Skip to content
DataMiner DoJo

More results...

Generic selectors
Exact matches only
Search in title
Search in content
Post Type Selectors
Search in posts
Search in pages
Search in posts
Search in pages
Log in
Menu
  • Blog
  • Questions
  • Learning
    • E-learning Courses
    • Open Classroom Training
    • Certification
      • DataMiner Fundamentals
      • DataMiner Configurator
      • DataMiner Automation
      • Scripts & Connectors Developer: HTTP Basics
      • Scripts & Connectors Developer: SNMP Basics
      • Visual Overview – Level 1
      • Verify a certificate
    • Tutorials
    • Video Library
    • Books We Like
    • >> Go to DataMiner Docs
  • Expert Center
    • Solutions & Use Cases
      • Solutions
      • Use Case Library
    • Markets & Industries
      • Media production
      • Government & defense
      • Content distribution
      • Service providers
      • Partners
      • OSS/BSS
    • DataMiner Insights
      • Security
      • Integration Studio
      • System Architecture
      • DataMiner Releases & Updates
      • DataMiner Apps
    • Agile
      • Agile Webspace
      • Everything Agile
        • The Agile Manifesto
        • Best Practices
        • Retro Recipes
      • Methodologies
        • The Scrum Framework
        • Kanban
        • Extreme Programming
      • Roles
        • The Product Owner
        • The Agile Coach
        • The Quality & UX Coach (QX)
    • DataMiner DevOps Professional Program
  • Downloads
  • More
    • Feature Suggestions
    • Climb the leaderboard!
    • Swag Shop
    • Contact
      • General Inquiries
      • DataMiner DevOps Support
      • Commercial Requests
    • Global Feedback Survey
  • PARTNERS
    • All Partners
    • Technology Partners
    • Strategic Partner Program
    • Deal Registration
  • >> Go to dataminer.services

Correlation – Why isn’t my script executed for every new alarm?

Solved10.23K views22nd February 2022Correlation
3
Jens Vandewalle [SLC] [DevOps Enabler]9.44K 22nd February 2022 0 Comments

Hi Dojo,

I noticed something strange with the Correlation Engine for which I don't know if this is default behavior.

My setup has a Correlation Rule that executes a script when an alarm occurs on a spine switch element.

When I create 3 alarms on my element, by changing the Interfaces Admin Status, I notice that the script is only executed once.

Only when I enable option "Trigger on single events. Don't maintain active tree status." my script is executed for every change. But in that case it's also executed every time the alarm is cleared (I know that I can work around this by filtering on Alarm Severity).

My question is how far it's normal behavior that my script is only executed once while 3 unique alarms are created?

Jens Vandewalle [SLC] [DevOps Enabler] Selected answer as best 22nd February 2022

2 Answers

  • Active
  • Voted
  • Newest
  • Oldest
7
Wouter Demuynck [SLC] [DevOps Advocate]5.91K Posted 22nd February 2022 1 Comment

All of this is by design.

For a correlation rule, all active alarm trees which match the specified alarm filter are being kept track of in a bucket. In your example, all alarm trees elements running the Arista Switch protocol will be kept track of in one single bucket.

For a bucket, the correlation engine rules execute their actions when the rule condition starts being true for the set of alarm trees inside. (if there are no conditions specified, the condition is true as soon as there is one alarm tree in the bucket). Clear actions (if any) are executed once the rule condition stops being true. If extra alarms are being added to (or removed from) the bucket while the condition is fulfilled, only actions marked as "Execute on base alarm updates" will execute.

In your case, the script will run when the set of active Arista Switch alarm trees contains at least one alarm on the "*SPINE*" element.

  • On your first alarm, the rule will fire.
  • On the second alarm, the rule will not fire as the bucket already fulfilled the condition
  • On the third alarm, the rule will not fire as the bucket already fulfilled the condition

Note that in your case you're only filtering on the protocol. This might cause other unwanted alarms to also be tracked in the bucket. Moving the "*SPINE*" element filter to the alarm filter section could help there.

Note that you can split up the incoming alarms into multiple buckets through the "group by" option, e.g. by element or by table index.

The "trigger on single events" option can also be used if the state keeping is not required (combined with a more precise alarm filter to prevent the same alarm tree from triggering the actions multiple times)

Jens Vandewalle [SLC] [DevOps Enabler] Posted new comment 22nd February 2022
Jens Vandewalle [SLC] [DevOps Enabler] commented 22nd February 2022

Hi Wouter, thank you for the very detailed explanation. Much appreciated!

5
Miguel Obregon [SLC] [DevOps Catalyst]18.56K Posted 22nd February 2022 3 Comments

Hi Jens,

Since you are working with a table, have you tried grouping by table index?

Alberto De Luca [DevOps Enabler] Posted new comment 13th July 2022
Jens Vandewalle [SLC] [DevOps Enabler] commented 22nd February 2022

Hi Miguel, it works when grouping by table index. But why is that? I would expect that unique alarms have exactly the same behavior without the need of adding alarm grouping.

Miguel Obregon [SLC] [DevOps Catalyst] commented 22nd February 2022

Hi Jens,
When creating a correlation rule without any alarm grouping, all the alarms will be grouped by default in the same ‘bucket’. For that reason the correlation rule will only be triggered once. When adding alarm grouping (in your case grouped by table index) you will create a bucket for each row in the table, so actions will be executed per row

Alberto De Luca [DevOps Enabler] commented 13th July 2022

I’m so glad I found this – trying to figure out how we can leverage on this – but in that case, let’s say I have 2 different parameters in alarm on the same element, without alarm grouping, would they default to the same bucket? Or does it depend on how the filter is built?

Technically, I’d like to keep a different bucket (if it makes sense) for each different root alarm ID in the element, so that the rule can be reapplied for each new alarm on the element, but I can maintain the active tree status – not interested in having all the the different alarms, for different KPIs, grouped in the same alarm bucket, especially if my filter is built on “Parameter Description (by element)”

Please login to be able to comment or post an answer.

My DevOps rank

DevOps Members get more insights on their profile page.

My user earnings

0 Dojo credits

Spend your credits in our swag shop.

0 Reputation points

Boost your reputation, climb the leaderboard.

Promo banner DataMiner DevOps Professiona Program
DataMiner Integration Studio (DIS)
Empower Katas

Recent questions

Web Applications exception in Cube due to invalid certificate 0 Answers | 0 Votes
Redundancy Groups and Alarming – Duplicate Alarms 0 Answers | 0 Votes
Correlation Engine: “Test rule” doesn’t result in a hit, despite functional rule 1 Answer | 3 Votes

Question Tags

adl2099 (115) alarm (62) Alarm Console (82) alarms (100) alarm template (83) Automation (223) automation scipt (111) Automation script (167) backup (71) Cassandra (180) Connector (109) Correlation (69) Correlation rule (52) Cube (151) Dashboard (194) Dashboards (188) database (83) DataMiner Cube (57) DIS (81) DMS (71) DOM (140) driver (65) DVE (56) Elastic (83) Elasticsearch (115) elements (80) Failover (104) GQI (159) HTTP (76) IDP (74) LCA (152) low code app (166) low code apps (93) lowcodeapps (75) MySQL (53) protocol (203) QAction (83) security (88) SNMP (86) SRM (337) table (54) trending (87) upgrade (62) Visio (539) Visual Overview (345)
Privacy Policy • Terms & Conditions • Contact

© 2025 Skyline Communications. All rights reserved.

DOJO Q&A widget

Can't find what you need?

? Explore the Q&A DataMiner Docs

[ Placeholder content for popup link ] WordPress Download Manager - Best Download Management Plugin