YulNaumenko
commented
3 years ago Based on the team discussion, was decided to solve the problem in two steps:
- Create a short term solution, where Resolved action group will be unavailable for ServiceNow, Jira and IBM Resilient action types. The proper issue is opened #83452
- @arisonl will investigate how competitors implemented this integration. Does someone else support deduplication/ resolution features for incidents in ServiceNow, Jira or IBM Resilient. If it is, we should start working on the long term approach for adding similar support for Kibana Alerting.
mikecote
elasticmachine
timorkal
cnasikas
doakalexi
It would be great to leverage the new recovered action group to make alerts resolve certain types of incidents when they recover. There is currently no way to deduplicate incidents in ServiceNow, Jira and IBM Resilient to find the right incident to resolve. If there could be something similar to PagerDuty, that would be great.
Original description
In the [issue](https://github.com/elastic/kibana/issues/77772) we are changing the grouping field for ServiceNow, Jira and IBM Resilient from {{alertId}} to {{alertInstanceId}}. But there is no similar way as for PagerDuty to avoid duplication of incident creation. We need to do an API call to check if the incident for a current alertInstanceId was created. Similarly there is no way to Resolve created incidents as we do for PagerDuty. ServiceNow, Jira and IBM Resilient requires to do a separate API call with the existing incident Id to change the status to Resolved. Do we planning to support Deduplication and Resolve mechanism for ServiceNow, Jira and IBM Resilient with the current limitations?