Jan 08 2024 10:57 PM - edited Jan 08 2024 11:01 PM
Greetings
I have a situation where an automation rule, as I understand it, doesn't have effect or isn't triggering. I need some help figuring out if I've missed something. My end goal is to prevent alert grouping for an incident from changing the incident severity that has been set by a preceeding automation rule.
I have an example below where an incident has been created with one alert, an indicent update automation triggers when a certain incident tag is added and changes the severity to low. After that change another alert is added with the severity high which changes the severity of the incident to high which is not the intended logic.
I have therefore created the below automation which, in my thinking, would run late in the process and prevent the alert grouping update task from setting the severity. But this automation rule never seems to trigger, or at least the incident severity is never changed back to the original severity.
Can my logic be achieved in any other way? Like is there a global switch that would prevent all alert groupings from changing the incident severity?
/Fredrik
Jan 09 2024 08:49 AM
SolutionJan 10 2024 01:42 AM - edited Jan 10 2024 04:13 AM
Good point. My logic was was that the trigger should be the original severity of the incident. I've changed the automation to "Severity - Changed From" instead.
Update: After changing the automation to "Changed From" I can verify the automation rule is working as intended.
/Fredrik
Jan 09 2024 08:49 AM
Solution