We have configured integration with third-party tools to receive events in TrueSight and also configured integration with BMC Remedy to trigger incidents for such events. But the events received from third-party tools are not auto closed when problem is cleared as a result Remedy incidents remain open and are never resolved automatically. So we have directed our Service Desk personnel to resolve the incidents manually when problem is fixed but then events still remain open in TrueSight. Is there any way to auto-close events in TrueSight when their corresponding incidents are resolved/closed in Remedy? |
This can be achieved with below MRL rule which would close original event upon receiving EVENT_INCIDENT_INFO (for Event-Based Incidents) and/or CI_INCIDENT_INFO (for CI-Based Incidents) with incident status as "Resolved" or "Closed". *********************************************************************** execute event_incident_info_close_orig: EVENT_INCIDENT_INFO($I) using { EVENT ($EV) where [ $EV.CLASS != ALARM AND $EV.mc_ueid == $I.mc_relation_source ] } when $I.incident_status within ["Resolved","Closed"] { $EV.status = CLOSED; $I.status = CLOSED; ntadd($EV,"Closed as Incident Resolved/Closed in Remedy"); } END execute ci_incident_info_close_orig: CI_INCIDENT_INFO($I) using { EVENT ($EV) where [ $EV.CLASS != ALARM AND $EV.mc_ueid == $I.mc_relation_source ] } when $I.incident_status within ["Resolved","Closed"] { $EV.status = CLOSED; $I.status = CLOSED; ntadd($EV,"Closed as Incident Resolved/Closed in Remedy"); } END *********************************************************************** Follow below steps to implement this MRL rule. 1. Copy attached ibrsd_autoclose_original_event.mrl and place it in MCELL_HOME\etc\<cell_name>\kb\rules directory. 2. Make an entry for this MRL by putting follwing in .load of rules directory. ibrsd_autoclose_original_event 3. Compile cell KB with below command. mccomp -n <cell_name> 4. Restart cell. Where <cell_name> is the cell which propagates events to IBRSD/SDIG gateway for incident creation. Note: The above solution excludes ALARM events as auto-closing those may cause an inconsistency between the cell and the backend database. To apply the same rule for ALARM class event, one can remove the criteria "$EV.CLASS != ALARM" from where condition in both rule definition. |