Alert management rules & subflows

Fares1
Kilo Expert

Hey!

I have an issue with my Alert Management Rule. 

The context is that a customer wants to generate alerts (and incidents) using keywords from the subject and body of the mail. The alert generation is handled by an Inbound Action that creates said alerts.

The tricky part is generating the incident. I decided to create an Alert Management Rule to handle that using a set of filters and my action being a remediation Subflow. The Subflow as it own works perfectly when I try to test it ==> generates incident. However when the rule is applied, no Incident is generated (cf alert.png)

The subflow is inspired from the original "Create Incident" subflow from ServiceNow, I just modified it to suit my customers preferences (cf flow.png)

Is there a certain subtility I'm missing?
Thanks in advance for your help.

1 ACCEPTED SOLUTION

Gianpaolo Pagan
ServiceNow Employee
ServiceNow Employee

It seems the subflow actually triggered, are you saying it actually triggers but you still don't see the incident created?

If so I would suggest you to open the flow execution in flow designer and look at each step to see where it's failing.

 

Gp

View solution in original post

12 REPLIES 12

Gianpaolo Pagan
ServiceNow Employee
ServiceNow Employee

It seems the subflow actually triggered, are you saying it actually triggers but you still don't see the incident created?

If so I would suggest you to open the flow execution in flow designer and look at each step to see where it's failing.

 

Gp

Hi Gianpaolo,

I decided to check the flow's execution as you said and it's very strange. 

I've decided to do it twice: one using the alert management rule (where it fails) and the other using the test functionality in Flow Designer.

One of the conditions is "Maintenance being false".

 

find_real_file.png

That's confirmed. When the alert is created from the email, the Maintenance checkbox is unchecked, making it "false" by definition, that's where the Subflow disagrees, the following screenshot is from the flow execution that happened after the alert management rule is activated : 

find_real_file.png

What's weird here is that the "maintenance" state of the Alert is empty, not true or false. Just empty.

When I decided to recheck using the test functionality of Flow Designer, it perfectly worked ! 

find_real_file.png

For the SAME alert, the subflow gives two different responses according to the way the subflow is executed:

- If it's "naturally", through the Alert Management Rule, the maintenance state is neither true or false according to the Subflow 

- If it's tested through the Subflow, it works perfectly.

 

 

 

 

 

Hi Gianpaolo, just want to ask because we notice that the for example a windows alerts, its executing 2 different Alert Management Rule, one for windows and incident ticket created and the other one middleware which the taskfind_real_file.png is empty as seen in the screenshot.  how we can correct this to execute windows only.

Could you please clarify when you would like the middleware and the windows rules to trigger?

From your question it sounds like you just want to get rid of the middleware action (disable or delete) but maybe what you mean is to define a logic that drives the execution only of one of the 2 depending on certain conditions. If you can provide more detail that would be useful.

 

Gp