Skip to content
DataMiner DoJo

More results...

Generic selectors
Exact matches only
Search in title
Search in content
Post Type Selectors
Search in posts
Search in pages
Search in posts
Search in pages
Log in
Menu
  • Blog
  • Questions
  • Learning
    • E-learning Courses
    • Open Classroom Training
    • Certification
      • DataMiner Fundamentals
      • DataMiner Configurator
      • DataMiner Automation
      • Scripts & Connectors Developer: HTTP Basics
      • Scripts & Connectors Developer: SNMP Basics
      • Visual Overview – Level 1
      • Verify a certificate
    • Tutorials
    • Video Library
    • Books We Like
    • >> Go to DataMiner Docs
  • Expert Center
    • Solutions & Use Cases
      • Solutions
      • Use Case Library
    • Markets & Industries
      • Media production
      • Government & defense
      • Content distribution
      • Service providers
      • Partners
      • OSS/BSS
    • DataMiner Insights
      • Security
      • Integration Studio
      • System Architecture
      • DataMiner Releases & Updates
      • DataMiner Apps
    • Agile
      • Agile Webspace
      • Everything Agile
        • The Agile Manifesto
        • Best Practices
        • Retro Recipes
      • Methodologies
        • The Scrum Framework
        • Kanban
        • Extreme Programming
      • Roles
        • The Product Owner
        • The Agile Coach
        • The Quality & UX Coach (QX)
    • DataMiner DevOps Professional Program
  • Downloads
  • More
    • Feature Suggestions
    • Climb the leaderboard!
    • Swag Shop
    • Contact
      • General Inquiries
      • DataMiner DevOps Support
      • Commercial Requests
    • Global Feedback Survey
  • PARTNERS
    • All Partners
    • Technology Partners
    • Strategic Partner Program
    • Deal Registration
  • >> Go to dataminer.services

Correlation – Count number of alarms with certain severity

Solved2.40K views4th January 2023Correlation Script Condition
2
Jochen Dewachter [SLC] [DevOps Advocate]2.16K 30th December 2022 0 Comments

What is the correct syntax for a correlation rule script condition to count the number of alarms in a bucket with a certain severity?

Use case: I have 5 IRD elements receiving a carrier from the same transmitting antenna. I want to trigger the correlation rule (to switch to another antenna) if all IRDs that are not in timeout give a critical alarm on their lock state.

Was thinking of a script condition like this: count(severity(critical)) == 5 - count(severity(timeout)) but I'm stuck on syntax...

Jochen Dewachter [SLC] [DevOps Advocate] Selected answer as best 4th January 2023

3 Answers

  • Active
  • Voted
  • Newest
  • Oldest
1
Emmanuel Dal [SLC] [DevOps Member]4.63K Posted 4th January 2023 3 Comments

Jochen,

Here is how to tackle your use case:

  1. Configure the ALARM FILTER to only capture critical alarms from the lock state parameter and timeout alarms as well
  2. Configure 2 script conditions  (combine them with an AND operator) :
    • condition 1 : count(*)>=3
    • condition 2 : max(field(severity)) == 1
      • critical alarm => severity = 1 ( see slenumvalues table )
      • timeout alarm => severity = 17 ( see slenumvalues table )

You can find more information about syntax and limitations on docs

UPDATE : my initial suggestion is not fully in line with what is requested.

That use case ( if I now fully understood it ) could be tackled by using 2 correlation rules:

1. First rule will generate 1 correlated alarm per IRD Element

  • ALARM FILTER: IRD protocol / Critical on Lock Status/ Timeout
  • ALARM GROUPING : group per Element
  • Action : New Alarm (highest Severity of sources Alarms )

2. Second rule will only capture correlated alarms and make sure we have same amount of correlated alarms as number of IRDs, and that at least one alarm has max severity equals to critical

  • Details: Accept Correlation Alarms
  • ALARM FILTER : relevant filter to only accept correlation alarms generated by previous rule
  • RULE CONDITION :
    • count(*)>=3 ( if 3 IRDs)
    • min(field(severity)) == 1
Jochen Dewachter [SLC] [DevOps Advocate] Selected answer as best 4th January 2023
Ben Vandenberghe [SLC] [DevOps Enabler] commented 4th January 2023

Not sure if the syntax allows it – but the exact logic required (if I understood correctly what Jochen needs) would be that the count of the timeout events summed with the count of the lock alert events matches the nbr of IRDs (in other words, if one of the IRDs has neither a time-out nor a lock alert, then the rule cannot fire off).

Emmanuel Dal [SLC] [DevOps Member] commented 4th January 2023

According to Docs, counting the number of alarms part of a bucket and in a specific state is not supported :

        “When script conditions use functions, fields or properties outside the min/max/avg aggregated functions context, values will be retrieved from one of the alarms in the bucket only. This will typically be the triggering alarm or the most recent one in the rule bucket.”

I’ve suggested an alternative in my initial reply

Jochen Dewachter [SLC] [DevOps Advocate] commented 4th January 2023

The approach with the 2 correlation rules does the trick! Thanks a lot, that’s what I was searching for.

You are viewing 1 out of 3 answers, click here to view all answers.
Please login to be able to comment or post an answer.

My DevOps rank

DevOps Members get more insights on their profile page.

My user earnings

0 Dojo credits

Spend your credits in our swag shop.

0 Reputation points

Boost your reputation, climb the leaderboard.

Promo banner DataMiner DevOps Professiona Program
DataMiner Integration Studio (DIS)
Empower Katas

Recent questions

Alarm Dashboard PDF/CSV Export 0 Answers | 0 Votes
Is the Microsoft SharePoint Connector Still Usable 0 Answers | 0 Votes
Is the Microsoft SharePoint Connector Still Usable 0 Answers | 0 Votes

Question Tags

adl2099 (115) alarm (62) Alarm Console (82) alarms (100) alarm template (83) Automation (223) automation scipt (111) Automation script (167) backup (71) Cassandra (180) Connector (108) Correlation (68) Cube (150) Dashboard (194) Dashboards (188) database (83) DataMiner Cube (57) DIS (81) DMS (71) DOM (139) driver (65) DVE (55) Elastic (83) Elasticsearch (115) elements (80) Failover (104) GQI (159) HTTP (76) IDP (74) LCA (151) low code app (166) low code apps (93) lowcodeapps (75) MySQL (53) protocol (203) QAction (83) security (88) services (51) SNMP (86) SRM (337) table (54) trending (87) upgrade (62) Visio (539) Visual Overview (345)
Privacy Policy • Terms & Conditions • Contact

© 2025 Skyline Communications. All rights reserved.

DOJO Q&A widget

Can't find what you need?

? Explore the Q&A DataMiner Docs

[ Placeholder content for popup link ] WordPress Download Manager - Best Download Management Plugin