- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-17-2024 04:06 AM
(function findCorrelatedAlerts(currentAlert){
// Ensure the rule is consistent - the filter for primary and secondary alerts must be distinct.
var result = {}; //Insert your code here
result = {'PRIMARY': [String(currentAlert.sys_id)], 'SECONDARY':['alertID1','alertID2','alertID3']};
return JSON.stringify(result);
})(currentAlert);I want to search for records with matching custom field values and register them for secondary alerts!
I understand that sys_id should be entered in the primary, but what should I enter in the secondary ID of "'SECONDARY':['alertID1','alertID2','alertID3']"?
Even if I put in the sys_id, it didn't work. .
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-17-2024 10:29 PM
Please try with the below code:
(function findCorrelatedAlerts(currentAlert) {
// Ensure the rule is consistent - the filter for primary and secondary alerts must be distinct.
var result = { 'PRIMARY': [String(currentAlert.sys_id)], 'SECONDARY': [] }; // Initialize result
// Create a GlideRecord to query the alert table
var gr = new GlideRecord('em_alert'); // Replace 'em_alert' with your alert table name if different
// Build the query to find alerts with matching custom field values
gr.addQuery('u_custom_field', currentAlert.u_custom_field);
gr.query();
// Iterate through the matching records and add their sys_id to the SECONDARY array
while (gr.next()) {
// Exclude the current alert from SECONDARY results
if (gr.sys_id != currentAlert.sys_id) {
result.SECONDARY.push(String(gr.sys_id));
}
}
// Return the result as a JSON string
return JSON.stringify(result);
})(currentAlert);
Please Mark ✅Correct if this solves your query and also mark 👍Helpful if you find my response worthy based on the impact.
Thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-17-2024 04:29 AM - edited 05-17-2024 04:29 AM
Hi,
In secondary you need to pass the sys_id of the alert which should become secondary.
For e.g. when a new alert is created I can check for similar alerts (e.g. by source and CI). If similar alerts are found, I can set the oldest alert sys_id a primary and current alert sys_id secondary.
In PDI you can check the code in 'Alert correlation rule SAMPLE' to get an idea.
Regards,
Karthik Nagaramu
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-17-2024 10:29 PM
Please try with the below code:
(function findCorrelatedAlerts(currentAlert) {
// Ensure the rule is consistent - the filter for primary and secondary alerts must be distinct.
var result = { 'PRIMARY': [String(currentAlert.sys_id)], 'SECONDARY': [] }; // Initialize result
// Create a GlideRecord to query the alert table
var gr = new GlideRecord('em_alert'); // Replace 'em_alert' with your alert table name if different
// Build the query to find alerts with matching custom field values
gr.addQuery('u_custom_field', currentAlert.u_custom_field);
gr.query();
// Iterate through the matching records and add their sys_id to the SECONDARY array
while (gr.next()) {
// Exclude the current alert from SECONDARY results
if (gr.sys_id != currentAlert.sys_id) {
result.SECONDARY.push(String(gr.sys_id));
}
}
// Return the result as a JSON string
return JSON.stringify(result);
})(currentAlert);
Please Mark ✅Correct if this solves your query and also mark 👍Helpful if you find my response worthy based on the impact.
Thanks
