
- Post History
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
on 07-27-2020 11:29 AM
Introduction:-
ServiceNow always release's fixes and new features to modules to make them better day by day. Today in this article we will touch on few points about event management improvement and new features in Paris release. We are already in Orlando with so many new nice things for EM and now we have Paris which is again exiting journey and waiting for this release to be available for customers. Event management is categorized as a ITOM health which helps us to monitor the health of network and CMDB and in health monitoring we also have operational intelligence in place.
Lets start with New Features first and then improvements to existing features.
New Features:
1) Landing page for alerts:
This is added to give an operator a overview of the alert / alert group where you can see the CIs in group, alerts in group as well as the new feature Probable root cause. Last but not the least it also shows the impacted Services due to this alert. Now there is a criteria to show this overview tab meaning if you have a CI assigned to the alert then it is shown there. We can also see notification for alerts if the predefined condition is met like priority is high or critical.
2) Probable Root Cause Analysis (RCA):
Wonderful features which looks at the CI relationships and changes attached to that CI and then gives you a estimate/score of root cause analysis. This is also a part of Overview tab which helps operator to quickly navigate through changes attached to this CIs and alerts. Oh yes this RCA has a filter which can be refined as well. This is now closely coupled with ITSM process which helps in decision mapping. Below image shows the Reasoning for root cause and the score of the root cause.
More things here: https://docs.servicenow.com/bundle/paris-it-operations-management/page/product/event-management/conc...
3) Dynamic Form layout:
As the name explains, this is a alert form layout on workspace which shows the details of alert based on the alert which you are seeing. Meaning if you see CMDB CI grouped alert then you may see something different in Overview tab, if you see automated grouped alert then some other information. One Point which i will like to focus in the action tab meaning on native for we have quick actions it has been move to form section as shown below. In orlando it was still like a button but in paris we have it as below.
4) NLP alert groups:
My favorite and i believe this feature will bring more value for customers to automatically group alerts using keywords. This will bring more ML/AIOps into picture and create the patterns for grouping, i must say that this is awesome feature. We only have one dependency and that is Predictive Intelligence for this as we have to train the data for ML to work.
5) Alert Grouping based on generalized patterns :
In Orlando, we had a CMDB grouping based on CI and its relationships. But now we have a enhanced feature where you can do a grouping based on CI Class or CI or both, sounds awesome right. This has to be activated by enabling a property.
6) Create a user view in Operator Workspace:
Now this is awesome, this always operators to create their own workspace view as per their own filters. But there is a nice element here which specifics if the form you create is private view and if an event management admin creates it then it is global view. You can have multiple view and you can select them as show below.
Changed Features:
1) Enhanced Alert Intelligence form:
You can see that the Quick button from Orlando is removed and it is created as a pane now and secondary alerts tabs is changed to Alerts in group. You can see that in above images.
2) Root Cause Analysis:
Probable Root cause analysis is substitution for Root Cause Analysis and it is now separated from Alert aggregation.
3) Unique nodes for license calculation:
Improvements to the scheduled job : Event Management - Node Count which helps in license count and utilization of EM module. Calculate CI Nodes mapped to alert is counted as one license and if the CI is not binded to alert then event node is used to calculate the license.
4) CSDM enhancements:
Technical Service is now named as "Dynamic CI Groups".
5) Custom Alert States and Alert Queries:
Allowing to filter out the non-supported state while alert processing. Also now we can group alerts based on a filter condition which is called as "Alert Queries". See above image in Paris release you see alert queries and not in Orlando.
Like wise we have many other changes which are listed in this link:https://docs.servicenow.com/bundle/paris-release-notes/page/release-notes/it-operations-management/e...
Removed Feature:
1) Event management dashboard is removed.
2) Remediation task is removed in Paris version instances.
This was just a snap shot of the new , changed and removed feature in event management module. There are many things here and there which are changed and i urge you to look at the release notes to get in-depth knowledge, i tried my level best to explain them. Do look at my video which shows this changes and i explained that in there as well.
YouTube Video Link : https://youtu.be/VQss7PZMjSg
Please don’t forget to mark helpful ,bookmark this article and subscribe my Youtube channel.
Thanks and Regards,
Ashutosh Munot
- 4,504 Views
- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
very cool..keep it coming

- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
just wanted to add an addition since we had some customers that still want to use the legacy event dashboard (not sure why but they are out there 🙂 ) ... in this case they can add this to the URL "/$sw_dashboards.do" (or expose in navi panel)

- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
Thanks Ryan - IDK why someone would want it but inevitably someone will ask ... lol

- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
Hahaha. Yeah i dont know why they wont that either. But thanks for addition for our demanding customers.
Thanks,
Ashutosh
- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
Great
- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
Great Post,
Any idea, on why is the remediation task removed from this version and what is the alternative to the alert remediation

- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
Remediation is still in ServiceNow documentation for Paris. It is that they still haven't got around to upgrading the documents?

- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
Hi,
If you check the Removed Feature it says it is remove from new instance but orlando to Paris upgrade will have it and i think we will not get updates to it in future.
Thanks,
Ashutosh

- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
Remediation Task was removed in favor of using workflow now which does not place a record on the remediation task table.

- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
Exactly. Ryan Said it all.

- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
Thanks

- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
What happens when the CI does not exist in the CMDB? How do you create the incident from the alert if there is no CI to select on the incident form? Can Dynamic CI group be used in it's place?

- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
while you can promote an alert to an incident with the configuration_item attribute empty, its not recommended - as the operator won't know what to work. Its best practice to have a solid binding strategy to ensure that alerts are bound to the proper CI's.
- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
Awesome. Thanks for sharing!

- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
+1 on What Ryan said.
We personally have a rule in flow designer that if the CI is absent dont create a incident and put comments in alert about it.
Operator knows that and then we manually selects the CI and creates a incident with Quick responses.
Thanks,
Ashutosh
- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content

- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
So what is the process if the CI does not exist? Bind to a non-host CI?
Thinking:
If I do not have the CI, lets say a server that has 2008 operating system. I have a dynamic CI group for 2008 Windows Servers. That at least gets me close to what CI it might be that is having an issue.
or
Should I determine the Application Service that is related to the offending 2008 server and then use that as a CI.
Of course, ideally we would want the CI, but that is not always the case.

- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
Hi,
Even to bind to a non host CI you need relationship and CI present. You can always bind to Dynamic CI group record but then you need to have a specific event rule for that and one important point is if one event rule is matched then other wont be processed so you have to order them wisely.
Thanks,
Ashutosh