- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-24-2023 05:02 AM - edited 07-24-2023 05:30 AM
Hello,
I'm looking for a way to put alerts into maintenance without relying on the out of the box maintenance rules.
Ideally, it shouldn't have anything to do with the CIs in the CMDB and be usable through the API. For e.g. alerts from a particular source and having a particular metric name need to be in maintenance.
I was thinking I could use event rules/field mapping to set maintenance flag but that doesn't seem to work.
Any ideas on how I can get this to work?
Thanks,
Karan
#itom #eventmanagement #maintenance
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-25-2023 05:42 AM
I was able to resolve this myself. Sharing the solution here in case someone is interested.
It looks like there's an out of the box Subflow to mark the alert in Maintenance named "Change Alert to Maintenance Mode"
The process to mark the alerts in maintenance would be the following:
- Add a event field mapping to include a custom field in the additional_info of the alert. For this example, the field being added can be "maintenance.true". The value of the field doesn't matter as it's not something we can trigger on.
- Use the presense of the additional_info field "maintenance.true" in the alert filter of an Alert management rule.
- The action of the Alert management rule will be to use the OOB subflow "Change Alert to Maintenance Mode"
To make this triggered through an API, use the table api to create an entry in the em_mapping_rule to mark the relevant alerts with the maintenance.true field in the additional_info of the alerts that are required.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-15-2024 06:30 PM
Am curious to know, what happens if the alert is now out of the maintenance window? if the event is received and updates the alert, in this case, The additional_info.maintenance.true is still present in the alert that was updated during maintenance window, so it will match the "Change Alert to Maintenance Mode" subflow which is not correct ofcourse, depend on whats the Alert Management rule execution value was set for this?
