Threshold Alert Escalation

Normally, an alert is triggered whenever the threshold is breached. In cases where system metrics produce one-time spikes, even though there is no actual system impact, this can result in false alarms.

To improve alert accuracy and reduce false positives:

• The threshold override can be updated to generate alerts only if the issue persists.

• An escalation rule can be configured to trigger a Critical Alert only when the alert count exceeds a defined value within a specific time window.

Thresholds in IT-Conductor have dedicated escalation configurations that allow for complex rule definitions, such as considering prior values, frequency, and persistence of conditions.

This flexibility makes it possible to:

• Differentiate between one-off and recurring issues.

• Ensure only sustained problems trigger escalations.

What are escalation rules in IT-Conductor?

Escalation rules define how alerts progress in severity and priority while a warning or alarm condition persists.

When the threshold override Escalate Alerts checkbox is enabled:

• The Escalation Rules tool becomes visible in the threshold override toolbar.

• Defined escalation rules are applied as long as the warning or alarm condition persists.

• These rules determine how alerts are generated, determining alert escalation level and priority.

Use Case: PagerDuty Integration

In many IT operations environments, IT-Conductor alerts are integrated with PagerDuty to manage on-call notifications.

Scenario

PagerDuty is configured to trigger a call to the SAP Basis team whenever an alert is raised in production systems.

Expectations

• The team wants to be notified only when a critical production issue persists.

• A one-time occurrence should raise only a Warning Alert, not a Critical Alert or PagerDuty incident.

Solution

With IT-Conductor’s escalation rules capability:

• A Warning Alert is generated for one-time events.

• A Critical Alert (which triggers PagerDuty) is only raised if the issue repeats multiple times over a set duration.

Configure Threshold Alert Escalation

To configure threshold alert escalation, start by enabling the Escalation Rules tool, then create a new escalation rule.

Enable Escalation Rules

1. Navigate to the service grid and select the metric to configure with a threshold alert escalation. Click Threshold Overrides, then select Overrides.

1. Select the threshold override you want to modify, click Threshold Default Settings, then select Modify.

1. Tick the Escalate checkbox, then click Save to enable escalation rules.

Once enabled, Escalation Rules will appear in the threshold toolbar.

Create New Threshold Alert Escalation Rule

1. Click Escalation Rules to access the list of existing escalation rules.

1. Click Create New Object to start adding a new escalation rule.

1. Fill out all the necessary information in the Create Threshold Alert Escalation wizard. Once completed, click to save the configuration.

• Description – refers to a short description for the escalation rule.

• Level – refers to the escalation level applied when the rule is triggered.

• Intervals – refers to the look-back aggregation interval count used for monitoring alert conditions.

• Alert Count – refers to the number of alerts within the defined look-back interval that will trigger escalation.

• Escalation Priority – refers to the priority assigned to the escalation alert.

• Escalate Severity – refers to the severity level set for the escalation alert.

• Escalation Message – refers to the message content displayed when an escalation alert is generated.

Once created, the Escalation Rule is applied to the associated monitor.