Create Incidents in ServiceOps via AIOps Alerts
To enable incident creation in ServiceOps via the integration established between AIOps and ServiceOps, you can configure the "incident" within the policy settings in AIOps. Once configuration is done for alert in aiops, which subsequently generates an incident in ServiceOps when specific events occur in your infrastructure.
Configuration Steps
Navigate to the specific policy or create a new policy from Policy Settings to map incident creation in ServiceOps with alerts in AIOps.
In the policy configuration settings, locate the Declare Incident section. This section allows you to configure incident creation by selecting the alert severity and choosing the integration profile to be triggered when that severity is reached.
Within the Declare Incident section, go to Select Integration profile to Trigger and select the integration profile from the list. If you have not created any integration profile for ServiceOps then click Create Integration Profile button and create one.
Now, select the severity level for which you want to trigger incident creation in ServiceOps by choosing the appropriate option from the When Severity is drop-down.
Example Scenario
For example, if you have configured the following settings:
Integration Profile: Unified_Service_Connector
When Severity is: Critical
In this scenario, when an alert with a critical severity is triggered in AIOps as per the configured policy conditions, AIOps will automatically create an incident in ServiceOps. The urgency of the ticket created in ServiceOps will be determined based on the mapping between alert severities and incident urgency that you have previously configured while establishing the ServiceOps integration.
Configure ServiceOps Ticket Priority Behavior
ObserveOps lets you control how a ServiceOps ticket's Priority field behaves when the alert severity changes after the ticket is first created.
Priority Lock vs. Dynamic Priority
| Behavior | What It Does |
|---|---|
| Lock Priority on First Trigger | ObserveOps sets the ticket priority when the alert first fires. It does not update the priority if the alert severity increases or decreases later. |
| Dynamic Priority Update | ObserveOps updates the ticket priority each time the alert severity changes — for example, from Medium to Critical — as long as the ticket remains open. |
Steps to Configure Ticket Priority Behavior
Go to Settings and select the ServiceOps integration profile you use for incident creation and open the Field Mapping section of the integration profile then locate the Priority field mapping and select the priority behavior:
- Select Lock to fix the priority at the value set when the alert first triggers.
- Select Dynamic to allow ObserveOps to update the priority as alert severity changes.
In the Impact and Urgency fields, configure how each ObserveOps alert severity level maps to a ServiceOps Impact and Urgency value. The ServiceOps priority matrix uses these two values to calculate the final ticket priority.
Click Save to apply the changes.
How Priority, Impact, and Urgency Work Together
ServiceOps calculates ticket priority using a priority matrix that combines Impact and Urgency. Configure the mapping so each ObserveOps severity level translates to the right combination:
| ObserveOps Severity | Suggested Impact | Suggested Urgency |
|---|---|---|
| Critical | High | High |
| High | High | Medium |
| Medium | Medium | Medium |
| Low | Low | Low |
Adjust these mappings to match your organization's ServiceOps priority matrix.
If the alert severity flaps — for example, toggles between Medium and Critical during an incident — Dynamic priority updates the ticket every time the severity changes. Use Lock priority if you want to prevent ticket priority from changing during flapping.