Hi Dojo,
I'm looking for guidance on implementing a more advanced alarm correlation scenario.
Currently, we have a setup where an alarm triggers a correlation rule, which then executes a script. The script sends an email or SMS (based on configuration) including alarm details (forwarded to script from correlation rule) and a dashboard report (email with dashboard report is sent from the code). This works fine.
However, we now have a new customer requirement:
- They want to receive individual notifications per alarm (e.g., per TV channel) as long as the number of alarms stays low.
- If more than 5 alarms occur within a 10 minute window, instead of receiving many individual notifications, they want:
- A single aggregated notification
- Containing a list of all affected channels
- And no individual emails/SMS for those alarms in that case
In short:
- < 5 alarms in 10 minutes -> send individual notifications
- 5 alarms in 10 minutes -> send one summary notification instead
I’ve explored correlation rule options (including time windows), but I’m not sure:
- How to track/count alarms within a rolling 10 minute window
- How to retrieve details of all correlated alarms (e.g., channel names) to include them in a single email
- Whether this logic can be fully handled within correlation rules, or if it requires additional scripting/state handling
Has anyone implemented something similar or can point me in the right direction?
Thanks in advance!
Hi Dario,
Depending of the end goal of the integration, one possible option is to use DataMiner services to aggregate alarms. For example, you can create a correlation rule that filter alarms related to a service. Next, using a rule condition and the persistent event option, you can count the alarms linked to the service and trigger the corresponding action.
Keep in mind that you could also trigger a correlation rule if the number of services impacted by an alarm is higher than a specific threshold.
Hope it helps.