- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎07-29-2019 01:22 PM
When an Event comes into ITOM, can it be held for a period of time (say 5 minutes) to see if it clears before it creates an Alert? We have some alerts that come in from our network monitoring tools that we dont want alrts for unless the device has been down for more than 5 minutes.
Solved! Go to Solution.
- Labels:
-
Event Management
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎07-30-2019 01:27 AM
Hi Nigel,
you can create the property 'evt_mgmt.alert_rule_delay' as a type 'integer' in sys_properties with the value of seconds the system should wait to run the alert rules. This will let the system wait the number of seconds before it processes the events. If it finds closed events, then no alerts will be created.
But this solution is for all events - no individual settings possible.
Regards,
Natascia
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎07-29-2019 02:34 PM
Out of the box - no. Using time based parameters in Alert rules such as 'Created' "relative on or after 5 minutes ago" does not work I am afraid. I was gifted some custom code by one of the SNOW ITOM guys but we never leveraged it. It forced you to wait on ALL alerts before creating an Incident: basically it sets a universal dwell period.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎07-29-2019 03:39 PM
Maybe I'm misunderstanding this, but I believe that ServiceNow can totally do this. We are talking about "event rules" here.
Alert rules create incidents or other type of tickets, but before an incident gets created an alert needs to be generated out of an event.
You can create an event rule and under 'Threshold' set to active, and set "Over" to 300 seconds.
You can do the same thing for scenarios along the lines of only create an alert after an X number of events are generated.
Here is some of the documentation: https://docs.servicenow.com/bundle/london-it-operations-management/page/product/event-management/tas...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎07-30-2019 01:27 AM
Hi Nigel,
you can create the property 'evt_mgmt.alert_rule_delay' as a type 'integer' in sys_properties with the value of seconds the system should wait to run the alert rules. This will let the system wait the number of seconds before it processes the events. If it finds closed events, then no alerts will be created.
But this solution is for all events - no individual settings possible.
Regards,
Natascia
