I am hoping someone can explain the attributes being made available within the Incident Object for the action plugins. Also is there any documentation for the information made available to Action Plugins when an Incident is triggered.
1) Why are there multiple (often duplicate) violation measure values?
A couple examples:
Host Measure Example
2) Are the violation measure values (within the Violation Collection) populated in the same order as the Agents (in the AgentSource Collection) or should we be using the measure source to pull agent/host information?
3) In the PurePath Example above why are new agents added to an existing incident after it starts instead of triggering a new incident?
Incidents are based on Measures and these Measures are evaluated across your Evaluation Timeframe. So - it is possible that multiple measure values were evaluated that than triggered the Incident. This is why you might get multiple measures and multiple values.
I guess we would need a bit more information on your Incident Definition, which measures you use for your Condition and also which PurePaths come in in the evaluation timeframe that start and end your Incident. This might be a longer exercise 🙂
I think there is some good documentation on how the Action Plugin Interface works. I believe I also did a YouTube Tutorial on creating Plugins and what data goes into the Acton Plugin. You can find that tutorial on http://bit.ly/dttutorials - > search for Plugins