Prevent alerts from reopening (create new alerts instead)

Luke Van Epen · ‎12-09-2018

Forgive me as I'm quite new to the Event management product. We have an event > alert integration with Splunk going at the moment. Right now we have it set up so that alerts Reopen and that reopens an incident, which i believe is how it comes OOB.

I've managed to figure out how to stop it from reopening incidents and create new ones instead, however that isn't good enough for the customer, they would like a way to prevent alerts from ever reopening once they are closed. This is easy enough to do with a rule, but they want it so that a new Alert (and new Incident if necessary) is created under the the conditions that would normally cause an Alert to reopen.

I've been reading through the Alert docs and haven't found anything to suggest this is possible via a property or config change (like with the reopening of incidents) which leads me to believe this requirement is going to need some heavy bastardization customization.

Has anyone had to do this before? Hopefully I'm just missing something obvious.

Alexander Mitov · ‎12-09-2018

Go to Event Management >> Settings >> Properties and look for:

Please note that this setting is global and will affect the behavior of all Event Management integrations. More info on those properties is available here.

View solution in original post

Luke Van Epen · ‎12-10-2018

Thanks, exactly what I needed.

Nandhu1704 · ‎04-21-2025

Hello Luke,

In my case, once incident is closed, alert is also closed. But after some time, alerts getting reopened and new incident getting created. If alert is closed, it shouldn't reopen and how to fix it. please assist