Understanding Event and Alert Management › Alert Escalation

Alert Escalation

Alert escalation is the process of performing some action that facilitates the resolution of the alert condition. Alert escalation policy automates alert escalation according to user-defined criteria. When the policy criteria is met, a specified escalation action runs.

Escalation policy is based on any or all of the following criteria:

Alert type

Specifies to act on all alerts of a specific type that meet the defined criteria. For example, an escalation policy can apply to service alerts only, or a subset of infrastructure alerts, such as root cause alerts.

Each escalation policy must specify the alert types to include. You can create escalation policy with only alert types and no criteria to escalate all alerts that meet the type requirement (for example, to escalate all root cause alerts).

Time-based criteria

Specifies to act on alerts according to time-based thresholds, such as the alert age or time in an alert queue. For example, you can specify to act on any alert that has not been assigned within 10 minutes.

Attribute-based criteria

Specifies to act on alerts with attributes that meet specified criteria.

The following types of escalation policies are available:

Non-Global (service or alert queue specific)

Escalates alerts in one or more specified services or alert queues that meet the policy criteria. When an alert is being considered for escalation, it is evaluated in the following policy order: non-global (service then alert queue) then global. For example, you can create service-specific escalation policy for a payroll service owner who wants a notification when CA SOI raises an alert against the payroll service. You can also create a policy that sends an email when critical alerts have not been cleared in an alert queue for a specified time period.

Global

Escalates all alerts that meet the policy criteria. For example, you create a global escalation policy for an IT manager who wants notification when CA SOI raises any service alert.

Escalation policy results in one of the following actions:

• Run a command
• Send a notification by email to a technician or operator
• Open a help desk ticket
• Open a help desk announcement
• Execute a CA Process Automation process
• Clear an alert

Note: For more information and procedures about alert escalation, see the Event and Alert Management Best Practices Guide.