Bulk alerts checks before triggering auto-incident workflow

SNExploreGuru
Tera Expert

‎07-25-2023 01:57 AM

Hi team,

I have below setup,

couple of on-premise and SaaS based monitoring tools data ( alerts) are integrated with ServiceNow ITOM, alerts are received at ITOM and getting converted to incident via Create incident workflow triggered from Alert mgmt rule.

 

The scenario I have is, sometimes due to network glitch or other issues, we get bulk alerts which are false alerts and with the existing setup all those gets converted to incidents automatically. 

I would like to have a check on bulk alerts before converting them into incidents?

( example: check if you received 20-30 alerts for same metric in 30-60 seconds time then mark it as bulk alert scenario and create only one incident stating Bulk alerts received -please check  and tag all those alerts to this incident)

 

Please let me know if this can be feasible and if yes then really appreciate the code or steps.

 

Thanks,

Guru

Labels:
0 Helpfuls
  • 583 Views
5 REPLIES 5

pratiksha5
Mega Sage
In response to SNExploreGuru

‎07-27-2023 06:18 AM

Try using the threshold in the event rule.

 

0 Helpfuls