how alert group working

Hi
Create a new service
I enable alert group in my logdna service
I try test some scenario for alert group

  1. when same error alert happen
    interval is 3 mins´╝îgroup succ
    interval is 8 mins´╝îNot group

  2. when same kind error happen´╝î
    like´╝ÜAuthenticationException´╝î but reason is different
    javax.security.sasl.AuthenticationException: reason1
    javax.security.sasl.AuthenticationException: reason2
    We expect NOT group
    But it grouped

  3. Based 2 result, i move alert out of grouped incident
    Try step2 again, it still group, the machine learning seems does not work

Could you help to support this?
For the detail about the alert group

Hi Vicky

Thanks for reaching out on community. Alert grouping can differ for a number of reasons -

ÔÇô Time-Based Alert Grouping is one, if the interval on timing is different, you may want to check your settings for how long an Alerts are grouped. This will be under the ÔÇťalert groupingÔÇŁ tab of your Services settings.

ÔÇô Intelligent Alert Grouping is done via an algorithm that learns over time. In this document you can learn how to influence this by merging alerts and moving them from each other to seperate Incidents.

Let me know your thoughts on the above.

John

Yes´╝î I enable alert group in first radio button intelligent alert grouping

And I also go through the doc you provided
But still has no answer for my three scenarios

1.when same error alert happen
interval is 3 mins´╝îgroup succ
interval is 8 mins´╝îNot group

What interval is same error group succ or not´╝č

scenario 2.
Same exception which has differnent reason log´╝î will alert group
log 1: javax.security.sasl.AuthenticationException: reason1
log2: javax.security.sasl.AuthenticationException: reason2

For the different reason´╝î we do not expect these two logs group to one incident´╝č

scenario 3.
After scenario 2´╝î we move reason1 log alert to new incident to expect your machine learning update
But try scenario 2 again´╝î same result happen

So´╝îalert group intelligent does not work good in LogDNA service?

Hi Vicky,

You wonÔÇÖt always able to see immediate changes to how alerts intelligently group after Influencing the Algorithm. The system may require seeing you do such things repeatedly before assuming youÔÇÖd like this to always be done for you automatically.

In your example of ÔÇťlog 1: javax.security.sasl.AuthenticationException: reason1ÔÇŁ, can you confirm if this is the description of your incident? Or is this string somewhere in the custom details of your incident?

If youÔÇÖre interested in seeing these eventually group intelligently or in the way youÔÇÖre hoping, I would recommend continuing to try to influence the algorithm.

Thanks for your further explanation

For scenario 1, still need your support answer, why 3 mins interval, group succ
why 8 mins interval, group fail? give me sepcfic interval mins which you support in intelligent-alert-grouping, that is very import for us

For scenario 2,
log1 from dna:
3d56cf6d-12f7-430b-72a9-e4bc polario ERROR [nio-8080-exec-2] j.c.t.common.ex.ApiExceptionHandler : [-] Unknow Exception. Reason´╝Üillegal state
javax.security.sasl.AuthenticationException: illegal state
at jp.co.trusco.vnd.login.rest.UpdateUserRest.getUser(UpdateUserRest.java:57)
at jp.co.trusco.vnd.login.rest.UpdateUserRest$$FastClassBySpringCGLIB$$78762a0f.invoke()
at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:218)
at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:749)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)
at org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.proceed(MethodInvocationProceedingJoinPoint.java:88)
at jp.co.trusco.common.fw.LoggingInterceptor.log(LoggingInterceptor.java:42)

log2 from dna:
89d5330a-a097-405d-6e0b-8408 polario ERROR [nio-8080-exec-5] j.c.t.common.ex.ApiExceptionHandler : [-] Unknow Exception. Reason´╝Ü Auth Failed
javax.security.sasl.AuthenticationException: Auth Failed
at jp.co.trusco.vnd.login.rest.FindVendorRest.findVendorId(FindVendorRest.java:48)
at jp.co.trusco.vnd.login.rest.FindVendorRest$$FastClassBySpringCGLIB$$3e75d7bc.invoke()
at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:218)
at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:749)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)
at org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.proceed(MethodInvocationProceedingJoinPoint.java:88)
at jp.co.trusco.common.fw.LoggingInterceptor.log(LoggingInterceptor.java:42)

Do not know why they group together? it does not work for this scenario?

For scenario 3: actually i move alert out or group twice, the first time and second time moving are interval several hours
And try scenario 2 failed?

Hi Vicky,

As this seems to be getting a bit sensitive in terms of what we need to know about your personal account to help you out here, can you start a seperate thread with our Support team directly, support@pagerduty.com, so no information is shared publicly that should not be -

  • In this email let us know the Service on your account
  • The Incidents that are giving you trouble
  • Reference your community post

With the above we can link up and continue to help you out !

Kind regards,
John