Troubleshoot Alert Correlation Rule - Support and Troubleshooting

Troubleshoot Alert Correlation Rule Description When an alert is created, BR "Calculate correlation rule" is executed. The BR calls AlertManager.calculateAlertCorrelation(grAlert) AlertManager calls AlertCorrelationHandler which: A. Checks if the alert matches one of the filters, for primary or secondary alert If the filter matches either primary, secondary, or advanced, look for a match corresponding to the primary or secondary as configured in the alert correlation rule. Alert correlation can be calculated on demand, for troubleshooting purposes, by:

Navigating to "System Definition > Scripts - Background" Runing script: var alertSI = ' '; var alertManager = new SNC.AlertManager(); var grAlert = new GlideRecord('em_alert'); var grFound = grAlert.get(alertSI); if(grFound){ gs.print("Calculate correlation rule for: " + grAlert.number); alertManager.calculateAlertCorrelation(grAlert); } Instructions Recreate issue Confirm the alerts match the filters in the correlation rule Get the sys_id of the alert Set system property evt_mgmt.log_debug = true Run new calculation with steps in "Description" section of KB, replace in script with actual sys_id Collect output from scripts - background Set system property evt_mgmt.log_debug = false Compare output with AlertCorrelationHandler to determine where the code is not behaving as expected Additional Information Alert Grouping Explained Sample Alert Correlation Rule using script Event Management Alert correlation for Layer 2 connections Parent field value is cleared on the secondary alert when the parent alert is closed for Manual and Rule based alert grouping Rules-based group not created by alert correlation rule because filter is case sensitive PRBs PRB1410894 - Rules-based group not created by alert correlation rule because filter is case sensitive