Hello @Sravan33 

1. Navigate to All > Event Management > All Alerts
2. Click New.
3. Fill in the fields, as appropriate.

   Alert form

   Field	Description
   Number	If an alert was created as a result of the event, this field contains the unique ID that Event Management generates to identify the alert.
   Source	Event monitoring software that generated the event, such as SolarWinds or SCOM. Maximum length: 100 characters.
   Node	Node name, fully qualified domain name (FQDN), IP address, or MAC address that is associated with the event, such as IBM-ASSET. Maximum length: 100 characters.
   Type	The metric type to which the event is related, such as Disk or CPU, which is used to identify an event record from which alerts are created. Maximum length: 100 characters.
   Resource	Node resource that is relevant to the event. For example, Disk C, CPU-1, the name of a process, or service. Maximum length: 100 characters.
   Configuration item	JSON string that represents a configuration item. For example, {"name":"SAP ORA01","type":"Oracle"}. The CI identifier that generated the event appears in the Additional information field. Maximum length: 1000 characters. Note: Reference pop-ups and click-throughs are hidden by default for read-only fields. For Configuration item and other read only fields, you can optionally change the read-only setting. For more information, see Configure pop-ups on read-only fields .
   Task	Event Management SLA task for CIs and application services. This is an activity that is associated with this alert. For example, a change request to roll back the database instance to an earlier version.
   Description	A description of the alert.
   Metric Name	Unique name that describes which metrics are collected and for which this alert has been created.
   Message key	Unique event identifier to identify multiple events that relate to the same alert. If this value is empty, it is generated from the Source, Node, Type, Resource, and Metric Name field values. Maximum length: 1024 characters.
   Severity	The severity of the event. The value for this field is copied from the event unless the event closes the alert, in which case the previous severity is retained for reporting. Critical: Immediate action is required. The resource is either not functional or critical problems are imminent. Major: Major functionality is severely impaired or performance has degraded. Minor: Partial, non-critical loss of functionality or performance degradation occurred. Warning: Attention is required, even though the resource is still functional. OK: An alert is created. The resource is still functional. Clear: No action is required. An alert is not created from this event. Existing alerts are closed.
   State	The state of the alert. Open: The alert requires user action. Reopen: The previously closed alert requires additional user action. Flapping: After the alert has been closed, it receives a high frequency of identical events from the same source that causes many alert reopenings. User action is required. Closed: The alert is closed and no further user action is required.
   Acknowledged	Select Acknowledged to indicate that a user has acknowledged the alert.
   Maintenance	A check box that shows whether the resource that is affected by the alert is in maintenance.
   Updated	The most recent time that the alert information was updated.
   Parent	The alert number of the parent alert that this alert is secondary to. This field appears only when this alert is secondary to another alert.
   Knowledge Article	The knowledge article associated with the alert, if any.
   Impacted Services tab
   Impacted Services	System generated content.
   Flapping tab
   Flap count	The number of times the alert has flapped—that is, has fluctuated between a closed and a non-closed state—within the flap interval since the start time in the Flap start window.
   Flap start window	The initial start time to measure the flapping occurrences.
   Flap last update time	The last time flapping occurred. This time is the platform processing time, not the source system time.
   Flap last state	The state before the alert entered the flapping state.
   History tab
   Initial event generation time	The time when the event that generated the alert first occurred. This time is the platform processing time, not the source system time.
   Last event generation time	The last time the event that is linked to the alert occurred. This time is the platform processing time, not the source system time.
   Created	The time that the alert was created.
   Work notes	The additional notes about the alert.
   Activities tab
   Activity	System generated content.
   Additional tab
   Additional information	A JSON string that gives more information about the event. The JSON data is supported for String values only, other value types are not supported. You must convert numbers to String values by enclosing them in double quotes. For example, this value is not supported: {"CPU":100 } while this value is supported: {"CPU":"100"}. Another example of a valid JSON string is: {"evtComponent":"Microsoft-Windows-WindowsUpdateClient","evtMessage":"Installation Failure: Windows failed. Error 0x80070490"}. This information can be used for third-party integration or other post-alert processing. Values in the Additional information field of an Event that are not in JSON key/value format are normalized to JSON key/value format when the event is processed. For example, assume that the following plain text is in the Additional information field “Connection instance is successful”. When the event is processed, all this plain text becomes one JSON string and might not be useful within an alert. In the resultant alert, this string is in the Additional information field in JSON key/value format, containing the data: {“additional_content”: “Connection instance is successful"}.

4. Click Submit.

Plz mark my solution as Accept, If you find it helpful.

Regards,

Samaksh