-
Notifications
You must be signed in to change notification settings - Fork 0
/
alert_aggregation.js
32 lines (30 loc) · 1.32 KB
/
alert_aggregation.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
// Look for open alerts from a specific source created in the past 60 minutes, that are not attached to an incident. Run a sub flow if more than 50 such incidents exist.
var gr = new GlideAggregate("em_alert");
var alerts = new GlideRecord("em_alert");
gr.addAggregate("COUNT","type.name");
gr.addQuery("source","Netact");
gr.addQuery("sys_created_on",'>=', gs.minutesAgo(60));
gr.addQuery("state","IN", "Open,Reopen,Flapping");
gr.addNullQuery("task");
gr.groupBy("type.name");
gr.groupBy("description");
gr.query();
var alertType;
inputs = {};
while (gr.next()) {
gs.addInfoMessage("Type: " + gr.getDisplayValue("type.name") + "," + gr.getDisplayValue("description") + "," + gr.getAggregate("COUNT","type.name"));
if (gr.getAggregate("COUNT","type.name") > 50) {
alertType = gr.getDisplayValue("type.name");
alertDescription = gr.getDisplayValue("description");
alerts.addQuery("source","Netact");
alerts.addQuery("type.name",alertType);
alerts.addQuery("sys_created_on",'>=', gs.minutesAgo(60));
alerts.addQuery("state","IN", "Open,Reopen,Flapping");
alerts.addNullQuery("task");
alerts.query();
inputs['alertrecords'] = alerts;
inputs['alerttype'] = alertType;
inputs['alertdescription'] = alertDescription;
sn_fd.FlowAPI.executeSubflow('global.create_incident_from_alert_list', inputs);
}
}