Requirement:
Correlate Alerts of all CIs coming from same Location and from a specified Source containing specific Description:
Solution:
1) Create an Alert Correlation Rule with Advanced checked
2) Specify the filter which should be considered as Secondary Alert (currentAlert.sys_id)
3) Script:
(function findCorrelatedAlerts(currentAlert) {
var timeDifferenceInMinutes = 60; // Default 60 minutes between the first alert and the alerts that follow
var timeDifferenceBetweenAlerts = new GlideDateTime(currentAlert.getValue('initial_remote_time'));
var timeDifferenceInMilliSeconds = Number(timeDifferenceInMinutes) * 1000 * 60;
timeDifferenceBetweenAlerts.subtract(timeDifferenceInMilliSeconds);
var result = {};
var gr = new GlideRecord('em_alert');
gr.addEncodedQuery('correlation_groupIN0,1^ORDERBYDESCinitial_remote_time^source=XYZ^descriptionLIKEtemperature^severity=1^stateINOpen,Reopen^cmdb_ci.location=' + currentAlert.cmdb_ci.location+ '^sys_id!='+currentAlert.sys_id+ '^initial_remote_time>='+ timeDifferenceBetweenAlerts);
gr.query();
if (gr.next()) {
//gs.log('Primary: '+gr.number+' Secondary: '+currentAlert.number, 'For debugging');
result = {
'PRIMARY': [gr.getUniqueValue()], // getUniqueValue() retrieves sys_id, then put in an array
'SECONDARY': [currentAlert.sys_id] // sys_id MUST be put in an array
};
}
return JSON.stringify(result);
})(currentAlert);
Note: You can change the Filter conditions, EncodedQuery in script and timeDifference as per your requirement.
