About alert groups
An alert group is a group of two or more alerts that Cloud Pak for AIOps has correlated together because the underlying analytics have determined that these alerts belong together.
Alerts can be added to an alert group because of one or more of these factors:
| Correlation type | Example |
|---|---|
| Temporal groups: based on alert history, these alerts tend to occur within a short time of each other. | A "Latency" alert on a server is regularly followed by a "Ping response time high" alert on that same server. These alerts are grouped into a temporal subgroup. |
| Topological groups: the alerts occur on resources within a predefined section of your network topology. | If there is a predefined section of the network that groups together a specific switch and all the nodes that depend on that switch, then any alerts occurring on that specific switch or the nodes connected to it are grouped together. These alerts are grouped into a topological subgroup. |
| Scope-based groups: the alerts occur on a user defined scope. | An administrator defines a ScopeID based on properties that define the scope for how alerts are grouped. Any alerts that match the scope and occur within a default time window are then automatically grouped together. An example
would be where an alert storm occurs on the london145.acme.com server. All of the alerts in that storm will be grouped together as they match the alert.resource.location= london145.acme.com, and they occur within
the default time window. These alerts are grouped into a scope-based subgroup. |
