Incident should not close until primary alerts and associated secondary alerts get closed

Go to solution
harikrishna De1
Tera Contributor

‎01-30-2024 08:10 AM

I have created event rules, alert correlation rules and everything working fine. Events are binding to non host and host ci’s Alert correlation rules defining the secondary alerts and primary alert Modified Alert management rule to create incidents for primary alerts only not for secondary. Now i stuck at a modification required for this requirement that a alert has 3 secondary alerts attached to it then whenever all the secondary alerts are closed then only primary alert should be closed. How can I achieve this, thinking of writing a business rule but not sure what should be the trigger point? Confused here how to proceed.

 

created a business rule which is not working as expected please see the attached screenshots 

Preview file
162 KB
Preview file
176 KB
0 Helpfuls
  • 617 Views
1 ACCEPTED SOLUTION

Go to solution
Rahul Priyadars
Giga Sage
Giga Sage

‎01-30-2024 09:26 PM

generally we do Incident Resolution and when Incident is Resolved your Primary and Secondary Alerts are Closed.

This is OOTB with some tweak In Alert Management Rules.

 

Regards

RP

View solution in original post

0 Helpfuls
1 REPLY 1

Go to solution
Rahul Priyadars
Giga Sage
Giga Sage

‎01-30-2024 09:26 PM

generally we do Incident Resolution and when Incident is Resolved your Primary and Secondary Alerts are Closed.

This is OOTB with some tweak In Alert Management Rules.

 

Regards

RP

0 Helpfuls