Source of Incident Impact Field in Event Management
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎02-13-2020 01:53 PM
How is Incident Impact set when generating an Incident via Event Management's Alert Management Rules ("Create Incident" Flow)?
When the OOB Flow is used to create an Incident, the Incident's Urgency is set by a Flow Action called "Calculate Values (Based On The Alert)" in which the underlying Alert's Severity is mapped into Incident Urgency.
I am trying to locate the source of Incident Impact, and what function that source goes through to map into the Incident's High, Medium, Low choices when using the OOB Create Incident flow.
Thank you,
Chris
- Labels:
-
Event Management
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎02-13-2020 03:02 PM
An Alert Management rule can populate these values for you or there is an Advanced Script titled "EvtMgmtCustomIncidentPopulator". This script is for populating fields in an Incident from an Alert. We use it to set the default Impact and Urgency based on the Severity of the Alert.
Example code:
// ***Alert severity to Impact & Urgency Population ***
if(task.impact=='' || task.urgency =='')
{
if(alert.severity=='1')
{
task.impact = '2';
task.urgency = '2';
return true;
}
else if(alert.severity=='2')
{
task.impact = '2';
task.urgency = '2';
return true;
}
else if(alert.severity=='3')
{
task.impact = '3';
task.urgency = '3';
return true;
}
else if(alert.severity=='4')
{
task .impact = '4';
task.urgency = '4';
return true;
}
else if(alert.severity=='5')
{
task.impact = '4';
task.urgency = '4';
return true;
}
}
// return true;
};
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎02-13-2020 04:52 PM
What Patrick mentioned is true if you are using the old method which you probably aren't since you are looking at the flow designer. In your case the code for it is actually in the Calculate Values (Based On The Alert) flow action that you mentioned. The code for determining it is below:
var getIncidentUrgency = function(){
var incidentSeverity;
if(inputs.severity == 1 || inputs.severity == 2)
incidentSeverity = 1;
else if (inputs.severity == 3 || inputs.severity == 4)
incidentSeverity = 2;
else if (inputs.severity == 5)
incidentSeverity = 3;
return incidentSeverity;
}
Further to this the other value is done as a straight mapping from the severity of the alert. Hope this helps you (remember you can go into flow designer and look at the code yourself to see how it works).
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎02-14-2020 05:26 AM
The Create Incident Flow sets "Urgency" to 2.1.1.1->IncidentUrgency. Looking at the Flow Action, I see:
outputs.incidentUrgency=getIncidentUrgency();
So, we know that the Alert Action "Calculate Values" sets Incident Urgency, but I don't see anything in that flow that explicitly sets the Incident Impact. I also don't see a business rule doing it.
We need to control the possible values that Incident Urgency can be set to, so need to understand how event management sets the Impact in order to know how the Priority Lookup Table will set the Incident's Priority.
