- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-13-2018 09:39 AM
What would be best approach to send email for events in Event Management(EM). Using event rule we can process events/extract required data, bind to CI and using alert rule we can auto-open incidents further use script includes (EvtMgmtCustomIncidentPopulator) to populate certain custom data in incidents.
There may be situations where only email is required (say for example events with severity 'Minor' or 'Warning'), we need to depend on Notifications and write separate notification/script for each different type of requirement/customization . Alert rule is not much useful to standardize the implementation with rules
Please suggest.
Let's discuss and find best approach.
Thanks in advance.
Solved! Go to Solution.
- Labels:
-
Event Management
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-04-2018 09:58 AM
I figured out a way for email only notification. To write a script in script includes which can be invoked from notification template. This script will have capabilities to parse additional information contents(also contains data extracted from event rules) in JSON format ,so desired notification can be sent
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-13-2018 10:32 AM
Hello manivk,
So this is really a process question which is why would you notify but not open an incident? Obviously some action needs to be taken or else you wouldn't be notifying so it's probably best to run this through incident management the way you would any other and set an appropriator severity that they get prioritized properly over more critical alerts.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-13-2018 08:56 PM
Hi Robertgeen,
It may be related to process, but when we get these type of requirements like need email for lower severity events then it cannot be implemented using alert rules. Exploring what would be best way to do it if email is the requirement.
Thanks
Mani

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-14-2018 02:03 AM
Event Management is used for importing events from different sources, such as monitoring systems, and make incidents based on these events (Event -> Alert -> Incident).
I have never seen Event Management based on emails. If you wish to create incidents based on emails, i would go with the incident module as this has this flexibility. You can then create (business) rules to add complexity.
IF you are to use Event Management.. Do you want to receive emails from a specific mailbox, or should it be from multiple? Depending on this, I would properly create a custom connector to the Exchange mailbox.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-09-2018 05:29 AM
I just added a new response on how we have implemented Event Management for email sources if you're interested. We have one Inbound Action setup for monitoring tools that are able to format their emails to match our defined Event Management email template, with separate inbound actions specific for sources that do not have control over how their emails are formatted. Creating a connector to Exchange is also an interesting idea that would prevent emails from needing to be sent directly to SN.