Ticket groups

When creating an alert of any type, the Assigned To field specifies whom the ticket is assigned to. This is a drop-down menu on all the Alert screens.

 The Assigned To field can be any BMC Defender Server defined user. However, the Assigned To field can also be a functional unit in the organization, such as DB_Admin. Ticket groups are useful in several ways:

• Organizing Tickets—You can add and use a ticket group to assist with the organization and tagging of ticket data with a username. Specifically, the operator can view the tickets assigned to any user on the system (that might be of interest to the user). The Assigned To field appears as a drop-down item on the Tickets > Opened and Tickets > Closed fields.
• Organizing Ticket Actions—When a ticket action is created (through the Ticket > Actions screen) the action can match the Assigned To group. This enables you to receive e-mail notifications for a particular group, or other actions that include the group name to be executed. The Ticket Group appears as an environmental variable in all ticket actions scripts, facilitating custom scripting.
• Tracking Status—The number of opened and closed tickets, and total ticket count is available using the View Groups link at the top and upper-right corner of the Tickets > Opened and Tickets > Closed screen. The operator can click this link (in a fashion similar to the View Groups link on Devices and Threads screens) to see the relative activity associated with each ticket group.

Creating good ticket groups can facilitate the general organization of the system and assist with complex notifications associated with sending an e-mail from certain types of tickets or other notifications. Experience shows that creation and maintenance of good Ticket Groups are well worth the administrative effort.

Editing Tickets

You can edit a ticket to change the assignee, the ticket message, the severity, and to supply a text message resolution. You can also set the status of the ticket to either Opened or Closed. This enables you to record pertinent facts about the ticket, such as what corrective action was necessary.

The Resolution field of the ticket can be set to any arbitrary text string to explain how the situation was resolved. This value is permanently connected to the ticket, but not checked for accuracy. The value might be important when using third-party incident management systems, as discussed in the further sections. The default resolution value is None.

Closing And Deleting Tickets

When you close tickets, they are removed from the Opened tab and added to the Closed tab. The closed ticket contains all the information of the open ticket and can be further edited, such as to change the ticket resolution, or to change the ticket status back to Opened.

To close a ticket, follow these steps:

1. Click the Update # option for the ticket.
2. Set the ticket status to Closed.
3. Click the Update option.

As an alternative, you can close all the tickets (currently displayed on the top-level screen) using the Close All option beneath the list of opened tickets. This provides a fast method of closing all tickets and generates an Audit message to the syslog indicating the username and source IP address of the user that closed these tickets.

Finally, administrators can delete a ticket rather than close the ticket. This removes the ticket permanently from the system rather than moving the ticket to the Closed list. This function is available only to administrative users.

Manually Adding Tickets

Normally, tickets are opened automatically by the system by the Alert facility. However, it might be convenient or necessary to manually open a ticket, to test ticket automation for instance, or to annotate a problem that is visible in the system, but has no corresponding correlation logic.

You can manually open a ticket by clicking the AddNew option that enables you to add arbitrary text, assign the ticket to a particular user or ticket group, and assign a severity to the ticket. In this case, the ticket is identical to a ticket that has been automatically opened, except that the ticket has no related messages or source alert definition (described further).