Event Management: How to delay auto incident creation on purpose?

Tezazu Asmelash
Tera Contributor

‎02-02-2023 01:15 PM

Hello,

 

I am looking away to delay an auto incident creation for a little bit like 5 or 10 minutes. I tried it on the Alert Managment rule using filter conditions on Created or Updated, but that does not seem to work. Any ideas on how this can be achieved?

 

Thank you!

0 Helpfuls
  • 1,006 Views
5 REPLIES 5

Vivek Verma
Mega Sage
Mega Sage

‎02-03-2023 04:27 AM

Hello Tezazu,

You must add Wait Timer action to the subflow attached to the Alert management rule. 

VivekVerma_0-1675427221893.png

 

 

0 Helpfuls

Tezazu Asmelash
Tera Contributor
In response to Vivek Verma

‎02-03-2023 07:58 AM

Thank you Vivek! Yes, that is one way to do it, but that would require to create a new flow as we only want to delay it for a specific alert type. I was thinking of configuring it at the event rule or alert managment rule levels, before kicking off the flow, so the flow still remains generic to handle all sort of alert types. 

0 Helpfuls

Anshu_Anand_
Kilo Sage
Kilo Sage

‎02-04-2023 03:39 AM - edited ‎02-04-2023 03:41 AM

@Tezazu Asmelash 

 

If you want to delay the creation of an incident for a specific alert type, you can do so by adding a script in the Event Rule or Alert Management Rule. Here's how you can do it:

  1. Navigate to the Event Rule or Alert Management Rule: Go to Event Management > Event Rules or Alert Management > Alert Management Rules, and open the rule you want to modify.

  2. Add a script: In the Script section of the rule, add the following script to delay the creation of an incident:

// Check if the current alert type matches the specific type you want to delay
if (current.alert_type == "specific_type") {
    gs.sleep(300000); // Sleep for 5 minutes (300000 milliseconds)
    // Create the incident
    // (insert the script to create the incident)
} else {
    // Create the incident for other alert types
    // (insert the script to create the incident)
}

This script checks if the current alert type matches the specific type you want to delay. If it does, the script will wait for 5 minutes using the gs.sleep() method before creating the incident. If the current alert type does not match the specific type, the incident will be created immediately.

By adding this script in the Event Rule or Alert Management Rule, you can delay the creation of an incident for a specific alert type without modifying the flow. The flow will remain generic and handle all sort of alert types, but the creation of an incident for the specific type will be delayed.

Regards,
Anshu
0 Helpfuls

Tezazu Asmelash
Tera Contributor
In response to Anshu_Anand_

‎02-06-2023 01:43 PM

Thank you for your suggestion Anshu! I do not see a script section in the Event rule or alert managment rule forms. Below are screenshots of the two forms:

 

TezazuAsmelash_0-1675719574640.png

 

TezazuAsmelash_1-1675719665945.png

 

 

0 Helpfuls