Event Mapping
We are making use of an entity called Event mapping to convert an alert into an incident. At the moment, we are employing this entity as a mapping tool for the Priority, Category, and subcategory fields, as well as the Assigned To field.
Event Mapping Form
| Fields | Description |
|---|---|
| Source | Event monitoring software that generated the event. |
| Key | what would be the Key value for Mapping. |
| Active | True/false |
| Type | In this we have two options
|
| From Field | From Which field we are mapping like here we are mapping Priority from Severity. |
| To Field | Field name in which we are mapping. |
| Value | Define the Actual value for this mapping. |
Priority Mapping
The severity of the event serves as the metric for determining the mapping priority.
If we are not sending severity value then we use default Priority "3 - Moderate". it is also configurable.
Category Mapping
In order to create incidents, we are mapping this entity's Category value into the incident creation process. Here the Type is "Constant" so Key and From Field should be empty.
Subcategory Mapping
The value of the Subcategory field from this entity is being mapped into an incident so that it can be created. Here the Type is "Constant" so Key and From Field should be empty.
Assigned to Mapping
The value of the Assigned To field from this entity is being mapped into an incident so that it can be created. Here the Type is "Constant" so Key and From Field should be empty.
Alert Status Mapping
In order to create alert we are mapping Alert status field value Down to New, Down escalation repeat to New and Ok to Closing Like this:
