Alert symptoms are conditions that indicate problems in your environment. When you define an alert, you include symptoms that generate the alert when they become true in your environment. Negative symptoms are based on the absence of the symptom condition. If the symptom is not true, the symptom is triggered.
To use the absence of the symptom condition in an alert definition, you negate the symptom in the symptom set.
All defined symptoms have a configured criticality. However, if you negate a symptom in an alert definition, it does not have an associated criticality when the alert is generated.
All symptom definitions have a configured criticality. If the symptom is triggered because the condition is true, the symptom criticality will be the same as the configured criticality. However, if you negate a symptom in an alert definition and the negation is true, it does not have an associated criticality.
When negative symptoms are triggered and an alert is generated, the effect on the criticality of the alert depends on how the alert definition is configured.
The following table provides examples of the effect negative symptoms have on generated alerts.
| Alert Definition Criticality | Negative Symptom Configured Criticality | Standard Symptom Configured Criticality | Alert Criticality When Triggered |
|---|---|---|---|
| Warning | One Critical Symptom | One Immediate Symptom | Warning. The alert criticality is based on the defined alert criticality. |
| Symptom Based | One Critical Symptom | One Warning Symptom | Warning. The negative symptom has no associated criticality and the criticality of the standard symptom determines the criticality of the generated alert. |
| Symptom Based | One Critical Symptom | No standard symptom included | Info. Because an alert must have a criticality and the negative alert does not have an associated criticality, the generated alert has a criticality of Info, which is the lowest possible criticality level. |
