See all incidents created by an alert

Henrik Jutterst · ‎03-30-2023

The Task field on an Alert only shows the current/latest incident related to an Alert, but how/where can I see all the incidents that's related to an Alert? Is there a way for this?

I thought it was easy to find, but I haven't found it yet, and since there's no audit on task field on em_alert table, I can't see it in the history either.

I need a clean and simple view to see all INCs that been created from one Alert.

If I calculate related incidents to an Alert, it's not showing all INCs related to the Alert, but incidents related to the same CI.

The worknotes of an incident show when an alert is unlinked from an Alert - sort of what I'm looking for, but not in one incident at the time:

But again; where can I see all incidents that was created by one Alert?

Rahul Priyadars · ‎03-30-2023

Event --> Alert ---> Incident

All incident on 1 Alert --> I will take it this way - All Incident for a given Type of THRESHOLD Breach Correct as you dont have data point for ur use case.

It can be this way all Incident on a Given CI for a Given Threshold Breach. This data point you can get from Incident Short Description.

Hope This helps

Regards

RP

Henrik Jutterst · ‎04-03-2023

Hi Rahul and thanks for your reply!

Unfortunately I don't think I understand how I can see this based on your answer.

Rahul Priyadars · ‎04-03-2023

From Incident Table ..Take a report of INC no, CI and Short Description ..

Group on CI and Short Description

Regards

RP

Henrik Jutterst · ‎04-03-2023

Ahh, I see. Then I understand.

But I don't think that will work in our case.

The INC has no real connection to the Alert record, and grouping on CI might blend in other created INCs.

Short Description might also include Timestamps, so I don't see that will work unfortunately.

I'm not sure there really IS a way for this... 😕