Introduction › Alert Lifecycle › Alert Lifecycle Examples

Alert Lifecycle Examples

The following examples show how an alert's lifecycle can vary based on several factors:

Example 1: CA Spectrum network outage alarm

• The CA Spectrum connector receives an alarm from CA Spectrum indicating that a router is offline.
• The alarm is normalized and stored as an event.
• The event record progresses through Event Management processing without matching any policy. It becomes an infrastructure alert and displays associated with its router CI.
• The alert causes the associated Network service health to change to severely degraded. A service alert is created for the service degradation, with the infrastructure alert as the root cause.
• The alert triggers an escalation policy that sends an email to the technician responsible for the affected Network service.
• The technician fixes the router and clears the alert.

Example 2: Event log authentication failure

• The Event connector receives an event from the Windows Event Log indicating that an authentication failure occurred.
• The event is normalized and stored in the Event Store.
• The event matches an Event Management filter policy that discards all events from the Windows Event Log with a Minor severity. The event is discarded and never appears as an alert on the Operations Console.

Example 3: CA NSM high CPU alert

• The CA NSM connector receives an alert from CA NSM indicating that CPU usage is high on a managed server.
• The alert is normalized and stored as an event.
• The event matches an Event Management enrichment policy that adds a contact name from an external database to the event.
• The enriched event becomes an infrastructure alert and displays associated with its computer system CI. The enrichment value appears in the property to which it was assigned.
• The alert matches the criteria for an alert queue that is based on the enriched contact name and is added to the queue.
• Before any escalation policy or manual action can occur, the CPU usage drops to acceptable levels on the server. The alert automatically clears when the connector receives notification of the normal CPU usage level.