First response policy permits you to auto-suppress alerts as a first response for non-significant alerts.
You must have OpsQ View and OpsQ Manage permissions to manage first response and alert escalation policies.
A training file is required to suppress specific alerts or snooze specific alerts. The training file includes examples of alerts to be suppressed. See Alert Management Training File for more information.
Step 1: Enter policy name and mode
- Go to Setup > Alerts > First Response.
- Select a client.
- Click +Add.
- Enter a name for the policy.
- Select the mode.
Step 2: Filter criteria
Select Filter Criteria.
Choose from Any or All of the defined conditions to apply a filter for the alerts.
Select Native Attributes or Resource Custom Attributes depending on your requirement.
Native Attributes are the predefined attributes and Resource Custom Attributes are user-defined attributes.
Select the required attribute, logical operator, and enter the value. Click + to add multiple filter conditions.
Step 3: Policy definition
The continuous learning option is only available for client-level policies. To apply first-response actions using machine-learning, ensure Continuous Learning is enabled by default to suppress alerts using historical data. If you do not rely want machine-learning suppression, disable the toggle button.
Alert pattern actions
Train the system to suppress alerts that have a common pattern:
- Select Suppress alerts that happen regularly, at around the same time to suppress alerts that happen regularly at around the same time.
- Specify the Seasonality Timeframe.
- Click Save.
Alert attribute actions
Manually assign the following first-response actions or train the system to apply the selected first-response actions on the alerts containing specific characteristics:
- Suppress Alerts: To manually suppress alerts, from the Suppress Alerts drop-down, select the required suppress action, and click Save.
- Run Processes: To manually add a process definition, from the Run Processes section, click Add, select the required process definition and click Save.
- Learned Configuration: To train the system to run first-response actions on the alerts. This option applies to both the Suppress Alerts and Run Processes options.
Use a training file or machine learning
Select Learned Configuration.
To add a training file, click Drop the training data file here, or browse to upload a training file.
One client can upload only one training file. Changing the training file affects all the learned policies of the client.
Select the file from your local folder. On uploading the file Input and Output columns are displayed.
Verify the Input and Output columns:
Click Continue to Model Training.
Click Train Model. The accuracy of the trained first-response policy is displayed in the Summary section.
Click Review and click Save.
Review the model accuracy.
(Optional) Click Edit to modify the configuration if required.
The first response policy is created and is displayed on the First Response Policies page: