I am trying to create a ticket with SNOWINCIDENTSTREAM command but it is giving me a error stating "Failed to create ticket".
What could be the possible reason for the same?
Please post the search query.
sourcetype="CPURates" earliest=-5m latest=now
| stats avg(CPU) as CPU last(time) as time by host
| where CPU>=95 | eval contacttype="email"
| eval ciidentifier=host | eval priority="1"
| eval category="Software" | eval subcategory="database"
| eval shortdescription="CPU on ". host ." is at ". CPU
For incidents, the required arguments are category, shortdescription, and contacttype. For events, the required arguments are node, resource, type, and severity.