topic Re: Is there a way to resolve multiple incidents at once in Alert Manager? in All Apps and Add-ons

Is there a way to resolve multiple incidents at once in Alert Manager?

gbhaghavatula — Thu, 15 Jun 2017 16:55:57 GMT

we have lot of events which log error incidents every day and its a lot of manual work to close each incident manually.

I want a solution where i don't have to suppress any event alerts but I want to close those incidents after all I review them.

any ideas?

Re: Is there a way to resolve multiple incidents at once in Alert Manager?

christianhuber — Thu, 03 Aug 2017 13:39:29 GMT

Hi,

I am not sure if this is the solution to your problem but i close my incidents with this command.

index=alerts | table _time incident_id | dedup incident_id | modifyincidents status="Resolved" comment="autoclose"

it may take a moment uppon how many open incidents you have.

Re: Is there a way to resolve multiple incidents at once in Alert Manager?

gbhaghavatula — Thu, 03 Aug 2017 15:45:20 GMT

hi, thanks for your reply.

can you let me know how do you implement this query? do you create a rule in splunk for the incidents to close? let me know more details about this process.

Thanks again for your response, appreciate it.

Thanks;
GAUTI

Re: Is there a way to resolve multiple incidents at once in Alert Manager?

christianhuber — Fri, 04 Aug 2017 07:41:47 GMT

i use this usually to close all open tickets after the testing period to start with a clean sheet. If you plan to regulary close the incidents you should probably work with the auto resolve options. You see this options when you configure a Alert Manager trigger.

or the dirty way you just schedule the search above to run at a specific interval of your choice.

Christian

Re: Is there a way to resolve multiple incidents at once in Alert Manager?

gbhaghavatula — Tue, 08 Aug 2017 19:56:25 GMT

Thanks a ton Christian. We will implement this idea soon and I will let you know how this worked.

Re: Is there a way to resolve multiple incidents at once in Alert Manager?

chalak — Mon, 05 Mar 2018 09:59:44 GMT

Hi all,

Would you be please able to advise how to achieve closing multiple alerts at once through the Alert Manager app directly (Ideally on the incident posture tab). At the bottom part of the Incident posture tab can be 10 alerts, is there a possibility to have for example checkbox to select certain alerts and close it? Would be there any similar possibility how to achieve this idea?

Re: Is there a way to resolve multiple incidents at once in Alert Manager?

riki1092 — Fri, 23 Mar 2018 09:58:45 GMT

Can you please help me out how to close multiple open alerts in one go.as of now I am closing it manually with search incident option.

It would be great if you could send the steps how to set the query.

arkobardhan2011@gmail.com

Re: Is there a way to resolve multiple incidents at once in Alert Manager?

riki1092 — Fri, 23 Mar 2018 10:00:12 GMT

Does the query helped you in closing multiple open alerts in one go?

Re: Is there a way to resolve multiple incidents at once in Alert Manager?

my2ndhead — Fri, 01 Jun 2018 14:23:32 GMT

Will be part of the next release https://github.com/simcen/alert_manager/issues/191

Re: Is there a way to resolve multiple incidents at once in Alert Manager?

chalak — Fri, 01 Jun 2018 14:36:07 GMT

Thanks for the information.

Re: Is there a way to resolve multiple incidents at once in Alert Manager?

Imadam — Tue, 09 Oct 2018 13:42:04 GMT

Hi,

Can I auto-resolve alerts based on other events with different status?
For example I have events:
ID Host Status
1221 Ex12 Critical
1312 Ex12 Normal

I want to auto close alert 1221 based on event 1312