An alert clustering definition determines the conditions that must be met for invoking one or more alert clustering tags. Alert clustering tags enable you to create an alert group from fewer alerts.

Before you begin

Role required: evt_mgmt_admin

About this task

Determine the alerts to be compared with existing alerts by creating a filter for the alerts to match. Filtered alerts matching alerts that exist in the system based on the definition's alert clustering tags are gathered into an alert group.

• A definition must have alert clustering tags associated with it.
• When modifying or deleting an alert clustering tag, all definitions with the specified tag are updated accordingly.

Procedure

1. Navigate to All > Event Management > Tag Based Alert Clustering Engine > Alert Clustering Definitions.
2. Select New.
3. Configure the fields on the Event Management tag based alert clustering definition form.
4. Select Save.

Result

The definition appears on the Tag Based Alert Clustering Definitions table. Alert groups that are created by this definition are created as Tag Cluster groups.