Ashutosh Munot1
Kilo Patron
Kilo Patron

Introduction:-

ServiceNow always release's fixes and new features to modules to make them better day by day. Today in this article we will touch on few points about event management improvement and new features in Paris release. We are already in Orlando with so many new nice things for EM and now we have Paris which is again exiting journey and waiting for this release to be available for customers. Event management is categorized as a ITOM health which helps us to monitor the health of network and CMDB and in health monitoring we also have operational intelligence in place.

Lets start with New Features first and then improvements to existing features.

New Features:

1) Landing page for alerts: 

This is added to give an operator a overview of the alert / alert group where you can see the CIs in group, alerts in group as well as the new feature Probable root cause. Last but not the least it also shows the impacted Services due to this alert. Now there is a criteria to show this overview tab meaning if you have a CI assigned to the alert then it is shown there. We can also see notification for alerts if the predefined condition is met like priority is high or critical.

find_real_file.png

 

2) Probable Root Cause Analysis (RCA):

Wonderful features which looks at the CI relationships and changes attached to that CI and then gives you a estimate/score of root cause analysis. This is also a part of Overview tab which helps operator to quickly navigate through changes attached to this CIs and alerts. Oh yes this RCA has a filter which can be refined as well. This is now closely coupled with ITSM process which helps in decision mapping. Below image shows the Reasoning for root cause and the score of the root cause.

More things here: https://docs.servicenow.com/bundle/paris-it-operations-management/page/product/event-management/conc...

find_real_file.png

 

3) Dynamic Form layout: 

As the name explains, this is a alert form layout on workspace which shows the details of alert based on the alert which you are seeing. Meaning if you see CMDB CI grouped alert then you may see something different in Overview tab, if you see automated grouped alert then some other information. One Point which i will like to focus in the action tab meaning on native for we have quick actions it has been move to form section as shown below. In orlando it was still like a button but in paris we have it as below.

4) NLP alert groups:

My favorite and i believe this feature will bring more value for customers to automatically group alerts using keywords. This will bring more ML/AIOps into picture and create the patterns for grouping, i must say that this is awesome feature. We only have one dependency and that is Predictive Intelligence for this as we have to train the data for ML to work.

5) Alert Grouping based on generalized patterns :

In Orlando, we had a CMDB grouping based on CI and its relationships. But now we have a enhanced feature where you can do a grouping based on CI Class or CI or both, sounds awesome right. This has to be activated by enabling a property.

6) Create a user view in Operator Workspace:

Now this is awesome, this always operators to create their own workspace view as per their own filters. But there is a nice element here which specifics if the form you create is private view and if an event management admin creates it then it is global view. You can have multiple view and you can select them as show below.

find_real_file.png 

 

Changed Features:

1) Enhanced Alert Intelligence form:

You can see that the Quick button from Orlando is removed and it is created as a pane now and secondary alerts tabs is changed to Alerts in group. You can see that in above images.

find_real_file.png

2) Root Cause Analysis:

Probable Root cause analysis is substitution for Root Cause Analysis and it is now separated from Alert aggregation.

3) Unique nodes for license calculation:

Improvements to the scheduled job : Event Management - Node Count which helps in license count and utilization of EM module. Calculate CI Nodes mapped to alert is counted as one license and if the CI is not binded to alert then event node is used to calculate the license.

4) CSDM enhancements:

Technical Service is now named as "Dynamic CI Groups". 

find_real_file.png

5) Custom Alert States and Alert Queries:

Allowing to filter out the non-supported state while alert processing. Also now we can group alerts based on a filter condition which is called as "Alert Queries". See above image in Paris release you see alert queries and not in Orlando.

Like wise we have many other changes which are listed in this link:https://docs.servicenow.com/bundle/paris-release-notes/page/release-notes/it-operations-management/e...

 

Removed Feature:

1) Event management dashboard is removed.

2) Remediation task is removed in Paris version instances.

 

This was just a snap shot of the new , changed and removed feature in event management module. There are many things here and there which are changed and i urge you to look at the release notes to get in-depth knowledge, i tried my level best to explain them. Do look at my video which shows this changes and i explained that in there as well.

YouTube Video Link : https://youtu.be/VQss7PZMjSg

Please don’t forget to mark helpful ,bookmark this article and subscribe my Youtube channel.

Thanks and Regards,
Ashutosh Munot

ServiceNow MVP 2019/2020

My Article and Blogs

Youtube Channel

 

Comments
Swapnil Meshram
Mega Guru
Very Helpful information.. Thank Ashutosh..👍
Rohan29
Kilo Contributor

very cool..keep it coming

Ryan Zulli
ServiceNow Employee
ServiceNow Employee

just wanted to add an addition since we had some customers that still want to use the legacy event dashboard (not sure why but they are out there 🙂 ) ... in this case they can add this to the URL "/$sw_dashboards.do" (or expose in navi panel)

Bill_Cypert
Kilo Expert

Thanks Ryan - IDK why someone would want it but inevitably someone will ask ... lol

Ashutosh Munot1
Kilo Patron
Kilo Patron

Hahaha. Yeah i dont know why they wont that either. But thanks for addition for our demanding customers.


Thanks,
Ashutosh

Sarita S1
Kilo Contributor

Great

akshaybhardwaj
Mega Guru

Great Post, 

Any idea, on why is the remediation task removed from this version and what is the alternative to the alert remediation

Hitoshi Ozawa
Giga Sage
Giga Sage
Ashutosh Munot1
Kilo Patron
Kilo Patron

Hi,

If you check the Removed Feature it says it is remove from new instance but orlando to Paris upgrade will have it and i think we will not get updates to it in future.


Thanks,
Ashutosh

Ryan Zulli
ServiceNow Employee
ServiceNow Employee

Remediation Task was removed in favor of using workflow now which does not place a record on the remediation task table.

Ashutosh Munot1
Kilo Patron
Kilo Patron

Exactly. Ryan Said it all.

Ashutosh Munot1
Kilo Patron
Kilo Patron

Thanks

Mary Vanatta
Kilo Guru

What happens when the CI does not exist in the CMDB? How do you create the incident from the alert if there is no CI to select on the incident form? Can Dynamic CI group be used in it's place?  




Ryan Zulli
ServiceNow Employee
ServiceNow Employee

while you can promote an alert to an incident with the configuration_item attribute empty, its not recommended - as the operator won't know what to work.  Its best practice to have a solid binding strategy to ensure that alerts are bound to the proper CI's.

Vivektietsood
Tera Guru

Awesome. Thanks for sharing!

Ashutosh Munot1
Kilo Patron
Kilo Patron

+1 on What Ryan said.


We personally have a rule in flow designer that if the CI is absent dont create a incident and put comments in alert about it.


Operator knows that and then we manually selects the CI and creates a incident with Quick responses.


Thanks,
Ashutosh

l_henry
Kilo Contributor



Mary Vanatta
Kilo Guru

So what is the process if the CI does not exist? Bind to a non-host CI?

Thinking:
If I do not have the CI, lets say a server that has 2008 operating system.  I have a dynamic CI group for 2008 Windows Servers.  That at least gets me close to what CI it might be that is having an issue. 

or

Should I determine the Application Service that is related to the offending 2008 server and then use that as a CI. 

Of course, ideally we would want the CI, but that is not always the case.  

Ashutosh Munot1
Kilo Patron
Kilo Patron

Hi,

Even to bind to a non host CI you need relationship and CI present. You can always bind to Dynamic CI group record but then you need to have a specific event rule for that and one important point is if one event rule is matched then other wont be processed so you have to order them wisely.


Thanks,
Ashutosh

Version history
Last update:
‎07-27-2020 11:29 AM
Updated by: