Set incident caller from a regex value within an e…
Why do you need to change the incident caller field ? Best practices is to set this to ‘Event Management’ so that when you want to report auto-created incidents from EM, you can use this filter conditions.
If you want to capture user-id information, use any of the event fields and map it to alert and incident. For example, capture the user-id details in description or additional information via regex in event rule ‘Transform and Compose Alert Output’ section.
If this helped to answer your query, please mark it helpful & accept the solution.
Thanks,
Bhuvan
Read more here: Source link