Join the #BuildWithBuildAgent Challenge! Get recognized, earn exclusive swag, and inspire the ServiceNow Community with what you can build using Build Agent.  Join the Challenge.

What is the difference between alert changes to filter and alert matches to filter in event mngt?

Go to solution
Akash Kadam
Tera Contributor

‎04-12-2023 03:07 AM

What is the difference between alert changes to filter and alert matches to filter in alert management rule in event management?

In the "Alert Filter" section of the Alert Management Rules, you will find a "Rule is activated when" field.

I know there are "Alert changes to filter" and "Alert matches filter" as choices, but I would like to know the difference between these.
I have read the documentation, but I don't really understand it and would appreciate it if you could explain it in more detail.

0 Helpfuls
  • 1,421 Views
1 ACCEPTED SOLUTION

Go to solution
Amit Gujarathi
Giga Sage
Giga Sage
In response to Akash Kadam

‎04-13-2023 02:26 AM

Hi @Akash Kadam ,
Please find below usecase .

Use case: An organization has a critical server that they need to monitor for uptime. They want to be notified as soon as the server goes down, but they also want to be alerted if the server stays down for an extended period.

Scenario 1: "Alert changes to filter"

In this scenario, the organization sets up an Alert Management Rule with the "Alert Filter" section set to "Alert changes to filter." They configure the filter to look for alerts where the server is down. They set up an email notification to be sent to the IT team when this rule is activated.

Initially, the server is up and running, and no alerts are generated. When the server goes down, an alert is generated, and the Alert Management Rule is activated because the alert changes to match the filter. The IT team receives an email notification about the server going down.

Later, the server comes back up, and another alert is generated. However, the Alert Management Rule is not activated because the alert changes back to not match the filter. The IT team does not receive any notification about the server coming back up.

Scenario 2: "Alert matches filter"

In this scenario, the organization sets up an Alert Management Rule with the "Alert Filter" section set to "Alert matches filter." They configure the filter to look for alerts where the server is down. They set up an email notification to be sent to the IT team when this rule is activated.

Initially, the server is up and running, and no alerts are generated. When the server goes down, an alert is generated, and the Alert Management Rule is activated because the alert matches the filter. The IT team receives an email notification about the server going down.

Later, the server comes back up, and another alert is generated. The Alert Management Rule is activated again because the alert matches the filter. The IT team receives an email notification about the server coming back up.


Was this answer helpful?


Please consider marking it correct or helpful.


Your feedback helps us improve!


Thank you!


Regards,


Amit Gujrathi



View solution in original post

4 REPLIES 4

Go to solution
Amit Gujarathi
Giga Sage
Giga Sage

‎04-12-2023 03:27 AM

Hi @Akash Kadam ,
I trust you are doing good,

In Alert Management Rules, the "Alert Filter" section has a field called "Rule is activated when," where you can choose between "Alert changes to filter" and "Alert matches filter."

"Alert changes to filter" means that the rule is activated when an alert that previously did not match the filter now matches the filter. This is useful when you want to be notified when a specific condition is met, such as when a server goes down.

On the other hand, "Alert matches filter" means that the rule is activated when an alert matches the filter, regardless of whether it previously matched the filter or not. This is useful when you want to be notified every time a certain condition is met, such as when a particular event occurs.

 

Please mark correct if its helpful .

Regards,

Amit Gujarathi


Was this answer helpful?


Please consider marking it correct or helpful.


Your feedback helps us improve!


Thank you!


Regards,


Amit Gujrathi



Go to solution
Akash Kadam
Tera Contributor
In response to Amit Gujarathi

‎04-13-2023 12:04 AM

Thank you, @Amit Gujarathi. Can you provide some use case that I can understand better?

0 Helpfuls

Go to solution
Amit Gujarathi
Giga Sage
Giga Sage
In response to Akash Kadam

‎04-13-2023 02:26 AM

Hi @Akash Kadam ,
Please find below usecase .

Use case: An organization has a critical server that they need to monitor for uptime. They want to be notified as soon as the server goes down, but they also want to be alerted if the server stays down for an extended period.

Scenario 1: "Alert changes to filter"

In this scenario, the organization sets up an Alert Management Rule with the "Alert Filter" section set to "Alert changes to filter." They configure the filter to look for alerts where the server is down. They set up an email notification to be sent to the IT team when this rule is activated.

Initially, the server is up and running, and no alerts are generated. When the server goes down, an alert is generated, and the Alert Management Rule is activated because the alert changes to match the filter. The IT team receives an email notification about the server going down.

Later, the server comes back up, and another alert is generated. However, the Alert Management Rule is not activated because the alert changes back to not match the filter. The IT team does not receive any notification about the server coming back up.

Scenario 2: "Alert matches filter"

In this scenario, the organization sets up an Alert Management Rule with the "Alert Filter" section set to "Alert matches filter." They configure the filter to look for alerts where the server is down. They set up an email notification to be sent to the IT team when this rule is activated.

Initially, the server is up and running, and no alerts are generated. When the server goes down, an alert is generated, and the Alert Management Rule is activated because the alert matches the filter. The IT team receives an email notification about the server going down.

Later, the server comes back up, and another alert is generated. The Alert Management Rule is activated again because the alert matches the filter. The IT team receives an email notification about the server coming back up.


Was this answer helpful?


Please consider marking it correct or helpful.


Your feedback helps us improve!


Thank you!


Regards,


Amit Gujrathi



Go to solution
Akash Kadam
Tera Contributor
In response to Amit Gujarathi

‎04-14-2023 12:52 AM

Thank you @Amit Gujarathi for the detailed use case, I have one question when I tried to implement it 

but the email is not triggering with the sub-flow of the alert management rule can you please justify how to trigger an email from the alert management rule?

0 Helpfuls