Updating an incident when an alert escalation occurs - how can this be done?

Go to solution
tammykuhns
Kilo Guru

‎05-13-2020 06:24 AM

I need to find a way for the incident to be updated with new information (description & severity) based on the alerts which are coming in to event management.   I have tried to add additional Alert Management rules which would update the incident but it appears that the rules are not launched once an incident is related. 

Any ideas how to make this work?  How do others handle an alert being a low severity and then increases to a critical -- how does the support team get notified via an incident?  Any assistance would be appreciated. 

Labels:
0 Helpfuls
  • 2,776 Views
1 ACCEPTED SOLUTION

Go to solution
Ryan Zulli
ServiceNow Employee
ServiceNow Employee
In response to tammykuhns

‎05-13-2020 11:18 AM

Hi - There is no OOB Update Incident flow, you would use the OOB Create Incident flow, and click the 3 vertical dots in the top right hand corner and copy it (change the name) - then in the Create Task step, change that to Update Incident ...

I know Terry will reach out to you and assist - we can also setup a zoom to go over this where I can help as well.

View solution in original post

0 Helpfuls
5 REPLIES 5

Go to solution
Ryan Zulli
ServiceNow Employee
ServiceNow Employee

‎05-13-2020 06:47 AM

Hi Tammy,

I just was answering this same question for another customer - you are on the right track with using another Alert Management Rule - here is how we got it to work ::

 

Create a new alert mgmt rule that captures alerts with attached task that once changed (any change, or severity change) - Rule is activated when --> Alert matches filter

find_real_file.png

Create a subflow to update the incident (instead of create one – simply copy the OOTB flow to update the records instead of create) – you can decide what do you want to change (comment, priority, description etc)

find_real_file.png

Then add in protection - determine how many times this execution should run

find_real_file.png

Screenshots of this working ...

Alert Update ::

find_real_file.png

Incident Update ::

find_real_file.png

WorkSpace Update ::

find_real_file.png

Let me know if this helps...

Thanks,

-Ryan

Preview file
87 KB
Preview file
173 KB
Preview file
299 KB
Preview file
152 KB
Preview file
99 KB
Preview file
215 KB

Go to solution
tammykuhns
Kilo Guru
In response to Ryan Zulli

‎05-13-2020 10:03 AM

Since we don't have an OOB Update Incident in our Flow Designer, would you be able to either export it so I can update my system or provide some screen shots of the hidden steps 🙂

 

This is the exact answer I was looking for.  You made my day

0 Helpfuls

Go to solution
Ryan Zulli
ServiceNow Employee
ServiceNow Employee
In response to tammykuhns

‎05-13-2020 11:18 AM

Hi - There is no OOB Update Incident flow, you would use the OOB Create Incident flow, and click the 3 vertical dots in the top right hand corner and copy it (change the name) - then in the Create Task step, change that to Update Incident ...

I know Terry will reach out to you and assist - we can also setup a zoom to go over this where I can help as well.

0 Helpfuls

Go to solution
mirza_saquib
Tera Contributor
In response to Ryan Zulli

‎02-08-2024 06:21 AM

Hi @Ryan Zulli 

I have the same problem which is mentioned in this chat, I am not able to solve this as some of the steps are not clear, will you please guide me to resolve this issue.

Thanks & Regards

Mirza Saquib Beg

linkedin.com/in/mirza-saquib-beg-262a07208 

0 Helpfuls