Yes, It's working now.

But it's using the generic.html and not the New-Consolidated.html file.  Can you tell me where am I going wrong?

Thanks!

Template section ...

<Template alert_type="Consolidated" status="New">New-Consolidated.html</Template>

Filter rule section ...

<FilterRule name="Consolidated Test">

<Conditions>

<condition type="AlertType">Consolidated</condition>

<condition type="Status">NEW</condition>

</Conditions>

<Addresses>

<sendTo type="email">myemail@xyz.com</sendTo>

</Addresses>

</FilterRule>

If you have <Template alert_type="Consolidated" status="New">New-Consolidated.html</Template> only new Consolidated Alerts will use this template, updated and canseled Consolidated Alerts will use generic template.

Also please be shure that you have New-Consolidated.html in the related folder.

however you can send me your emailFIlter.xml I will check what is the issue.

Here is the templates section and the filter rule section.

I also put the definitions section of the consolidated-alert-definitions.xml file.

I tried removing the status="New" from template definition but then I didn't receive any alerts.

I can't figure out why it's using the generic.html.  But it does get the alerts from the Filter Rule Name: "Consolidated 121113 08:38AM".

Also, I double checked and the New-Consolidated.html file is in the same default_templates folder as all the others.

Thanks

<Templates>

<Template alert_type="Consolidated" status="New">New-Consolidated.html</Template>

<Template alert_type="Administrative" alert_subtype="Environment" status="New">New-Administrative-Environment.html</Template>

<Template alert_type="Administrative" alert_subtype="Environment" status="Cancel">Cancel-Administrative-Environment.html</Template>

<Template alert_type="Administrative" alert_subtype="System" status="New">New-Administrative-System.html</Template>

<Template alert_type="Administrative" alert_subtype="System" status="Cancel">Cancel-Administrative-System.html</Template>

<Template alert_type="Application" status="New">New-Application.html</Template>

<Template alert_type="Application" status="Cancel">Cancel-Application.html</Template>

<Template alert_type="Classic" alert_subtype="Abnormality" status="New">New-Classic-Abnormality.html</Template>

<Template alert_type="Classic" alert_subtype="Abnormality" status="Cancel">Cancel-Classic-Abnormality.html</Template>

<Template alert_type="Classic" alert_subtype="KPI_HT_Breach" status="New">New-Classic-KPI_HT_Breach.html</Template>

<Template alert_type="Classic" alert_subtype="KPI_HT_Breach" status="Cancel">Cancel-Classic-KPI_HT_Breach.html</Template>

<Template alert_type="Classic" alert_subtype="Notification" status="New">New-Classic-Notification.html</Template>

<Template alert_type="Classic" alert_subtype="Notification" status="Cancel">Cancel-Classic-Notification.html</Template>

<Template alert_type="Fingerprint_Generation" status="New">New-Fingerprint_Generation.html</Template>

<Template alert_type="Fingerprint_Generation" status="Cancel">Cancel-Fingerprint_Generation.html</Template>

<Template alert_type="Fingerprint_Prediction" status="New">New-Fingerprint_Prediction.html</Template>

<Template alert_type="Fingerprint_Prediction" status="Update">Update-Fingerprint_Prediction.html</Template>

<Template alert_type="Fingerprint_Prediction" status="Cancel">Cancel-Fingerprint_Prediction.html</Template>

<Template alert_type="Resource" status="New">New-Resource.html</Template>

<Template alert_type="Resource" status="Cancel">Cancel-Resource.html</Template>

<Template alert_type="Smart" alert_subtype="Earlywarning" status="New">New-Smart-Earlywarning.html</Template>

<Template alert_type="Smart" alert_subtype="Earlywarning" status="Cancel">Cancel-Smart-Earlywarning.html</Template>

<Template alert_type="Smart" alert_subtype="KPI_Breach" status="New">New-Smart-KPI_Breach.html</Template>

<Template alert_type="Smart" alert_subtype="KPI_Breach" status="Cancel">Cancel-Smart-KPI_Breach.html</Template>

<Template alert_type="Smart" alert_subtype="KPI_Prediction" status="New">New-Smart-KPI_Prediction.html</Template>

<Template alert_type="Smart" alert_subtype="KPI_Prediction" status="Update">Update-Smart-KPI_Prediction.html</Template>

<Template alert_type="Smart" alert_subtype="KPI_Prediction" status="Cancel">Cancel-Smart-KPI_Prediction.html</Template>

<Template alert_type="Tier" status="New">New-Tier.html</Template>

<Template alert_type="Tier" status="Cancel">Cancel-Tier.html</Template>

</Templates>

<FilterRule name="Consolidated 121113 08:38AM">

<Conditions>

<condition type="AlertType">Consolidated</condition>

<condition type="Status">NEW</condition>

</Conditions>

<Addresses>

<sendTo type="email">keg9035@nyp.org</sendTo>

</Addresses>

</FilterRule>

Definitions section of the consolidated-alert-definitions.xml file:

<definitions>

<definition id="VM CPU Ready" count="5" percentage="" waitCycles="1" cancelCycles="5" resourceKinds="HostSystem" resourceIds="">

<condition attributeKey="cpu|readyPct" resourceKind="VirtualMachine" minDuration="1" criticality="critical" alertType="" alertSubtype="" infoRegEx=""/>

</definition>

you are doing that on the AnalyticsVM, right?

Hello Gradinka,

Yes it is.  I also added a few place holders, eg. {{ConsolidatedAffectedResourcesList}}, to the generic.html file to confirm that's the file being used.

Thanks