Would like to set severity on event/ alert based on an attribute of affected CI
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-28-2020 12:46 AM
I have SNMP traps coming in, and while a MID Listener transform script would take care of setting some fields (resource, message key), I cannot set the severity until I check CMDB.
I have tried setting a before insert rule on em_event in order to update it then, but the rule seems to be ignored. Oddly enough, if creating the event by hand in the platform, the rule works as expected.
Any ideas how this could be achieved? Also, is there a way to capture the headers of an SNMP trap?
PS. I have also tried to place a rule before insert on the Alert. The rule works once - but after that, on subsequent events that should be matched to the same alert, severity is overwritten.
Kind regards,
Nick
- Labels:
-
Event Management
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-28-2020 06:40 AM
Hi Dom,
No, there is no such indicator. I have tried custom business rules on the alert table - and it works when the first event comes, but when a secondary event comes the priority is overwritten (with whatever default I had to put). If I do not use any default - I get an error on the processing of the event- saying Invalid Severity.
Nick
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-28-2020 06:46 AM
PS. If I cannot find a solution soon - I will just use a default severity and have the correct priority only on the incident - where I can actually script the impact/ urgency fields
