I am using the Incident rule to trigger an alert based on warning and sever threshold. I need my alert to be yellow when it was triggering warning alert and severe should red in color.Can we modify it?It was a biggest concern for our team.
1. When I create an incident with incident severity as severe and given condition warning or severe. Upon reaching the warning threshold, its giving alert as red .
2. When I create a incident with incident severity as warning and give condition as warning or severe. Upon reaching warning threshold it turns yellow, but it turns yellow even if it crosses severe threshold instead of turning red.
If its only considering the incident severity part of the incident rule, why in the first place we have warning or severe in threshold column ? Is there a reason for it to be in that way?
I am running into the same issue right now actually. I believe they have the warning or severe option just as a way to signify whether you want an alert to be sent out when either threshold is crossed or just the server. The incident will only send out alerts based on the incident severity not the threshold severity.
A possible solution would be to create two incidents and have one use a measure with just the severe threshold set and then the second incident use the warning and severe. This will double alert when it is a severe breach. To avoid the double alert, you would have to create two measures and just assign one to each incident.
Let me know what you think of that solution.
This is correct, the incident severity can be severe, warning, or informational and will trigger whenever the thresholds you set are violated. The severe or warning threshold level you set for the conditions is just determining when the incident will fire but won't affect the severity that you set. If you use a warning threshold but the incident is severe it will be a severe incident with a red X in incident charts.
If you want an alert or visualization on an incident chart that will be more focused on the severity you'll need to create two - one warning level incident with whatever thresholds you would like (probably the warning level ones) and one that is severe (with severe level thresholds). They can be based on the same measures but will be different levels of severity for all intents and purposes separate. Email alerts will be configured separately and if you want an incident chart that will show the warning and severe level incidents together you will add both of them to the same chart. At first they will be split by the incident but if you right click and disable the 'split' option they will show up together on the same incident chart and it will be either green, yellow, or red depending on the state of both of the incidents.