Hi Dojo
We're working on a use case where we need to create an alarm filter that excludes any alarms that are/were part of the base alarms of a correlated alarm.
For this, is it possible to build an alarm filter that identifies/excludes an alarm that is/was a base alarm of a particular correlated alarm, whereby we can put in the alarm filter an identifier of a specific correlation rule or the identifier of a correlated alarm by name or value?
For example, given that a correlation rule "CR" is used to generate a correlated alarm "CA", I need to build this logic into an alarm filter:
Give every alarm within the dataminer system except alarm A when alarm A was used to trigger the "CR"
In other words:
If a correlation rule "CR" exists and generates a correlated alarm "CA", I need to build this logic into an alarm filter:
Filter every alarm within the dataminer system except alarms A, B, C... when these alarms are or were base alarms of correlated alarm "CR"
On this screenshot example, we would apply a filter to give all alarms except the ones in the blue box by telling "all the alarms except any alarm that belongs to correlated alarm with value *AggAlarm*
Ideally out of the box without having to set custom properties of alarms via script
I believe this will not be possible. Filtering on alarms is based on the properties of those alarms, and those are not affected / changed by the fact that they are (or have been) involved in the triggering of a correlated alarm. The correlated alarm has pointers towards the base alarms, but not the other way around.
The first thing that came to mind as a work-around is indeed to trigger not only the correlated alarm, but also a script to sort of tag the involved base alarms (e.g. in the comment field). I'm not sure though if that's feasible and also some caution would be required in relation to the volume of alarms in your system. But you indicated already that you prefer not to involve scripting.