This blog aims to provide a detailed explanation of correlation rules.
To know more about alert correlation, click here.
Features of Correlation Rules:
A rule has an ID, name, attribute, time window, status and optionally filters.
Here is a guide on what filter values to use :
Alert Category | ID |
Availability | AVAIL |
Configuration | CONFIGURE |
Exception | EXCEPTION |
Health | HEALTH |
Performance | PERFORM |
Self Monitoring | SELFMON |
Managed Object Type description | ID |
Application Server ABAP | ABAP |
Application Server Java | JAVA |
User Request Group | RUM Group |
Sum Scenario | SUM_SCRIPT |
Sum Location | SUM_ROBOT |
Storage Device | Storage |
Open KPI Sender | RCA_OPEN_K |
Job Monitoring | ABAP_H |
Host (Server) | HOST |
Generic Managed Object type | SCENARIO |
External Service | EXT_SRV |
Database Replication Group | DBCLUSTER |
Database Instance | DBINSTANCE |
Database | DBMS |
Customer Network | NETWORK |
Client | CLIENT |
Technical Component | TECHN_COMP |
Technical Instance | INSTANCE |
Technical System | T_SYSTEM |
Tenant Database Instance | DBTENANT |
Test Manged object type | TEST_MOT |
Unspecified Managed Object | UNSPECIFIC |
You can find the values in the value help available in the rule creation UI.
Additional alert keys are part of alert. You can find it in alert list or in alert detail.
To use as filter, each name-value pair to be delimited by a pipe symbol
Name=PLM_PSM_SH|Type=SAP ABAP Job|Client=002
You should use complete Alert Name without any wild cards(*).
Example : Critical Execution Status for job detected
You can locate this in the template maintenance for system monitoring alerts. For other alerts this is not applicable.
You can use the customer name as it appears in the scope selection.
You can use the data center as it appears in the scope selection.
Context family name is a concatenation of extended system id and type. Example: AXEWLL (ABAP). You can also wait till the first cluster is formed and use the name from there. Use the managed object type and name in this case.
Examples:
Correlation Attributes: Host
Time Window: 60 Mins
Rank: 1
Filter: NA
Correlation Attributes: Alert Type, Data Center
Time Window: 60 Mins
Rank: 1
Filter: NA
Correlation Attributes: Context Family
Time Window: 30 Mins
Rank: 1
Filter: NA
Correlation Attributes: Context Family
Time Window: 30 Mins
Rank: 1
Filter: Alert Category
Condition : Is
Value : AVAIL
Correlation Attributes: Context Family
Time Window: 30 Mins
Rank: 1
Filter: Alert Category
Condition : Is
Value : AVAIL
Filter: Data Center
Condition : Is not
Value : PRIO
In conclusion, understanding correlation rules in SAP Focused Run Alert Management is crucial for efficient and effective alert management. By leveraging correlation rules, users can reduce noise and false positives, prioritize critical alerts, and streamline incident resolution. This can ultimately lead to improved operational efficiency and better overall system performance.
#SAPFocusedRun
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
29 | |
13 | |
12 | |
10 | |
10 | |
9 | |
9 | |
7 | |
7 | |
6 |