When using a Team -> Incident Rule, it's possible to "Increase incident’s priority to the highest priority of the alerts associated after incident creation" This function works well when the alert escalates.
HOWEVER - there does not seem to be a way to set the initial Incident Priority based on the Alert Priority which created it. Almost every other field appears to map from Alert to Incident on creation - but Priority and Extra Properties.
We are using our AKiPS monitoring platform to create an Opsgenie Alert with a of metadata about the event: Building, Closet, Service Priority - to name a few. If the Priority is P3 or higher, we want to automatically create an Incident and send alerts from that. Incidents also provide us visibility on a rollup of alerts based on location. This means that Opsgenie is our event correlation engine.
E.g. - we use Incident rules to map key/value pairs for "Building" and "Service" to the appropriately named Opsgenie Services. This means that for every Building/Service combination I get from AKiPS, I need to have exactly one Incident rule.
If I *then* need a rule for every Building/Service/Priority combination - the number of Incident rules go from being large to being out of control.
Ideally, having "Impacted services" be fed from Alert Tags or Extra Properties and Incident Priority be able to use the Alert Priority would allow me to use one Incident Rule to simplify all this work.
Is there currently a way to set the incident priority to {{priority}} like some of the other fields? If not, can I submit an RFE for this feature?
Secondly, is there any way to set "Impacted services" on an Incident using the tags or extra properties on the alert which created it? If not, can I submit an RFE for that feature as well?
Hi @Ben Higgins ,
Thanks for reaching out. Happy to assist, and provide some workarounds, feedback, etc.
Is there currently a way to set the incident priority to {{priority}} like some of the other fields? If not, can I submit an RFE for this feature?
There currently isn't a way to set the initial incident priority based on the alert priority which created it. I'll definitely enter a feature request on my end if we don't already have one.
You alternatively can set a hardcoded incident priority through the incident rule, so if you knew what the alert priority would be, you could map the incident's priority to it:
I understand it's not dynamic so it's really not the best workaround. Otherwise, the closest thing like you mentioned is having the "Increase incident’s priority to the highest priority of the alerts associated after incident creation" checkbox selected in the incident rule.
Secondly, is there any way to set "Impacted services" on an Incident using the tags or extra properties on the alert which created it? If not, can I submit an RFE for that feature as well?
I may need a bit more clarification on this one. I understand you use incident rules currently, but it sounds like you are trying to filter on the tags / extra properties? And if the filter + conditions of the incident rule matches, select the impacted service that's affected?? Something like this:
You mentioned as well - "Almost every other field appears to map from Alert to Incident on creation - but Priority and Extra Properties" - which is unfortunately the case. Extra properties cannot be automatically added into the incident at this time. I know there is a feature request for this as well, and I'll get you added to it on my end.
If you did know the extra properties that would be added to the alert, you could dynamically have this included into the incident as well. You can configure these in an incident rule with something like {{extraProperties.extra_property_value}}:
Hope this helps! Let us know if you have other questions.
@Nick H - it does appear that {{extraProperties.extra_property_value}} is listed in the documentation anywhere. That may be a very powerful piece of information for us ...
When the first alert matches an incident rule - the incident is created with details from that first alert. For our purposes, lets set building to extraProperties.building}}
When the *second* alert matches that same incident rule - can the rule *update* the incident with additional data?
Example - Alert1 created an Incident and sets extraProperty.building to "Building A". If Alert2 comes in and has extraProperty.building set to "Building B" can it update the incident with more data? Can "Building B" be added to the incident in anyway?
I know the Priority can increase if Alert2 has a higher priority than the incident - but can an Incident Rule update an existing incident for the second alert and beyond?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
{{extraProperties.extra_property_value}} is an example of our string processing! I should have linked that in my last response:
https://support.atlassian.com/opsgenie/docs/string-processing-methods-in-opsgenie-integrations/
As for "Alert2" (or any additional associated alert), those alert's extra properties will not carry into the incident. I've added your suggestion to the same ticket of parsing extra properties into an incident automatically.
That ticket for reference is OGS-1476; Transfer Extra Properties Into Owner Alert and Incident. Since our tickets are not public, we'll reach out directly if/when there are any developments!
Let us know if we can assist with anything else.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.