Join this online group to communicate across IBM product users and experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.
Purpose of the Workflow: Downstream Alert Suppression
Description: This IBM Rapid Network Automation workflow allows us to suppress certain alerts before they are sent to other systems such as ITSM or ticketing systems (in this example we use ServiceNow).
There are different situations where we would want to suppress alerts that have been triggered on any NMS, in this example we are suppressing alerts generated because a remote office has lost internet connection. This is the typical situation where, if no alert suppression strategy has been put in place, hundreds of even thousands of alerts are triggered when the internet connection of a remote office is lost.
In order to avoid this flooding of alerts, we can use RNA to run a check before sending the alert to the ticketing system:
As devices are polled at different times, a 'wait' of 60 seconds has been added to the workflow to avoid situations where the NMS has not detected yet that the internet router is down.
This workflow has to be considered an example, because different companies and different NMS instances will have different naming conventions and ways to identify internet routers (for example using metadata), however the structure of the proposed workflow can be modified to use different ways to identify internet routers and offices/locations.
List of requirements:
Rapid Network Automation Version: 1.1 or newer
SevOne Version: 6.6.0 or newer
Environment Required:
NMS Credentials
ServiceNow Credentials
Setup:
Expected Results:
There should be incidents in ServiceNow every time an internet router goes down, or when a normal device goes down and the internet connection has not been lost.