Hey there - has anyone done anything fancy with integrating Orion with their ticketing system? Right now, we just have Orion sending emails to an address that generates tickets into our ticketing system (ServiceNow, for the curious.) We have reset notices going to our team distribution list, not to create tickets (of course).
However, this creates a lot of duplicates, in cases where a disk may go over and under threshold, or CPU or memory thresholds. Also, we have had people accidentally close out tickets when the alert had not reset - if you have 12 alerts and 11 resets, you might close all of them accidentally, thinking they had all reset. I'd rather have an existing ticket (one that hasn't been closed yet) get updated if an alert flaps a dozen times, instead of have 12 duplicate tickets. It would also be nice to NOT allow a tech to close a ticket for a triggered (not reset) alert.
I have thought it would be a good idea to have our ticketing system have a better idea about actual current alert status, but I need to make sure I'm tracking the right things. It looks like Basic alerts are uniquely identified by the AlertID from the Alerts table, and Advanced Alerts are uniquely identified by the AlertDefID in the AlertDefinitions table? I'm thinking that I can get our ticketing system to track triggered and reset alerts by a combination of the AlertID or AlertDefID, and NodeID, plus VolID or AppID for applcation and volume alerts.
Has anyone had any experience doing this? Obviously, the heavy lifting for me will be doing the work in our ticketing system email handling rules, but I wanted to make sure my assumptions about the above are correct first :->