event mgt

AnimeshP_96 · 6 hours ago

requirement is if 3 alerts is created in servicenow , first should be parent and rest 2 will be child ,and i dont want to use primary and secondary , also source and sevrity is handled in configuration
i want to group them all together first should be parent and rest 2 child use alert grouping.

(function findCorrelatedAlerts(currentAlert) {

var result = {};

var table = "em_alert";

//var cnt;

var storeID = [];

//var childalerts = [];

var parent = [];

var alertGr = new GlideRecord(table);

alertGr.addNullQuery("parent");

alertGr.orderBy("sys_created_on");

alertGr.setLimit(3);

alertGr.query();

while (alertGr.next()) {

gs.info("this is li3ne 13 from me");

storeID.push(alertGr.getUniqueValue());

}

if (storeID.length === 3) {

gs.info("this is2222229833 ");

parent = currentAlert.sys_id;

}

gs.info("this is2379863 " + parent);

result = {

'parent': [String(currentAlert.sys_id)]

};

return JSON.stringify(result);

})(currentAlert);

pls can save help me where i am going wrong..

in the below picture it is creating a new alert instead of making 607 as parent

Please accept the solution /mark this response as correct or helpful if it assisted you with your question.

Regards,
Animesh

Kieran Anson · 5 hours ago

Hi,

Your correlation rule doesn't currently filter on the em_alert table fully, so it won't necessarily capture the records you're wanting. Do the secondary alerts you have identified have some commonality with the primary? e.g does the additional_info field contain a key:value that could be used to identify the other alert records?