Example: Assigning high priority incidents automatically
You can create incident policies to automatically assign specific incidents to a group or a user. You can also send notifications about the incident to groups, users, and tools such as Slack.
About this task
In this example, you want all high priority incidents that include events from the WebSphere MQ resources to be automatically assigned to the WebSphere MQ administration group. At the same time, you want to notify the group's team leader of such incidents. Setting up this policy helps route incidents to the correct personnel efficiently.
Incident priority ranges from 1 to 5, where 1 is the highest priority. The priority of the incident is based on the severity of the events that make up the incident, with the highest severity event determining the overall priority of the incident.
For example, if an incident contains critical severity events, then the incident priority is set to 1, the highest priority level. This is the default behavior, and is based on a set of built-in incident policies that set the priority of incidents. Adding new policies or modifying the built-in policies changes the default behavior. For more information, see Events and incidents.
Procedure
Complete these steps to define a policy for assigning a group to incidents for WebSphere MQ resources:
-
From the Cloud APM console menu bar, select Administration and, in the page that opens, click Policies.
-
Click Create incident policy.
- Go to Details and enter policy details.
- Enter a name in Policy name. For example,
Assign high priority MQ incidents to WMQ admins
. - You can also add an explanation of the policy in the Description field to help you and others understand the purpose of the policy. For example,
Automatically assign any priority 2 or higher incidents from WebSphere MQ to the WMQ admin group, and notify team leader
.
- Enter a name in Policy name. For example,
-
Click Specify conditions in Incidents, and set the following conditions:
- Go to Conditions > Incident has the following attributes and set the incident attribute as follows: select Priority from the list of attributes, select is higher than or equal to from the list of operators, and select 2 from the list of priority levels.
- Ensure you have AND set.
- Go to Describe the events that the incident contains and click Add condition to describe incident events.
- Set Condition 1 as follows: Select Resource type from the list of attributes, select contains from the list of operators, and enter mq in the field.
-
Optional: When selecting Specify conditions, you can check to see how many incidents would have matched the conditions you set.
-
Go to the end of the Incidents section, select the number of days between 1 and 30, and click Test. The result shows how many incidents would have matched the policy conditions.
-
Click Show results to view a list of all the incidents that would have matched the conditions in the set time. Click New test to change the time frame for testing, or if you changed conditions and want to check again for matching incidents.
Note:
If your incident policy sets priority level for incidents, and the priority attribute is used by the conditions of your policy, you might not find any matching incidents after the policy is enabled and applied.
-
-
Select the Assign and notify check box in Action, and expand the section.
- Click Add assignment / notifications.
- On the Groups tab, select the WebSphere MQ administration group in the Assign column.
- Go to the Users tab and select the check box for the group's team leader in the Notify column.
- Set Enable to On to start using the policy. The policy might take up to 30 seconds to become active and its settings to take effect.
- Click Save to save the policy and return to the policy list.
Results
When priority 2
or higher incidents are created based on events received from WebSphere MQ resources, the incidents are automatically and immediately assigned to the WebSphere MQ administration group to take action. Each group member
receives an email with the option to either investigate the incident, or to assign the incident to themselves straight away. In addition, the group's team leader is notified to keep track of such high importance issues.