Creating a new Thread and Alert combination

The most common counters used with the Alerting component are the thread counters that tabulate the number of messages received for a particular thread. Therefore, you create a thread and then create an alert on the counter threshold. A typical configuration scenario is as follows:

1. Create a Thread, in the Correlation>Threads screen of the system, that matches a particular group of messages.
   This can be a simple match pattern or more complex match pattern that uses triggers.
2. Create an alert in the Alerts>Counters screen of the system, that places a threshold on the thread counter, previously created.
    (More information on these thresholds is provided in Setting-Alert-thresholds, but a typical value of 3 counts per 60 seconds is often a good starting point. The Wizard option of the Add New Alert screen is of assistance in configuring this alert.)
3. Configure an action program, in the Correlation>Actions screen that looks for a precise message or keyword contained in the alert message previously configured. When the thread logs a certain number of counts, the action program is executed.

The list of counters is available from a drop-down menu on the Add New or Modify Alert screen and includes all threads, all triggers, and also facility and severity catalogs, as well as certain global system counters.