cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Prevent alert grouping from changing severity?

TheHoff70
Brass Contributor

‎Jan 08 2024 10:57 PM - edited ‎Jan 08 2024 11:01 PM

‎Jan 08 2024 10:57 PM - edited ‎Jan 08 2024 11:01 PM

Prevent alert grouping from changing severity?

Greetings

 

I have a situation where an automation rule, as I understand it, doesn't have effect or isn't triggering. I need some help figuring out if I've missed something. My end goal is to prevent alert grouping for an incident from changing the incident severity that has been set by a preceeding automation rule.

 

I have an example below where an incident has been created with one alert, an indicent update automation triggers when a certain incident tag is added and changes the severity to low. After that change another alert is added with the severity high which changes the severity of the incident to high which is not the intended logic.

TheHoff70_1-1704783020684.png

 

I have therefore created the below automation which, in my thinking, would run late in the process and prevent the alert grouping update task from setting the severity. But this automation rule never seems to trigger, or at least the incident severity is never changed back to the original severity.

TheHoff70_2-1704783321118.png

 

Can my logic be achieved in any other way? Like is there a global switch that would prevent all alert groupings from changing the incident severity?

 

/Fredrik

 

Labels:
228 Views
0 Likes
2 Replies
Reply
2 Replies
best response confirmed by TheHoff70 (Brass Contributor)
GBushey

‎Jan 09 2024 08:49 AM

‎Jan 09 2024 08:49 AM

Solution

Re: Prevent alert grouping from changing severity?

It looks like you are checking for two different values for the Severity: "Changed to High" and "Equals Low" which are mutually exclusive so the rule would not fire.
0 Likes
Reply
TheHoff70

‎Jan 10 2024 01:42 AM - edited ‎Jan 10 2024 04:13 AM

‎Jan 10 2024 01:42 AM - edited ‎Jan 10 2024 04:13 AM

Re: Prevent alert grouping from changing severity?

@GBushey 

Good point. My logic was was that the trigger should be the original severity of the incident. I've changed the automation to "Severity - Changed From" instead.

Update: After changing the automation to "Changed From" I can verify the automation rule is working as intended.

 

/Fredrik

0 Likes
Reply
1 best response

Accepted Solutions
best response confirmed by TheHoff70 (Brass Contributor)
GBushey

‎Jan 09 2024 08:49 AM

‎Jan 09 2024 08:49 AM

Solution

Re: Prevent alert grouping from changing severity?

It looks like you are checking for two different values for the Severity: "Changed to High" and "Equals Low" which are mutually exclusive so the rule would not fire.

View solution in original post

0 Likes
Reply