Event rule and alert management
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
3 weeks ago - last edited 3 weeks ago
Hi Team, I am new to Event rule and alert management. I have a requirement as mentioned below:
(1) I have to create a new event rule and a new alert management rule.
(2) Add the following conditions to the new alert rule: CI Class Type = Cloud Service Account OR CI Class Type = Resource Group.
(3) There are Multiple CI's with same name so need to Add the following conditions to the new alert rule:
IF class type is Linux server and Operational status is Operational and Install status is Installed THEN select this Configuration Item by default and add it to the CI field of the Incident
ELSE
If Class type is Virtual Machine Instance Class, Operational status is Operational and Install status is Installed, then add the corresponding Configuration Item to the CI field of the Incident.
Could you please help me to configure this? Thanks in advance.
Regards,
Abhisek Chattaraj.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
3 weeks ago
So an Event Rule is going to help identify potentially actionable events (to become Alerts) and help handle the binding to a CI that will show up in the Alert.
The Alert Management Rule will take the potentially actionable alert and determine what action to take with it, typically passing it to a subflow if action is needed.
The subflow handles how and what to do when it comes to the incident.
You can select the Class in the Alert Management rule and redirect to different subflows, but if I was putting in our instances, I would probably handle that logic in a single subflow.
In fact I do something like that when it looks like someone passed a bad CI to us, the subflow does a broader look up to see if it finds a valid CI and then processes it with a valid CI or to a designated group by the source that gets any incidents that we can't match to a valid CI.
