Skip to main content
Version: On-Premise 2.4

Three Ways to Create an Incident

Incidents are created in one of three ways:

  1. Event Parsing:
    Event parsing is the mechanism for examining incoming messages and extracting relevant information from them (such as server name and the related event's nature). By using a short VB or C# program, events may be converted to incidents and displayed in the Resolve Actions Express dashboard.

    When Actions Express receives an event, the list of event parsers is scanned to determine whether the event matches the criteria of one of them. The first that matches the event parses it; therefore, the order of event parses in the list is highly significant.

    note

    To learn more about creating event parsers refer to Understanding Event Parsing.

    After the event is parsed and the incident is created, it will go through the trigger list to determine whether it should invoke a workflow.

    The new incident will be displayed in the Actions Express LIVE dashboard whether or not it invoked a workflow.

  2. Mapping:
    When an event is created by an external integration it must be mapped to an event in the Resolve format.

    Mapping configuration is performed during module configuration. In real-time, it replaces the event parsing. 

  3. New Incident Activity:
    You can create a workflow that will create a new incident. To do this, include the New Incident activity in the workflow.  An incident will be created using the data that was entered into the New Incident activity.

    The main difference between the previous two methods and this one, is that with the workflow activity, the workflow is triggered before the incident. The new incident will go through the list of triggers. If a matching trigger is found, another workflow will be executed. If not - the new incident will be dropped.