Alert Management Rule stopped evaluating to auto-create incidents (but manual subflow works)

aritrakumar
Giga Contributor

3 weeks ago

I am configuring Event Management to process external monitoring events directly in the Global scope. My custom Alert Management Rule was working perfectly earlier and successfully creating Incidents for these alerts. However, it has suddenly stopped working. The rule is now completely ignored by the Event Management engine, even though no changes were made to the configuration. Importantly, when I am testing the subflow manually, it is successfully creating the incident without assigning the group.

Previous State : Incident created successfully, but the Assignment Group field remained empty.

aritrakumar_0-1773500655578.png

aritrakumar_1-1773500672342.png



Current State : Incident is not being created.

aritrakumar_2-1773500711433.png

 

My Configuration:

  • Application Scope: Global
  • Alert Management Rule: Active, Order is set to 100.
  • Rule is activated when: Alert changes to filter
  • Alert Filter: Severity is 'Critical' AND Source is “OpenLM”
  • Actions / Remediation Subflows: Subflow is set to the  'Create Incident', Execution is 'Automatic'.

aritrakumar_3-1773500770238.png

 

aritrakumar_4-1773500783923.png

 

 

Labels:
0 Helpfuls
  • 580 Views
3 REPLIES 3

aritrakumar
Giga Contributor

3 weeks ago

@Ankur Bawiskar @sivasankaris @vaishali231 Could you please help to resolve this issue?

0 Helpfuls

Preetha K
Tera Contributor

3 weeks ago

If the alert is already created as Critical, the rule may never fire.
1. Change trigger to: Alert matches filter instead of Alert changes to filter.
2. Verify Alert State: Alert Management Rules usually run only when the alert is Open.

0 Helpfuls

aritrakumar
Giga Contributor
In response to Preetha K

3 weeks ago

Tried using the "Alert matches filter" configuration and also verified that the alert state is "Open", but the issue is still persisting.

0 Helpfuls