Closing the alert is not actually the goal. It is running an Alert Management Rule. Which is not happening. As it turns out the issue is with the instance. Doing the exact same thing on a different instance works as expected and described by docs. It's just this particular instance that is having issues. 

Hi @NStefanisko 

I recreated similar alert management rule you have and it worked.

Please send a new alert that matches the node, but using new message key, to create a new alert.

Otherwise, new events created will be grouped in the same alert, not triggering the alert action.

Kindest Regards,

Rodrigo Donnangelo

Please mark helpful, if it helped you!!!

Hi @NStefanisko ,

To close the alert, there is no Alert Management rule required, it will close the alerts based the severity mapping in Event field mapping table.

Alert Management rule to trigger the flow for incident creation and update something.

Please check the Event Field Mapping once for severity and configure it correctly if you found OK (Source Severity ) serverity not mapped with 0 Severity (ServiceNow)

Please appreciate the efforts of community contributors by marking appropriate response as Mark my Answer Helpful or Accept Solution this may help other community users to follow correct solution in future.
 
Thank You
AJ - TechTrek with AJ
Linkedin:- https://www.linkedin.com/in/ajay-kumar-66a91385/
YouTube:- https://www.youtube.com/@learnitomwithaj
ServiceNow Community Rising Star 2024