Showing results for 
Show  only  | Search instead for 
Did you mean: 

This product reached the end of support date on March 31, 2021.

Multiple rules for same alert


Hi all

We are trying to build custom alerts with rules below:
Could anyone please advise how can we achieve below in AppMon?

Rule # | evaluation time | action | criteria | severity | additional checking
#1 | 10 minutes | trigger email | failed transaction count <= 2 | warning | none
#2 | 10 minutes | trigger SNMP | failed transaction count > 10 | warning | action #1 will not be triggered

#3 | 10 minutes | trigger SNMP | failed transaction count > 20 | warning | action #1 and #2 will not be triggered

The idea is to trigger appropriate actions based on severity (or no of failures) detected in the application within same time frame.

Or any workaround to get intended results are welcomed too.



Dynatrace Mentor
Dynatrace Mentor

Hi Hogan,

I don't believe there is a way to do all of that in the same alert.

However, I do believe that you can create 3 different incidents that will not trigger at the same time (if incident 3 occurs, it won't trigger 2 or 1).

For incident level 3, create a measure that follows the below threshold and add it to your conditions. This incident will only occur if your failed transaction count exceeds 20. Make sure the aggregation is COUNT. So make the action reflect that.

For incident Level 2, create another measure like the previous one, but make the Upper Warning Threshold 10.1 so that it does not trigger if there are 10 or less violations. Make another Measure to reflect your upper bound with the below threshold.

Add both of the measures to your conditions and make sure the aggregation is COUNT and logic is AND, this incident will only occur if your Failed Transaction Count is between 11 and 20. Don't forget to create the appropriate action.

(Now for incident Level 1, I'm going to assume you want that to trigger when the failed transaction count >=2, not <=2 because then anything between 3 and 10 would not trigger an alert.)

Follow similar steps for incident Level 1, create a measure that reflects your lower bound (Upper Warning = 2) and another for your upper bound (Lower Warning = 10) and add them to your conditions, ensure that aggregation is COUNT for everything, logic is AND, and add the appropriate action.

Name the incidents as you'd like, they should not trigger for the same 10 minute time frame.

If you need further assistance, let me know.