Alert Escalation Overview

Provides information about the definitions of policy modes as well as the usage of various settings.

Leave Feedback

Introduction

An alert escalation policy defines user settings that OpsRamp applies in escalating alerts.

After an alert is correlated, OpsRamp provides options to notify users about the alert and automatically create incident tickets. The goal of alert escalation is to notify users of critical alerts so that the alert is acknowledged by a user.

Escalation is useful if you follow an on-call process for alert response. In an on-call process, your IT staff do not watch a console for alerts. Instead, automated notifications are sent to designated staff on pre-defined shifts.

With escalation features, you can notify users via email, text and voice messages, based on these criteria:

  • User and alert type: Notify specific users based on type of alert.
    For example, notify database administrators of alerts from database servers.
  • Shift schedule: Notify specific users based on when they are available: For example, notify IT staff on the day shift, of alerts that arrive between 8:00 AM - 5:00 PM, and notify IT staff on the evening shift, of alerts that arrive between 5:00 PM - 2:00 AM.
  • Chain of responsibility: Notify users up a chain of responsibility, if alerts remain unacknowledged after notification. For example, notify shift managers of unacknowledged alerts of alerts that remain unacknowledged 30 minutes after first notification was sent to level 1 staff.
Alert Escalation

Alert Escalation

Policy modes

The following policy modes are supported:

  • Off
  • Observed
  • Recommend
  • On

Off

In this mode, the policy is inactive and has no effect on your alerts. You can use this mode to review a newly defined policy, before changing into one of the other modes.

Observed

This mode allows you to simulate the effect of a policy, without impacting your alerts. This mode applies only to policies that have have an auto-incident creation action configured.

In this mode, the policy creates an observed alert, which simulates the original alert. The observed alert shows the actions that would have been taken on the original alert, if the policy were in On mode. The observed alert includes a link to the original alert.

Recommend

In this mode, the policy creates a recommendation for actions that you should take on the alert. Recommendations are based on OpsRamp’s learning from historical alerts. The recommendation includes a link to take the action.

On

In this mode, the policy takes automated actions on your alerts.

User scope setting

This setting selects whether alerts are escalated to users within your organization’s account (partner) or users within a client account.

Resource scope setting

This setting selects resources for which alerts are escalated.

Filter criteria setting

This setting selects alerts to which the policy applies.

Action setting

The action setting selects the following:

  • Whether the policy takes automated escalation actions or just shows which users should be contacted directly.
  • How long to wait before sending a notification or creating an incident.
  • Alert state transitions at which notifications are sent.
  • What priority is assigned to a notification.
  • At what frequency notifications are repeated.
  • When notification should stop.
  • To which users notifications are sent or to which users incidents are assigned.
  • Attributes and content of an auto created incident. You can specify incident attributes or have OpsRamp automatically set attributes based on learning from historical alerts.
  • Whether to update an incident upon changes to the alert’s state.

What to do next