Hello Team,

I have a requirement that, I need to populate assignment group in the alert&incident based on the assignment group which is coming from event source.

Payload:

Customer Payload=
{
  "account_id": "$ACCOUNT_ID",
  "account_name": "$ACCOUNT_NAME",
  "assignment_group": "Software"

}

Event looks like: 

For example, I am getting raw data in additional_info like 

{"flattened.metadata.entity.type":"HOST","flattened.metadata.entity.name":"ip-172-31-80-182.ec2.internal","flattened.metadata.evaluation_system_source":"Willamette","flattened.open_violations_count_critical":1,"flattened.assignment_group":"Software","flattened.closed_violations_count_critical":0,"flattened.incident_acknowledge_url":"https://alerts.newrelic.com/accounts/3168911/incidents/773096726/acknowledge","flattened.targets.0.id":"ProcessSample","flattened.targets.0.name":"ip-172-31-80-182.ec2.internal","flattened.targets.0.link":"https://infrastructure.newrelic.com/accounts/3168911/alertLanding?violationId=3030721316","flattened.targets.0.labels.account":"Account 3168911"}

Now, I wanted to map this assignment_group which is present in additional_info to the alert table assignemnt_group.(from there it needs to be assigned to auto incident).

I tried adding event rules and event field mapping, they are getting processed but I do not see assignment group is getting updated with the value. (Adding screens below).

Even I tried transforming value to different variable and added in field mapping. But no luck.

I have seen many posts but every post talking about severity only not other field mappings. Is it possible to map all other alert table fields?