What is an alert token?
An alert token is a placeholder added to an alert that is escalated as an Incident so that the Incident includes the data the token represents. For example, if $alert.serviceName (Alert metric) is added to an incident, after the alert is escalated as incident, the incident will include the alert’s metric name.
Tokens are divided into three categories:
- Alert: Alert category is divided into Alert specific tokens and Alert’s Resource tokens
- Policy: Policy category consists of the Policy name token.
- Functions: Functions category consists of the Substring token. Substring is a string between pointer for reference start character and reference end character. Reference pointer is the delimiter.The substring function token allows you to create dynamic description for an Incident. Delimiter is used to specify boundaries for identifying appropriate string in a data stream. startDelimiter indicates the beginning element in a character string. endDelimiter indicates the end element in a character string.
For example, a user wants to extract Site Account from the Alert Description and set the account number to Account Id of the Incident record. See the below screenshot.
Example of substring token
To extract the Account ID from the Alert Description, use the substring ($function.substring(<String>,<startDelimiter>,<endDelimiter>) ) function. Provide token $alert.description as input AT SITE ACCOUNT NO= and endDelimiter need not be configured indicate a natural end delimiter.
Example of configuring a substring
Can we escalate an alert that displays an OK state as Incident?
No, you cannot escalate an alert that displays an OK state as Incident.