Alert Triggered Not Bonding with Alert Reset Event

sumanjungay · yesterday

As part of POC we are testing the Event Management integration with Solarwinds.

When the Solarwinds send the "Alert Triggered" (in this case Volume high) event type to the SNOW the Alert is getting generated and able to pick the Event Rule which we created. However, when the "Alert Reset" event comes for the same event from Solarwinds, it is not able bond with the "Alert Triggered" Alert and not closing it automatically.

NOTE: The Alert Reset Event is also picking the same Event Rule.

Any suggestions what needs to be adjusted in the Event Rule or else where?

Mark Manders · yesterday

You need to have a second event rule that handles the 'reset' event to close it.

Please mark any helpful or correct solutions as such. That helps others find their solutions.
Mark

Jeff K1 · yesterday

Does the triggered and reset events have the same message key? And is the reset being sent over as a Clear severity or the Resolution State as Closing?

Both events can go through the same event rule, that's fine. But in order for them to be tied together, you usually want to make sure the message keys are identical. This is also how you make sure similar events are tied together so that only 1 alert (and 1 incident) are created.

sumanjungay · 2 hours ago

Hi Jeff,

Thanks for your input. To answer your questions
1)Does the triggered and reset events have the same message key

We are not seeing the message displayed on the Event. However, if it creates alert we could see the Message Key.

2)is the reset being sent over as a Clear severity or the Resolution State as Closing?

Again Severity is getting updated on Event but resolution state came as closing for Alert Reset.

I agree the message key should be same for the event inorder to map to same Alert.

But not sure why the message key is not displaying on the Event.