Background
I have set up an Alert management Rule to automate incident creation if criteria is matched. This works fine in 99.9% of the cases, but there is something that happen in rare cases so that no incident is created automatically and I don't know why!
I did some digging and just started to go through the Alert executions of my Alert management Rule. If I filter out all the rows where there is no incident number in the Related Task column I start to see my cases. And this is where it gets tricky and where I need your/community help.
Issue
When I show the execution of the subflow I can see that it stops quite early in the process, but I don't know why.
What does the third step really check and why is it marked as 'false'?
"3. If incident is not attached"
This seems to be the issue for all my cases where an incident is not created for the Alert Management Rule.
The flow is more or less out of box.
From what I understand of the SubFlow in Step 1 - it checks if the incident field of the Alert is empty. In Step 3 - there is an if statement to only progress/continue if the field from step 1 is empty. If it's not empty it stops.
But I can't see that the newly created Alert have an incident related to the record when it is created. This is what puzzles me.
Can anyone help/assist me?
Here is what I see when looking into the Alert and the Incident:
Alert:
Is it correct that it took from Alert Created (2024-01-30 15:04:09) to Alert Execution (2024-01-30 15:17:38)? That is more then 13 minutes for the Alert Management Rule to trigger.
In the incident I can see that it was created manually from a user, by clicking the Quick Incident button on the Alert:
