Delay Incident creation via Alerts
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎01-19-2025 09:02 PM
Hello All,
We create an Incident for memory depletion. This has led to many Incidents that auto-close themselves in less than 10 minutes (if the resources free up memory ), we receive an alert on stability which would resolve the incident. We are looking to delay the incident creation, and would like to wait 10 minutes after the Alert has been raised before automatically opening an Incident, if there are no subsequent alerts, the incident will be created.
Appreciate any ideas on this forum to achieve this functionality potentially.
Thank you,
Sowmya
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎01-20-2025 12:01 AM
Hello @sowmyaprabhakar
To achieve the functionality of delaying incident creation in ServiceNow, you can use a combination of Event Management and workflows.
1) Create event rule.
2) Use a workflow to delay incident creation by below activities:
- Start: The workflow starts when the alert is received.
- Wait Timer: Add a wait timer for 10 minutes.
- Condition: Check if there are no subsequent alerts.
- Create Incident: If the condition is met, create the incident.
- End: End the workflow.
Example script for event rule:
(function process(event) {
// Delay the incident creation by 10 minutes
var delayTime = 10 * 60 * 1000; // 10 minutes in milliseconds
var currentTime = new GlideDateTime();
currentTime.addMilliseconds(delayTime);
// Create a scheduled job to create the incident after the delay
var job = new GlideRecord('sys_trigger');
job.initialize();
job.name = 'Delayed Incident Creation';
job.next_action = currentTime;
job.script = 'createIncident(' + event.sys_id + ');';
job.insert();
})(event);
Example script for scheduled job
function createIncident(eventSysId) {
var event = new GlideRecord('em_event');
if (event.get(eventSysId)) {
// Check if there are no subsequent alerts
var alert = new GlideRecord('em_alert');
alert.addQuery('event.sys_id', eventSysId);
alert.query();
if (!alert.hasNext()) {
// Create the incident
var incident = new GlideRecord('incident');
incident.initialize();
incident.short_description = 'Memory Depletion Alert';
incident.description = 'Memory depletion detected. Incident created after 10-minute delay.';
incident.insert();
}
}
}
This approach should help you achieve the desired functionality.
You can also refer:
Event Management: How to delay auto incident creat... - ServiceNow Community
If my response has helped you hit helpful button and if your concern is solved do mark my response as correct.
Thanks & Regards
Viraj Hudlikar.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎01-20-2025 12:05 AM
Check the response of Paul in below link
Something similar has been discussed here.
I hope this helps.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎01-20-2025 12:07 AM
You can create a flow for these alerts, to put in that 'wait' condition (or use your existing logic and add an exception for these alerts). You can just add a wait, do a lookup to the alerts table for the same alert and create the incident if none have come in.
Please mark any helpful or correct solutions as such. That helps others find their solutions.
Mark
