ACTIVATED/RESOLVED states for alerts with auto-resolution
It often happens an alert being fired and keeping sending me notifications every X minutes until I resolve the problem. It may happen the problem can only be resolved the day after or, worse, many days after (for example, a low disk space condition). Meanwhile, I keep receiving all these notifications, filling up my mailbox and... you know!
It would be great to have a single ACTIVATED notification when the alert fires and later a RESOLVED notification when the alert condition is not met anymore. I believe there may be a way of achieving this through a pair of complex queries, but if this feature came out-of-the-box... It's a basic feature of any alert management solution!
Ability to suppress an alert exists in log alerts; to disable notifications while alert execution continues.
Additionally, now enhanced azure alerts automatically groups continually firing alerts and you can close/acknowledge them as well. For more info, see: https://docs.microsoft.com/en-us/azure/monitoring-and-diagnostics/monitoring-overview-unified-alerts#enhanced-unified-alerts-public-preview
Is there any solution or work around for stop keep firing alerts? I need one single activated alert for one incident. Suppression is not really helping here.
Yosbel Esperón González commented
It would be nice to have the possibility of adding a resolved state.
Bevan Sinclair commented
Suppress does not really answer the question of managing alert status. How can you predict the timeline of an event? What if an agent stops heartbeating, alert is sent but it returns to operation straight away? An engineer could log in, see the alert has been resolved and look into it first thing in the morning, instead of logging in then.
Would be great to track the state as Rocky describes in his comment.
The current suppression feature is helpful, but not ideal. When integrating with other tools, it is critical that alert state can be tracked, particularly for ITSM tools like ServiceNow. Alerts need states like Open, Assigned, Fix Scheduled, Closed/Resolved, or similar. It looks like each alert gets a unique ID, so hopefully this is something that is coming soon.
Hélder Pinto commented
In part, it helps and it decreases the priority of this idea. However, it's not as good as an automatic RESOLVED notification, which would be the ideal solution.