Forum Discussion

mlockwood's avatar
4 years ago

Ability to have time delayed escalation in alert rule based on severity without breaking ticketing integration (##EXTERNALTICKETID##) upon severity changes

The behavior described here describes what I'd like a solution for: Alert Integrations Overview | LogicMonitor "Because LogicMonitor associates the external reference with a combination of keys that include the alert rule ID, duplicate and/or orphaned tickets can result if multiple alert rules are involved, effectively breaking the connection with the external reference"

We have integration setup with a ticketing system (servicenow).  Essentially I'd like the following result:

  • Warnings sent to the ticketing system after 15 minutes (vs instantaneously) for all devices.
  • Errors and Criticals sent to ticketing system immediately for all devices.
  • If a warning comes in, after 15 minutes escalates out to ticketing system, then 5 minutes later the alert elevates to an error, I want the existing ticket to be updated with the new severity, not for a new (error) ticket to be created and the old (warning) ticket to become orphaned

I know can delay escalations via a combo of empty stages in the escalation chains and setting an escalation interval in the alert rules but this does not work when I want to be selective about the severity AND not end up with duplicate and orphaned tickets.

I believe this is a genuine new feature request, but if I'm simply missing some other config option here, I'm all ears.  Thanks!

No RepliesBe the first to reply