i am looking for solution to clear All critical Incidents (not assigned) in cloud control. i have around 2000+ Open Incidents not been assigned to any one and those are obsolete now.
what is the best to to close this alerts.
Can we get some details on what these incidents are:
1. what are the underlying event types? Are these metric alerts? If yes, what are the most common metrics in this list?
2. Why are these obsolete? Does that mean the underlying issue is resolved but these linger around or is it that you no longer care about the conditions that are being reported?
3. How are you addressing the issue of not being in the same situation again, i.e., are you looking at templates etc to stop raising these events in the first place?
here are the sample alert generated as critical .
Message=Message is of following format.Logfile:Sourcename:EventCode:CategoryString:User:ErrorCount:WarningCount [[System:NETLOGON:5719:::error=1:] ]
these alerts are coming from windows host.
also i did see few alert s on database alert log/listener logs.
i noticed one thing in CC Rel2
Enterprise >>> Monitoring >> Incident Manager >>>
search the alert
select first 25 alerts >>> click on "clear" button.
i was able to clear only 25 incidents at a time. if i choose more than 25 incidents, it is throwing different error messages. is there any way to clear more then 25 alerts?
thanks. 2 things:
1. for the windows host event log based alerts - you can either turn off collection or change the codes that generate the alerts by tweaking the metric settings. If you want to just clear them - you can use the emCLI command clear_stateless_alerts to do that. That will in turn clean up the incidents. You can do the same for the DB & Listener log alerts.
2. Regarding the issue with only clearing 25 incidents at a time - this should be a bug. Please work with support to file a bug. We are looking into this.