I'm having a hard time understanding how the "Confirm Incident" feature of Dynatrace is supposed to work, and whether it is dependent on enableing "Smart Alerting" on an Incident Action. From the documentaiton and previous posts it seems that the two features are linked, but this is not completely clear. My questions are:
1. Does the "Confirm Incident" feature only work when Smart Alerting is enabled? We see this as a menu item for all of our Incidents even though we do not have Smart Alerting enabled on any of them. Moreover we can select this item and "Confirm" the incident. My assumption, based on what I've seen and read is that you can "confirm" an incident regardless of whether Smart Alerting is enabled. Presumably, if Smart Alerting is NOT enabled the confirmation does nothing to change whether or not further alerts get generated... it mearly sets the state of the incident to confirmed (not clear what value there would be in that though).
2. Is the behaviour of the Smart Alerting in suppressing alerts until the related Incident is confirmed tied to a specific instance of an Incident Rule violation (i.e., a specific "Incident") or does it apply to the Incident Rule? For example, lets say I have an Incident Rule called "GC too high" and this incident rule fires... if nobody confirms the Incident, does this simply mean that there will be no further alerts for THIS SPECIFIC INCIDENT or does it mean that any other Incidents that are triggered based on the Incident Rule will not send an alert? Although it would seem logical that the confirmation applies only to a specific Incident, I do not see what the point of this would be since the action on the incident is set to trigger only on the start of the incident... so the whole notion that useing Smart Alerting to prevent a storm of emails doesn't seem to make sense.
Solved! Go to Solution.
Confirm Incident is a function available for all incidents, not just those for which an action is configured with Smart Alerting.
Smart Alerting works for the whole incident rule and not for individual instances of the incident. The way I teach best practices around alerting includes the following bullet points:
If possible to follow these two rules (even just the first one) you likely don't need the Smart Alerting mechanism, as it adds another required step every time an incident is fired.
sorry for any inconveniences!
It´s been murky waters around this theme in the Client and documentation, I know!
Do you have any specific passages or pages for me to go over and (hopefully) improve wording / semantics?
Thanks for your patience!