Clear event to close the alert.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎10-16-2018 11:26 AM
We have a scenario where if the monitoring system sends critical incident it should be assigned to Group A, if warning event is received it should be assigned to Group B. This can be achieved by event rules , the tricky part is how to close the alert when source i.e monitoring system sends a clear event ? As event rules are severity driven the severity of clear events differs
Has anyone implemented something alike before?
- Labels:
-
Event Management
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎10-18-2018 07:37 AM
We are not creating new incidents, we are just updating the existing ones. Already have logic for clear events to close alerts and resolve incidents in place.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎10-19-2018 04:42 AM
Ayush,
If it were me, I would probably do the following:
- Keep it limited to one alert.
- Use Alert Rule to assign the ticket to Group B.
- Use BR on Incident table to re-assign the Incident to Group A
- On insert / Update
- Only if the Assignment Group is Group B.
- This will keep it from running when Group A is already assigned, as well as if the ticket has been re-assigned to another group.
Steve
