There are 2 potential reasons for this kind of behaviour where Alerts are not closed when the related Incident state is Resolved/Closed

  1. The schedule job: Event Management - create/resolved incidents by alerts calls the script include: EvtMgmtAlertManagementJob which in turn calls other script include: EvtMgmtAlertActions, which looks for the alert severity and if the severity is "Info" then we ignore these alerts. This is an OOB behaviour.
  2. OOB scheduled job "Event Management - create/resolved incidents by alerts" set to false by default from London. Please refer to the KB: KB0723087 which has more details about this functionality.


Article Information

Last Updated:2019-05-21 11:58:28