I've built a fairly substantial SD environment - many different parts of Kaseya generate tickets, including various event and service monitors, plus Network Monitor. We use KNM pretty extensively for performance alerts and monitoring network services (SMTP, web, etc..)
Tickets arrive in SD and are parsed by the intake procedure. This identifies the monitor source, extracts information about the type and class of monitor, the target priority, and whether the alert can be auto-remediated. It dispatches the agent procedure for remediation if defined, or just marks it as a manual ticket. It dedups and consolidates repeat tickets, cancels performance and other non-critical tickets during certain hours when high loads are expected, and even calls our on-call team for P1/P2 tickets based on the customer's defined coverage schedules. I've been pretty happy with everything until now - I'm stumped and could use any available insight from the experts out there..
Here's our challenge - when Network Monitor loses a gateway connection, it sends an email with "network_name- Gateway connection notification". It does not identify the name of the gateway server. The email is sent by the default Kaseya send-as email (Kaseya@mycompany.com). The network name uses a "customerID.site" format, so we know the customer and the site, but nothing more.
I want to process this alert in service desk. I configured the email to be sent to "KaseyaIntake@mycompany.com". The ticket arrives at SD, is associated with "mycompany" because that email is associated with a user account in "mycompany". The ticket passed through all of the processing and arrived in ConnectWise as coming from our company, even if the failure was for another client. Because the subject did not fit our standard format for alerting, the priority was unable to be determined and defaulted to "low", so no after-hours call notification was made.
I added some logic to the SD Intake procedure to identify when the ticket subject contains this specific message. I trim the subject to get everything before the "- ", which is the Site ID, and then split off everything before the first dot, which is the customer ID.(just the way we define our discovery networks) Armed with this, I generate an email address "Alert@<CustID>.com", which doesn't really exist, but IS defined as the email for a user account called AlertIntake. One of these accounts is created for each customer on KNM. The parsing logic then sends an email back to Kaseya using our standard header format, with the Customer ID and Site ID strings included in the subject line. The generated "alert" email is used as the "from" address, when then associates the new ticket with the correct client. The initial ticket that was generated from the KNM gateway email is then cancelled.
This all works - the redefined ticket arrives, the subject is parsed, and all the parameters are set into the ticket just like I expected. HOWEVER, the ticket does not progress past the first Stage Entry stage. I would expect the ticket to hit Stage 1, have the remediation procedure identified (if any), have the Repeating Ticket (not dup) detection performed, and (in this case for a non-remediable ticket), progress to stage 2, then Stage 3 where the email is sent to ConnectWise and the After Hours notification call would be made. Instead, the ticket sits in Stage 1 with "new" status. When I examine the ticket, it is complaining that it has no associated Inventory Asset ID in that field.
Here's the rub - the ticket isn't associated with a specific host - the entire site is down. If I don't select a specific asset, the ticket can't move through SD, which is essential because this is an after hours priority ticket! If I could assign just the root group (CustID.root), that would suffice for us, but the ticket still gripes about not having an asset/machine ID. I could add the name of the KNM Gateway server to our (custom) Sites table and extract that, but that adds a whole level of additional management overhead (have to remember to change the Sites record for that customer/site when the server is replaced. (It doesn't have to point to the actual gateway machine, just a valid machine at that site). When I first manually edit the ticket, it says that the field requires a valid group or machine ID, but it isn't satisfied with the group ID. Oddly, when the initial ticket from KNM was allowed to pass through as-is, none of the data was populated in the ticket, but it did not complain about a missing machine ID!
Sorry for the epic story, but the detail might help understand what's going on. I'd appreciate any ideas on either how to identify a host at a site in KNM (we know the KNM Site ID, but not the complete machine group), or coming up with an alternative solution. I even tried creating an agent called "gateway" but it's a template and can't be assigned.
Problem solved - turned off the requirement for an associated agent ID. :)
We don't require an agent, but I did have a similar problem with associating the ticket its proper client account... the way we did that was to just blank the original email address, and then use parse the subject for the machine group, and then use SQL to select the machine groups KNM Gateway machine and add it to the ticket... which automatically gets it associated with the proper client, which then shows up properly in our PSA. Just thought I would add another alternative to this.