Thank you for your feedback.
Form temporarily unavailable. Please try again or contact to submit your comments.

Create or edit an alert rule

Log in to subscribe to topics and get notified when content changes.

Create or edit an alert rule

Select the conditions that an alert must match for the rule to apply, and configure actions that the rule can execute for matching alerts.

Before you begin

To enable remediation, create the workflow to remediate CIs. In the workflow settings, select Remediation Task [em_remediation_task] in the Table field. After you finish configuring the workflow, make sure you publish it.

Role required: evt_mgmt_admin

About this task

You can configure the alert rule to:
  • Use an overwrite alert template to automatically modify alert field values before creating or updating an alert.
  • Use a task template to automatically generate resolution tasks based on alert values, before the alert is created or updated.
  • Automatically generate and link incidents, tasks, or knowledge articles to alerts.
  • Automatically apply a remediation workflow or let users manually run remediation.
  • Automatically construct a URL that is created according to the value of specified fields in the alert.
Note: If more than one alert rule can apply to an alert, if the alert rules resolve the alert with the same action, then only one alert rule is applied, according to order. However, if each of the rules resolves the alert with a different action, then each of these rules apply. For example, if one alert rule creates a KB and another alert rule creates an incident, then both alert rules are applied.


  1. Navigate to Event Management > Rules > Alert Rules.
  2. Click New or select an alert rule to edit.
    Figure 1. Alert Rule form
    Alert Rule form
  3. Fill in the fields, as appropriate.
    Table 1. Alert Rule form
    Field Description
    Name A name to identify the alert rule.
    Active A check box to activate the rule.
    Alert filter The conditions that an alert must meet for the rule to apply. Use the condition builder to construct the rule.
    Order The priority for rule evaluation. Rules with lower-order values are given priority. An alert is checked against every alert rule until a match is found.
    Action tab
    Auto acknowledge A check box to enable automatic acknowledgment of the alert. An acknowledged alert indicates that a user is aware of the issue.

    If this check box is cleared, users must manually acknowledge the alert.

    Overwrite alert template The template that is used to overwrite alert values before additional resolution updates occur.
    Knowledge article A link to the knowledge base article that contains additional information to help resolve the alert.
    Auto open A check box to automatically open a task, such as an incident, change, or problem.
    Type The type of task to create and attach to the alert. For example, if Problem is selected, a problem task is generated with information from the alert.
    Task template The template that assigns actions to the task Type. For example, a task template can assign a person or group to address a Problem task.

    When a Type is selected, the template applies regardless of the Auto open setting in the alert rule. For example, the template can apply to manual or auto-generated tasks as long as an alert rule applies to the alert.

    Remediation tab
    Enable remediation The check box to enable remediation with an Orchestration workflow.
    Execution Whether the workflow selected in the Orchestration workflow field is automatically invoked or users can invoke it manually.
    Orchestration workflow If the Enable remediation check box is selected, the remediation workflow runs.
    Launcher tab
    Enable The check box to launch web-based applications from the Alert Console or dashboard alert panel.
    Display Name A descriptive name for the window that appears when users launch the application.
    URL A dynamic URL that uses specified fields in the alert, including the Source and Additional Information fields. For example, the values in these fields in the alert replace the parameters in the URL: http://${source}.com/${my_application}.

    In an alert, the value in the Source field is used for the {source} section of the URL.

    The Additional Information field contains a JSON code with the value of {my_application}, such as {'my_application':'application_name'}.
  4. Click Submit or Update.