This article provides an overview of the different types of Anodot triggers you may receive, depending on the alert type. These triggers can:
- Contain one or more metrics.
- Contain one or more updates.
- Close due to a variety of reasons.
The following section lists the various triggers you can receive and the reason for them being triggered.
Note: Alert triggers are the delivery of a notification to the recipient of an alert configuration. The delivery takes place using one or more channels.
Anodot triggers
Anomaly alert triggers
| Trigger type | Description |
| Open | One or more metrics have matched the anomaly alert configuration conditions. |
| Update - Alert added to incident | This alert was merged into a larger incident (anomaly) and is now part of it. |
| Update - Another alert added to incident | Another alert(s) were merged into this incident (anomaly) and are now part of it. |
| Update - Metric added (A) | One or more metrics have matched the anomaly alert configuration conditions. |
| Update - Direction change (C) | One or more metrics have changed their direction, from Up to Down, or vice versa. |
| Update - Metric closed (D) | One or more metrics have returned to a normal state. |
| Update - A+C | One or more metrics have matched the anomaly alert configuration conditions, AND One or more metrics have changed their direction, from Up to Down, or vice versa. |
| Update - A+D | One or more metrics have matched the anomaly alert configuration conditions, AND One or more metrics have returned to a normal state. |
| Update - C+D | One or more metrics have changed their direction, from Up to Down, or vice versa, AND One or more metrics have returned to a normal state. |
| Update - A+C+D | One or more metrics have matched the anomaly alert configuration conditions, AND One or more metrics have changed their direction, from Up to Down, or vice versa, AND One or more metrics have returned to a normal state. |
| Close | All metrics returned to a normal state. However, take into consideration the following:
|
Static threshold alerts
| Trigger type | Description |
| Open | One or more metrics have breached the defined threshold. |
| Update | Additional one or more metrics have breached the defined threshold. In parallel, one or more metrics have returned to the normal range. |
| Close | All metrics returned to a normal state. However, take into consideration the following:
|
No data alerts
| Trigger type | Description |
| Open | One or more metrics have stopped transmitting. |
| Update | Additional one or more metrics have stopped transmitting. In parallel, one or more metrics have returned to transmit. |
| Close | All metrics are transmitting again. However, take into consideration that some metrics may have timed out due to a lengthy no transmission period. |
Why alerts merge
There are two scenarios that cause alerts to merge. These scenarios are known as Anomaly merge and Alert merge.
- Anomaly merge: An anomaly contains one or more metrics, each of which is in an anomalous state, meaning it is outside its baseline. Anomalies merge regardless of alerts, and solely on the content of the metrics contained within them.
The merge is caused by the finding of a correlation between the anomaly at hand and other anomalies existing in the account. New anomalies are merged into the older anomaly, thus assuming the ID of their new anomaly. - Alert merge: If metrics in an anomaly are included in an alert, and that anomaly is merged into another (see above), the alerts are merged as well. To enable this to happen, the recipients of these alerts must match.
