< Back

Event aggregation

If things go wrong, many events may be sent to marbot, resulting in similar alerts. To avoid a flood of alerts, marbot groups similar events into one alert (deduplication). marbot will keep you updated about the number of events aggregated into one alert.

By default, alerts are grouped for seven days and notifications for one minute. If you close an alert, the aggregation starts again as well.

Sample Alert

Alert aggregation in Slack:

Aggregation

Configuration

You can configure the window size for both alerts and notifications. Send a message in a channel mentioning @marbot:

@marbot Configure this endpoint!

Aggregation Configuration

What is a similar event?

The answer depends heavily on the integration, as the following table shows.

Integration Definition of similar
Amazon CloudWatch Alarm Account ID, region, name, and state must match
Amazon DevOps Guru Notification Account ID, region, message type, and insight ID must match
Amazon ElastiCache Notification Event type and cache ID must match
Amazon EventBridge Depends on the type
Amazon Inspector Notification Account ID, region, event type, and template name must match
Amazon Linux AMI Update Notification Version must match
Amazon S3 Event Notifications Bucket name, object key, and event name must match
Amazon Simple Email Service (SES) Event Event type and message ID must match
Amazon Simple Email Service (SES) Notification Notification type and message ID must match
AWS Auto Scaling Notification Account ID, region, name, and event type must match
AWS Backup Notification Account ID, region, and backup job ID must match
AWS Budget Notification Budget type and budget name must match
AWS CodePipeline Approval Region and pipeline name must match
AWS CodeStar Notification Account ID, region, source, and detail type must match
AWS Elastic Beanstalk Notification Event type, application name, and environment name must match
AWS IoT Device Defender Audit Event Account ID, region, and task ID must match
AWS IoT Device Defender Violation Event Account ID, region, violation event type, and security profile name must match
AWS Price List Notification Operation and offer code must match
AWS RDS Event Event ID and source ID must match
AWS Trusted Advisor Weekly Update Account ID must match
AWS Systems Manager Notification Account ID, region, and document name must match
Bitbucket Event type, repository name, (pull request id) must match
bucketAV - Antivirus for Amazon S3 Scan status and bucket name must match
UptimeRobot Alert type and monitor URL must match
Generic Keys must match (or value if only one key is present)

More help needed? Or want to share feedback?

If you experience any issues, let us know.

E-mail icon
E-Mail
marbot teaser

Chatbot for AWS Monitoring

Configure monitoring for Amazon Web Services: CloudWatch, EC2, RDS, EB, Lambda, and more. Receive and manage alerts via Slack. Solve incidents as a team.

Slack
Add to Slack
Microsoft Teams
Add to Teams