Alert Management Rule stopped evaluating to auto-create incidents (but manual subflow works)

aritrakumar · ‎03-15-2026

I am configuring Event Management to process external monitoring events directly in the Global scope. My custom Alert Management Rule was working perfectly earlier and successfully creating Incidents for these alerts. However, it has suddenly stopped working. The rule is now completely ignored by the Event Management engine, even though no changes were made to the configuration. Importantly, when I am testing the subflow manually, it is successfully creating the incident without assigning the group.

Previous State : Incident created successfully, but the Assignment Group field remained empty.

Current State : Incident is not being created.

My Configuration:

Application Scope: Global
Alert Management Rule: Active, Order is set to 100.
Rule is activated when: Alert changes to filter
Alert Filter: Severity is 'Critical' AND Source is “OpenLM”
Actions / Remediation Subflows: Subflow is set to the 'Create Incident', Execution is 'Automatic'.

aritrakumar · ‎03-15-2026

@Ankur Bawiskar @sivasankaris @vaishali231 Could you please help to resolve this issue?

Preetha K · ‎03-16-2026

If the alert is already created as Critical, the rule may never fire.
1. Change trigger to: Alert matches filter instead of Alert changes to filter.
2. Verify Alert State: Alert Management Rules usually run only when the alert is Open.

aritrakumar · ‎03-18-2026

Tried using the "Alert matches filter" configuration and also verified that the alert state is "Open", but the issue is still persisting.

amit_bt · 2 weeks ago

@aritrakumar

Change trigger to "Alert matches filter".
Verify evt_mgmt.alert_management_scoped_active is true.
Confirm the Evaluate Alert Management Rules job is active and running as System Admin.
Check Event Field Mappings for missing Assignment Group data.