The following are the best practices for alerts.
Disable the alerts you do not need
There are many default alerts that come with the vRealize Operations and from a new Management Pack installation and are enabled by default. You can disable the alerts that are not valuable to minimize an alert storm.
If alerts that are not required are not disabled, they may cause potential performance issues over time
Create simple and straight forward alerts
Keep the combination of symptoms as simple and straightforward as possible to make them easily understood and more precise. Use a series of symptom definitions to describe the incremental levels of concern: warning, immediate, and critical. Create actionable alerts for better remediation.
Use the Wait Cycle and Cancel Cycle to change sensitivity
Configure wait cycle and cancel cycle to avoid overlapping and gaps between alerts.
Use actionable recommendations
Using actionable recommendations help resolve the issue quicker by providing the ability to have one-click actions to respond to infrastructure issues.
Select the alerts not needed and disable what is non-actionable.
Minimize the number of alerts
Too many alerts become noise and the users will lose interest.
Management Pack alerting
Disable any new alerts generated by management packs, which are non-actionable
If alerts are not actionable, they must be on dashboards or reports and not in a mailbox.
Do not modify out-of-the-box (default alerts, that come with the vRealize Operations and a new Management Pack installation and are enabled by default) alerts
Clone out-of-the-box content to create your own symptoms, recommendations, and alert definitions before making any changes. An out-of-the-box alert may change after upgrading vRealize Operations or upgrading / installing management packs.
Use multi-symptom alerts
Using multi-symptom alerts will help negate false positives.