Articles in this section

See more

How to create a new incident?

Avatar
Matt Latham
  • Updated
Follow
An Incident allows you to track ongoing situations in your network, as determined by its associated events. Learn more about Incidents.

Creating an example incident

Incidents are configured from the Incidents tab of the Event Administration page. This example creates a new SNMP failure incident that:

  • Is raised when one of any three specified SNMP events occur.
  • Is closed when an SNMP Agent Responding event is raised on the same source as the opening events.
  • Ages out after 20 minutes and expires after 60 minutes.
  • Includes two triggers:
    • A derived event which is generated when the incident is open five minutes after it is raised, i.e. State Precondition is set to five minutes.
    • An email which is sent two seconds after the incident is raised.

 

A trigger is a method for associating an action to a change in the state of an incident. You can control what state causes a trigger to action, if there is any delay to that action, and whether the state of the incident after that delay impacts on the action. E.g., you may want to notify an administrator when an incident has been opened for a specified time, and escalate it if the incident is open even longer.

 

To create the example incident:

  1. Click the Main Menu > Administration.
  2. On the Entuity Administration page, click Event Administration.
  3. Click the Incidents tab and then Add.
  4. Define the incident general details. Enter:
    • A meaningful name and description of the incident.
    • In Opened By Any Of click Add, highlight an event and then click OK to add an opening event type. Repeat this for the three event types.
    • In Updated By, you can add events that update the state of the incident. For example, you can select an event that, if raised against the source object, indicates an escalation in the problem.
    • In Closed By Any Of click Add, highlight the SNMP Agent Responding event type and then click OK to add the incident closing event.
    • A 20 minute Age Out and 60 minute Expiry times for the incident.
    • When you want to use the incident ensure you have selected enabled.
  5. Click the Triggers tab and then Add the email notification and derived event triggers.
  6. Define the email notification trigger details and test condition:
    • Enter a meaningful name and description.
    • Set Delay to 2 seconds.
    • Set Condition to All Tests must succeed. Click Add and define the test by setting Type to Variable Test, selecting the email_boolean_send_control variable, Operations to equals and Value to ’true’.
  7. In Actions define the email action. Click Add and define the action in:
    • Type select Send e-mail.
    • Parameters highlight recipients, click Set and then Choose. Set Value Kind to Variable Reference and Variable to the email_network_admin variable.
    • Parameters complete the subject and body parameters.
  8. Click OK to create the trigger.
  9. Define the derived event trigger details and test condition:
    • Enter a meaningful name and description.
    • Set Delay to 5 minutes.
  10. In Actions define the create event action. Click Add and define the action in:
    • Type select Create event.
    • Event Type select the event type on which you want to base the new event.
    • Attributes click Add and then define the new event attributes, for example select name to rename the event.
  11. Close and save your changes by clicking OK to the open Event Management System dialogs.
  12. Your changes are not applied to the Event Management System until you save and deploy the project. Click the Save and Deploy icon, enter a meaningful description of your updates and click OK.

Related articles

Comments

0 comments

Please sign in to leave a comment.