Clear Events Not Updating The Alert Severity To Clear
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-30-2018 02:50 PM
Hello Community,
We are encountering issues with clear events in Servicenow, whenever a clear event is received from Source in the system the related alert is closed but the severity of the alert is not changed. While when we receive an alert with the changed Severity the severity is updated.
We tried fixing this using event field mapping but no luck, it seems like event field mapping doesn't work for clear events.
Anyone encountered a similar issue before? Suggestions are welcomed !!
Regards,
Ayush
- Labels:
-
Event Management
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-30-2018 03:57 PM
Ayush,
This is because clear is a special type that causes it to close but doesn't change the actual severity (as if you think about it you would want it to stay the same for historical purposes). If you need to record somehow that it was closed by a clear you could always look at the business rules and scheduled jobs that control that and add to it so it adds it to the description or something. Either way this is expected behaviour.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-31-2018 07:52 AM
Thanks Robert !!
I was just wonder in that case what is the use of Clear as Severity value on alert form ?
We can always monitor the historical alerts in alerts tab on the form, you are correct a custom business rule can change the severity of alert to clear but not sure which job or script actually drives the clear functionality OOB.
Also why this can't be achieved using event field mapping as the role of event field mapping is to map values from Source i.e event to destination i.e. Alert.
Any tips ?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-01-2018 04:16 AM
Unfortunately I believe Clear is on the severity because it needs to be there in order to set it in the first place. However there are back-end mechanisms that close it out and leave the severity what it was before. Another example of special severity is the Info severity as out of the box if I remember correctly INFO severities don't show on the alert console. Unfortunately I don't have access to an instance right now to check but I would suggest you look at the business rules of the alert table and look at the scheduled jobs that have EM or Event in the name of them as it may be taken care of there (although I am pretty sure the specific clear instance it's done via a business rule).
I hope this helps. Thanks.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-04-2018 01:34 PM
it seems it is the back end code which kind of restrict event field mapping to execute too.
I just wrote a business rule to achieve this for this moment.
