Hello Henrik Jutterst,
Question 1.
Is there any OOB SubFlow or Alert Management Rule for Event Management to detect if it's a Windows or Linux host and then perform the restart actions like Figure 01, or how is this handled? Or do we need to build that our self?
Answer:
Open the OOB Alert management rule (Windows server actions) and select "Alert filter." You found that if the CI is related to the Windows server, only the restart, start, or stop action will be performed.
You specify the condition, such as whether it is Windows or Linux, and it will only perform the action if those conditions are met.
Yes, there are OOB subflows available in the "Event Management Connectors" application. If you want to add some extra functionality, you can do that.
If you want to access this functionality, open "Service Operational Workspace" and open any alert record with the ci "window server." Then on the related list, - > playbook -> you can get it
Alternatively, you can open the alert record by clicking "Preview," as shown in the first image.
Question 2.
Is it possible or even recommended to have an automation of starting a service if it's down? Is setting the Execution to "Automatic" all that's needed here?
Yes, you are correct; you can set them to "Automatic" and they will start automatically whenever the condition is met, then they start. In OOB, if the configuration item is window server, only the alert record action will be performed automatically.
Please mark my answer if it was helpful.
Thank you.
Yes and no. The alert rule should be focus on the event/alert of the issue in hand. You can still have the logic of if the CI is a windows or linux in the subflow as a if else check.
Here is the alert rule we have for tracking if the mid server service is down with zabbix agent on the host. From zabbix, we service name, and we can filter down to what it starts with. In the subflow we handle the logic if the device is linux or windows base on the OS on the CI record.
Hello Henrik Jutterst,
Question 1.
Is there any OOB SubFlow or Alert Management Rule for Event Management to detect if it's a Windows or Linux host and then perform the restart actions like Figure 01, or how is this handled? Or do we need to build that our self?
Answer:
Open the OOB Alert management rule (Windows server actions) and select "Alert filter." You found that if the CI is related to the Windows server, only the restart, start, or stop action will be performed.
You specify the condition, such as whether it is Windows or Linux, and it will only perform the action if those conditions are met.
Yes, there are OOB subflows available in the "Event Management Connectors" application. If you want to add some extra functionality, you can do that.
If you want to access this functionality, open "Service Operational Workspace" and open any alert record with the ci "window server." Then on the related list, - > playbook -> you can get it
Alternatively, you can open the alert record by clicking "Preview," as shown in the first image.
Question 2.
Is it possible or even recommended to have an automation of starting a service if it's down? Is setting the Execution to "Automatic" all that's needed here?
Yes, you are correct; you can set them to "Automatic" and they will start automatically whenever the condition is met, then they start. In OOB, if the configuration item is window server, only the alert record action will be performed automatically.
Please mark my answer if it was helpful.
Thank you.
