Clear event to close the alert.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎10-16-2018 11:26 AM
We have a scenario where if the monitoring system sends critical incident it should be assigned to Group A, if warning event is received it should be assigned to Group B. This can be achieved by event rules , the tricky part is how to close the alert when source i.e monitoring system sends a clear event ? As event rules are severity driven the severity of clear events differs
Has anyone implemented something alike before?
- Labels:
-
Event Management
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎10-17-2018 08:37 AM
Yeah so I think what you are saying here is fine I just wouldn't have severity as part of the message key as I would keep it all as 1 alert. You may want to look at adding a field to the em_alert table for support group housing and then have the event rule set the support group field when the severity changes to something different then before. At this point I believe there is a business rule that triggers when an alert changes to map over the changes and you could have that business rule reset the assignment group on the incident.
I would make sure the incident process owner is involved though to make sure it doesn't muck up their process but I think this would probably be your best bet.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎10-17-2018 09:54 AM
Hi Ayush,
I guess message-key must not be changed, as this is non standard requirement either use business rule or generate ticket using alert rule without filling assignment group.
Use assignment rule to assign ticket based on category/issue.
When clear event comes, it closes the alert and also ticket.
Hope this helps,
Thanks,
Mani
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎10-17-2018 10:00 AM
Mani,
The problem with this approach (and this is essentially would I recommend before) is that it's not granular enough and there is no CI data (which the assignment rule would probably look at). Realistically this will have to be done in Event Management and you don't want to be duplicating Alert rules and event rules.
If it can't be assigned by Incident Management then you will have to go the approach I took and assign it using event rules and then change it when severity changes.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎10-17-2018 12:59 PM
Thanks Robert/Mani,
Used BR to cater this, so basically I am using event rules to populate assignment group as part of JSON parameter in additional info and later the BR reads the value of the parameter on the alert form and updates the same to incident record.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎10-17-2018 09:21 PM
Hi Ayush,
If you are using BR to create tickets, then use another BR for clear events and close the alert which in turn closes ticket.
Thanks
