Event Management - Reopening Alerting is creating Incident with In incorrect Status

Go to solution
nR9
Giga Contributor

‎09-19-2018 08:37 AM

Hello Team,

I have a query as below.

  1. For an alert there is an associated Incident 1.
  2. I close the incident and it closed the Incident 1.
  3. Under Event Management Properties, I have set On Alert Reopen, Create New Incident
  4. Now when I am reopening an Alert, system is creating new Incident 2 but it is coping assignment, resolution etc details from old Incident to new incident. Also status is not set to new.

Question:

  1. is this expected behaviour ?
  2. I wanted to know the code which is used to create Incident from alert. Exact flow details would be helpful.

 

 

Labels:
0 Helpfuls
  • 1,749 Views
1 ACCEPTED SOLUTION

Go to solution
nR9
Giga Contributor

‎09-21-2018 02:36 AM

Hello All,

Below is update on the thread.

  1. is this expected behaviour ?
    - Yes - This happens when an alert don't find any Alert Rule with matching Alert Filter.

  2. I wanted to know the code which is used to create Incident from alert. Exact flow details would be helpful.
    - This is controlled using Reopen associated closed incident business rule and EvtMgmtIncidentHandler script Include.

We managed to fix the issue.

View solution in original post

0 Helpfuls
2 REPLIES 2

Go to solution
robertgeen
Tera Guru

‎09-19-2018 10:27 AM

Hello nR,

I don't have an instance to check in at the moment but everything in Event Management is done either with a scheduled job (the opening and closing of incidents is done in that you can search for the with EM or event in the name) or a business rule on the alert form. I can't remember off the top of my head without checking which one does that but I do know it's all controlled by those properties. Either way check those 2 things and you should find the code for it.

0 Helpfuls

Go to solution
nR9
Giga Contributor

‎09-21-2018 02:36 AM

Hello All,

Below is update on the thread.

  1. is this expected behaviour ?
    - Yes - This happens when an alert don't find any Alert Rule with matching Alert Filter.

  2. I wanted to know the code which is used to create Incident from alert. Exact flow details would be helpful.
    - This is controlled using Reopen associated closed incident business rule and EvtMgmtIncidentHandler script Include.

We managed to fix the issue.

0 Helpfuls