Alert suppression rules are a feature that temporarily disables alert notifications under specific conditions. By setting up suppression rules, unnecessary alerts can be avoided in certain situations, reducing disturbances. The suppression rules are commonly used in the following scenarios:
-
Planned Maintenance: During planned maintenance, services or systems may be temporarily shut down, triggering a large number of alerts. By setting up suppression rules, alerts can be temporarily disabled during the maintenance period to avoid unnecessary disturbances.
-
Known Issues Handling: For known issues that are already being addressed, we may not want to receive duplicate alerts. Suppression rules can be set up to temporarily stop those alerts until the issue is resolved.
-
Temporary Suppression for Random Issues: During non-critical times, such as holidays or night hours, we may want to temporarily suppress some non-critical alert notifications. By setting up the active time of the rule, this need can be met, allowing us to focus on critical tasks.
Filtering Conditions
Suppression rules work like a funnel, filtering based on the conditions step by step, and only when all conditions are fully matched will the suppression occur.
Business Group: Suppression rules will only apply to alert events within the specified business group.
Data Source Type, Data Source, Event Level: Once set, these can filter the alert categories you want to suppress.
Event Tag Key: A core field for more refined filtering, improving the accuracy of suppression rules. All event tags in the alert can be used as filtering conditions.
Matching Operators: Currently, six operators are supported: ‘==’、’=~’、’!=’、’!~’、‘in’、’not in’.
Matching Operator Descriptions:
"==": Exact match for the tag value.
Suppress alerts that match the tag rulename with the value “Test Server Mounts Multiple Business Group Alerts.”
"=~": Match tag value using a regular expression.
Suppress alerts that match the regular expression for the tag ident, with values containing flashcat or v63-192.168.0.2.
"!=": Exact match (negation).
Suppress alerts where the tag ident value is not pushgw-flashcat02-192.168.0.2.
"!~": Do not match tag value using a regular expression (negation).
Suppress alerts where the tag ident value does not contain the keyword flashcat.
“in”:
Suppress alerts where the ident tag value is flashcat01-192.168.0.2 or pushgw-flashcat02-192.168.0.2.
“not in”:
Suppress alerts where the ident tag value is neither flashcat01-192.168.0.2 nor pushgw-flashcat02-192.168.0.2.
Matching Logic: Multiple event tag matching conditions are filtered from top to bottom, with each condition linked by an “AND” relationship.
Matching Condition Range: All tags in the alert event.
Suppression Duration
The effective time range for a suppression strategy can be either one-time or cyclic.
Note: The triggertime of the alert event that needs to be suppressed must be within the suppression time range, otherwise the suppression rule will not take effect.
The suppression duration is set to exclude minute-level selection by default, but the start and end times of suppression can be specified to the minute and second.
