Skip to content
DataMiner DoJo

More results...

Generic selectors
Exact matches only
Search in title
Search in content
Post Type Selectors
Search in posts
Search in pages
Search in posts
Search in pages
Log in
Menu
  • Blog
  • Questions
  • Learning
    • E-learning Courses
    • Open Classroom Training
    • Certification
      • DataMiner Fundamentals
      • DataMiner Configurator
      • DataMiner Automation
      • Scripts & Connectors Developer: HTTP Basics
      • Scripts & Connectors Developer: SNMP Basics
      • Visual Overview – Level 1
      • Verify a certificate
    • Tutorials
    • Video Library
    • Books We Like
    • >> Go to DataMiner Docs
  • Expert Center
    • Solutions & Use Cases
      • Solutions
      • Use Case Library
    • Markets & Industries
      • Media production
      • Government & defense
      • Content distribution
      • Service providers
      • Partners
      • OSS/BSS
    • DataMiner Insights
      • Security
      • Integration Studio
      • System Architecture
      • DataMiner Releases & Updates
      • DataMiner Apps
    • Agile
      • Agile Webspace
      • Everything Agile
        • The Agile Manifesto
        • Best Practices
        • Retro Recipes
      • Methodologies
        • The Scrum Framework
        • Kanban
        • Extreme Programming
      • Roles
        • The Product Owner
        • The Agile Coach
        • The Quality & UX Coach (QX)
    • DataMiner DevOps Professional Program
  • Downloads
  • More
    • Feature Suggestions
    • Climb the leaderboard!
    • Swag Shop
    • Contact
      • General Inquiries
      • DataMiner DevOps Support
      • Commercial Requests
    • Global Feedback Survey
  • PARTNERS
    • All Partners
    • Technology Partners
    • Strategic Partner Program
    • Deal Registration
  • >> Go to dataminer.services

Correlation Rule collects historical alarms

Solved946 views6th July 2023Automation script correlated alarms Correlation rule
7
Paul Lee [DevOps Member]595 28th March 2023 0 Comments

Hi,

I have a correlation rule to collect the alarms and an automation script to send the alarms data as an email. It seems to work but with the active alarms but the problem is that it seems to include all the historical alarms from a few weeks ago which had been raised and cleared.

Below is the correlation rule that I have.

And it runs the script and passes the correlation rule id. With the Id, the script collects the alarms by running this code.

private List<int> GetAlarmIds(string correlationRuleId)
{
GetCorrelationStatusMessage msg = new GetCorrelationStatusMessage
{ ID = Guid.Parse(correlationRuleId), };

GetCorrelationStatusResponse response = Engine.SLNet.SendSingleResponseMessage(msg) as GetCorrelationStatusResponse;

var buckets = response.Status.Buckets;
var alarmIds = new List<int>();
for (int i = 0; i < buckets.Length; i++)
{
if (buckets[i].Mode.ToString() != "TrackCollection")
{
continue;
}

for (int j = 0; j < buckets[i].TrackedTrees.Length; j++)
{
alarmIds.Add(Convert.ToInt32(buckets[i].TrackedTrees[j].Split('/')[1]));
}
}

return alarmIds;
}

Could someone please advise me what I am missing here? Please let me know if anything else is needed. Many Thanks.

Marieke Goethals [SLC] [DevOps Catalyst] Selected answer as best 6th July 2023

1 Answer

  • Active
  • Voted
  • Newest
  • Oldest
9
Wouter Demuynck [SLC] [DevOps Advocate]5.91K Posted 28th March 2023 5 Comments

Hi Paul,

Looks like this is a bug with the "Collect events for ... after first event" rule condition option. For every instance of the action, a tracked bucket remains in memory until DMA restart or rule update, while I would have expected these to have been cleaned up after executing the rule actions.

The code in your automation script is grabbing alarm events out of all these (old) buckets.

Note: You can see all current buckets in the SLNetClientTest tool via Advanced > Correlation > Rule Status.

A proposed workaround could be to have your automation script search for the most recent of these buckets (highest id), as this is the relevant bucket for the active occurrence.

Example code below (using System.Linq)

GetCorrelationStatusResponse response = Engine.SLNet.SendSingleResponseMessage(msg) as GetCorrelationStatusResponse;

var alarmIds = new List<int>();
var bucket = response.Status.Buckets.OrderByDescending(b => b.ActiveMatchInfoID).Where(b => b.Mode.ToString() == "TrackCollection").FirstOrDefault();

for (int j = 0; j < bucket.TrackedTrees.Length; j++)
{
alarmIds.Add(Convert.ToInt32(bucket.TrackedTrees[j].Split('/')[1]));
}

Marieke Goethals [SLC] [DevOps Catalyst] Selected answer as best 6th July 2023
Paul Lee [DevOps Member] commented 31st March 2023

Thanks Wouter, it was spot on and did fix the problem. Is the bug with the buckets not being cleaned going to be investigated in the future?

Wouter Demuynck [SLC] [DevOps Advocate] commented 3rd April 2023

Hi Paul. An internal task was created to work on this issue (208818)

Nils Hoven [DevOps Advocate] commented 4th May 2023

Hi Wouter,

may this bug be the cause for the following notices we’ve recently experienced?

“Correlation rule xyz has the maximum of 10000 active buckets. Ignoring new ones.”

In this Correlation Rule we also use the “collect events for…” option.

Wouter Demuynck [SLC] [DevOps Advocate] commented 8th May 2023

Hi Nils,

The notice is indeed a consequence of the buckets sticking around in memory and will prevent new buckets from being created (thus breaking the correlation rule, as it will no longer trigger)

For as long as no fix has been provided for this (ref 208818 as above), workarounds could be to clear the in-memory buckets by editing the rule from time to time (e.g. only edit the description) or by restarting the DMA. Another option would be to increase the limit via SLNetClientTest > Advanced > Options > SLNet Options > CorrelationMaxBucketsPerRule. There’s little impact besides increased memory usage for the SLNet process.

Nils Hoven [DevOps Advocate] commented 11th May 2023

Hi Wouter,
thanks for confirming and for the workarounds. Good to hear that this is a known issue.

Please login to be able to comment or post an answer.

My DevOps rank

DevOps Members get more insights on their profile page.

My user earnings

0 Dojo credits

Spend your credits in our swag shop.

0 Reputation points

Boost your reputation, climb the leaderboard.

Promo banner DataMiner DevOps Professiona Program
DataMiner Integration Studio (DIS)
Empower Katas

Recent questions

Multiple Set on Table parameters for DVE’s 0 Answers | 1 Vote
DOM Definition relations returned in Definition query 0 Answers | 1 Vote
Alarm Dashboard PDF/CSV Export 1 Answer | 0 Votes

Question Tags

adl2099 (115) alarm (62) Alarm Console (82) alarms (100) alarm template (83) Automation (223) automation scipt (111) Automation script (167) backup (71) Cassandra (180) Connector (108) Correlation (68) Cube (150) Dashboard (194) Dashboards (188) database (83) DataMiner Cube (57) DIS (81) DMS (71) DOM (140) driver (65) DVE (56) Elastic (83) Elasticsearch (115) elements (80) Failover (104) GQI (159) HTTP (76) IDP (74) LCA (152) low code app (166) low code apps (93) lowcodeapps (75) MySQL (53) protocol (203) QAction (83) security (88) services (51) SNMP (86) SRM (337) table (54) trending (87) upgrade (62) Visio (539) Visual Overview (345)
Privacy Policy • Terms & Conditions • Contact

© 2025 Skyline Communications. All rights reserved.

DOJO Q&A widget

Can't find what you need?

? Explore the Q&A DataMiner Docs

[ Placeholder content for popup link ] WordPress Download Manager - Best Download Management Plugin