Alerts are not being closed after a clear event!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎06-25-2018 05:21 PM
Hello Community.
I've created a event rule to filter incoming events and generate an alert when threshold is surpassed.
This is working as expected, however a desire funcionality is that, if we receive a clear event (Event with clear status), created alert should be closed automatically.
However this is not working, auto-clousure with an "Clear Event" is present only for all other alerts that are not involved with the event rule.
Also, the clear event is not being showed at alert's event related list, despite Message Key is the same for all events.
Event Rule's "Alert close Operator" was set to "None" cause other option is just "Flapping", and we are not using that Alert state.
Does the system uses anything else than Message Key to relate events to an alert?
Where (Business Rule, scheduled job) is the code of alert creation using an event?
Any comment would be appreciate.
Best Regards.
- Labels:
-
Event Management
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎10-16-2023 10:29 AM
I had a similar issue. It turns out that if your alert is triggered via an event rule with a threshold, then "Clear Event" will not close the alert (apparently by design). See the documentation here: https://docs.servicenow.com/bundle/vancouver-it-operations-management/page/product/event-management/...
Specifically the clause "When threshold conditions are configured, alerts close when the Close Alert Operator condition is met, and not when an event is received with Severity = Clear or Resolution state = Closing."
I think it's arguable that "Clear Events" should be excluded from auto-closing alerts when thresholds were used. I think there are valid use cases where you would want this behavior.
