Example: Setting incident priority

If you have a mission-critical data center that provides essential services for your operations, you can change the way incidents are prioritized from that data center. You can create a policy to set higher priority to the incidents from the data center than they would have based on the built-in default settings.

About this task

Incident priority ranges from 1 to 5, with 1 being the highest priority. The priority of the incident is based on the severity of the events that make up the incident, with the highest severity event determining the overall priority of the incident. By default, the built-in Set Priority incident policies rank the incidents in importance as follows:

You can change how the priority is determined for incidents from the data center by adding a policy that sets any incident that contains major severity events to be a priority 1 incident, ensuring that issues receive attention more quickly even if they do not yet contain critical events.

This example assumes the data center has the Location attribute in the events set to NewYork

Procedure

Complete these steps to define the policy:

  1. Go to Administer > Monitoring > Policies on the IBM Cloud Pak console.

    Administration Policies hexagonal cell

  2. Click Create incident policy.

  3. Go to Details to enter details.
    1. Enter a name in Policy name, for example, Set priority 1 for data center incidents.
    2. You can also add an explanation of the policy in Description to help you and others understand the purpose of the policy. For example, Set incident priority level to 1 for major events from data center NewYork.

  4. Click Specify conditions in Incidents and set the following conditions:

    1. Go to Conditions > Incident has the following attributes and set the incident attribute as follows: select Priority from the list of attributes, select is higher than or equal to from the list of operators, and select 5 from the list of priority levels.
    2. Ensure you have AND set.
    3. Go to Describe the events that the incident contains and click Add condition to describe incident events.
    4. Set Condition 1 as follows: select Location from the list of attributes, select is from the list of operators, and enter NewYork in the field.
    5. Click Add condition and ensure you have AND set.
    6. Select Severity from the list of attributes, select is greater than or equal to from the list of operators, and select Major as severity.

  5. Optional: When selecting Specify conditions, you can check to see how many incidents would have matched the conditions you set.

    1. Go to the end of the Incidents section, select the number of days between 1 and 30, and click Test. The result shows how many incidents would have matched the policy conditions.

    2. Click Show results to view a list of all the incidents that would have matched the conditions in the set time. Click New test to change the time frame for testing, or if you changed conditions and want to check again for matching incidents.

    Note: If your incident policy sets priority level for incidents, and the priority attribute is used by the conditions of your policy, you might not find any matching incidents after the policy is enabled and applied.

  6. Select the Set priority check box in Action, and expand the section.

  7. Go to Set the priority for the incidents described above and select Priority 1.
  8. Set Enable to On to start using the policy. The policy might take up to 30 seconds to become active and its settings to take effect.
  9. Click Save to save the policy and return to the policy list.

Results

When incidents from the NewYork data center arrive containing major severity events, the priority for those incidents is changed to the highest priority instead of setting them to priority 2. This can ensure that problems occurring at the data center are acted upon before they become critical issues, thus helping to avoid disruptions to service.