Opening, editing, and closing tickets

The BMC Defender Server Tickets facility provides the highest level of message correlation, which allows you to view actionable incidents that are detected on the system. Tickets are opened by correlation alerts when the system counters violate user-defined limits.

Tickets are opened or closed based on definitions that are set on the Alerts tab, including the assignee, ticket text, and device or system issue. You can also manually open tickets, which can trigger notifications.

The Tickets facility can interact with third-party incident management systems by using a simple API and a Common Management Database (CMDB).

This topic contains the following sections:

Examining opened and closed tickets

On the Tickets > Opened and Tickets > Closed tabs, you can see the following information:

Filters for the list of tickets—Filter by user, time, thread, and string matching
Ticket Time—Date and time when the ticket was opened
Assigned To—User to whom the ticket is assigned
Ticket Text—Text includes the syslog facility and severity

For each ticket opened by an alert, click the following links to see additional information:

Related Messages—Display the related messages for the ticket, which triggered the source alert
Source Alert Definition—Display the source alert definition, which caused the ticket to open
You can also modify the alert definition, for example, to change the ticket text, severity, or threshold.

To open a ticket

Navigate to Tickets > Opened and click AddNew.
Select the required user or a ticket group to which you want to assign this ticket.
Select the ticket severity.
Enter your ticket description.
Click SaveNew.

Manually opened tickets do not have related messages or source alert definitions.

To edit ticket configuration items

On the ticket Opened or Closed tab, click the numbered button in the Edit column for the required ticket.

Modify the following fields:

Field	Description
Ticket Open Status	Status of a ticket The ticket status is either Opened or Closed.
Assigned To User	Assignee for a BMC Defender Server user Each ticket is assigned to a user who is defined on the System > Logins tab, or to a group that is defined on the Tickets > Config > Ticket Groups tab. The assignee is configured on the Alerts tab.
Ticket severity	Ticket severity Each ticket is assigned a standard syslog facility and severity, which are configured on the Alerts tab.
Ticket text	Ticket text Each ticket has a text value configured on the Alerts tab.
Resolution / Comment	Resolution or comment text You can provide a comment or resolution for the ticket that is retained with the ticket record.
Insert Resolution Flag	Resolution flag to add to ticket text and resolution or comment Select a resolution and click Insert to add it to the end of the ticket text and the beginning of the resolution or comment text. For more information about the ticket resolution text, see Editing-ticket-parameters.

Click Save.

To close a ticket

You can either close an individual ticket or close multiple tickets based on the assignee or a ticket group.

Navigate to Tickets > Opened.
Perform one of the following steps:
- To close a specific ticket:
  1. Click the numbered button in the Edit column for the required ticket.
  2. Set Ticket Open Status to Closed.
  3. Select the resolution from the Insert Resolution Flag list and click Insert.
    The selected value is added in the Resolution/Comment box.
  4. Click Save.
- To close multiple tickets:
  1. Select the required assignee from the Assigned To list.
  2. Click CloseAll at the bottom of the tab.
  3. In the Close All Resolution / Comment box, enter the resolution text.
  4. Select the required resolution from the Insert Resolution Flag list and click Insert.
    The selected value is added in the Close All Resolution / Comment box.
  5. Click Confirm.