Hello!

I am building an application that receives temperature measurements over time from a chip in a freezer through REST API (no external source tool to generate events). My goal is to create Incidents whenever the temperature is above a certain threshold four times within a predefined timeperiod.

My current apporach to achieveing this is as follows:

• A business rule that has a Condition with the preset temperature threshold. If the temperature is above the limit it creates an Event in the em_event table, with a CI (the chip).
• Then I have a Event Rule that tracks how many events are made containing temperture (as a Threshold metric with the Threshold functionality) within a certain time period, and if it is two it creates an Alert bound to the CI.
• Now I'm trying to create a similar Event Rule that counts up to four instead, within a slightly longer time period, and if it comes to that I want to make an Alert that has the Severity "Critical".
• (This is so that I later on can make an Alert Rule that generates Incidents based on Incident templates whenever it finds an Alert from said CI with Severity == Critical).

I am trying to set the Severity field of the Alert by using the Event Compose Fields, but no matter how I format the input it only adds it under "Additional Information" in the Alert, instead of changing the Severity field. So, my question is as the title suggests, how do I set Alert Severity from an Event Rule in Event Management?

Hope that someone can help me with this!