the image below.
When you click the incident with auto-grouped alerts and head into the Details page, you can view all the grouped alerts under the Auto Grouped tab.
This tab houses all the alerts as deemed similar to this incident by the Intelligent Alert Grouping (IAG) analyzer with the below information for the alert:
Alert Title
Alert Source
Created At
Tags
By clicking the alert title, you will be able to view additional details for the alert.
The Intelligent Alert Grouping (IAG) analyzer is designed to monitor real-time alert data and incident history. It adjusts dynamically as new alerts are triggered on a Service. Once you activate Intelligent Alert Grouping (IAG) for a Service, there's no need for explicit configuration, apart from selecting the Grouping Window itself.
Intelligent Alert Grouping (IAG) analyzer will group an alert into an existing open incident when the following criteria are met:
The most recent alert was created within the specified grouping window. This works on a rolling basis, i.e., we will compare the timestamp on the alert in question to the most recently grouped alert.
The Intelligent Alert Grouping (IAG) analyzer deems the alerts similar.
Alerts that do not meet these criteria will not be grouped and will trigger a new incident.
Users can either vote up or vote down an auto-grouped alert by simply hovering over the alert in the list of alerts for the incident.
If you notice that an auto-grouped alert should not have been grouped with this incident, you can click the thumbs-down icon. This feedback once submitted, cannot be undone.
Note: When a vote down is given, it will not re-open the alert. It is simply feedback given to the Intelligent Alert Grouping (IAG) analyzer to not consider this association in the future. Users have to manually trigger an incident reflecting this alert to work on it.
Not just vote downs, users can also let the Intelligent Alert Grouping (IAG) analyzer know that the right alerts were grouped with the incident in question. This can be done by clicking the thumb-up icon by hovering over the alert.
Any feedback that is given by users is logged in the incident’s Activity Timeline.
Users can also provide implicit feedback by manually merging incidents. This behavior is captured by the Intelligent Alert Grouping (IAG) analyzer and is used for auto-grouping in the future.
Navigate to the Services tab. For the selected Service, click the More action and select Edit Service.
Here, you can disable the toggle for Intelligent Alert Grouping (IAG).
Note: Doing so will immediately stop the algorithm from being active, which means users can expect a high number of alert notifications reaching them (which would have not been the case previously).
Have any questions? Ask the community.
