Override The Assignment Group of the Incident based on a field in the alert

benandress
Kilo Contributor

‎09-26-2019 12:27 PM

Override The Assignment Group of the Incident based on the source that created the event.

 

We have a use case at our company where a monitoring tool is sending us the support group they would like to assign in the payload. We would like to keep a consistent CI, but allow the monitoring tool to determine which support group should receive the incident.

I believe this will be done within the alert management portion of the flow, because we are basing this on a specific source (Trap from Enterprise ___ )

I have tried adjusting the subflow for "create incident" by having the incident task support group field being assigned directly from a field in the alert "Resource". This does not seem to work.

I need to be sure this override is taking place AFTER or IN PLACE OF the automatic assignment from the CI support group.

We are currently exploring creating a custom script include, similar to the "evtmgmtcustomincidentpopulator" but wanted to verify that would be a good solution or if there is something easier or better practice?

 

AND if anyone has been successful with this, i would LOVE to hear how you did it or if we are on the right track?

 

Thank you much!

Labels:
0 Helpfuls
  • 1,023 Views
2 REPLIES 2

robertgeen
Tera Guru

‎09-27-2019 04:03 AM

My go to way of dealing with support group is to create a custom attribute on the alert table that will always have the support group that should be used by the subflow that creates this incident. By doing this you can setup a system in which you set that support group from the CI or in your case from the monitoring source (which would require you to add code in the PostBind/Create/Update scripts to reference the additional_info and look up the appropriate sys_id to save in the field). You can then control overrides using alert management rules and the underlying code for the incident creation never changes it always just looks at that support group field and the rest of your code/alert management rules will set that field. 

Hope this helps.

benandress
Kilo Contributor
In response to robertgeen

‎09-27-2019 06:25 AM

Extremely helpful! I'm going to go and try to implement. I'll let you know if it works for us.

 

Thank you!

0 Helpfuls