Right now I am trying to do an audit of our Sumo Searches that have scheduled alerts. We hope to consolidate these in a single folder that is shared. As part of this audit, I am going to make sure that we have written each search and scheduled alert the same for all 4 of our regions. I will document that in a Wiki page I guess. One thing I'm going to also document is what the likely cause of each alert is and what the remediation steps are. My suggestion for you is to add a section into your alerts to add a URL to link to internal documentation and/or a section where users can provide details about their alert.
The person who is on call and handles the alert may not be the same person who created it. Embedding information about the alert in the alert message itself would speed the time to resolve issues.
Please sign in to leave a comment.