Introduction

The ServiceNow ITOM AIOps solution keeps on innovating and raising the bar for AIOps. Each quarter, we have been releasing amazing features, as you already saw in my article from June, and August has been no exception.

 

In this article, I am back to tell you all about the amazing features that the ITOM AIOps team has released in August 2024 and the outcomes that they help achieve. Keep reading, all the new features are worth it!

 

Spotlight - Alert Automation GA

Alert Automation enables organizations to use and intuitive UX to automate alert processing of alert enrichment, grouping & response actions. This Alert Automation app was in Innovation Lab, but now it is part of the AIOps Experience Store App meaning that it can be deployed in production environments!

 

In this article, I will be highlighting the new Alert Automation features for ignoring noisy events and alert grouping simulation. Stay tuned for a dedicated Alert Automation blog soon!

 

August 2024 Innovations

Reduce Alert Noise

It is important for users to focus on alerts that impact the business, and not be distracted by noisy alerts that are not actionable issues like “CPU usage is at 40%”. Now, users can easily setup automations to automatically ignore events ¹ with Alert Automation, by defining criteria for which alerts should not be created. Using the criteria, examples of alerts that would have not been created are generated using past data, ensuring the accuracy of the automation once active.

 

 

Improve Alert Correlation Accuracy

Alert grouping is another way to reduce noise, by grouping alerts that may be related rather than having several individual alerts about the same issue. Alerts can be correlated through automated, or rule based alert grouping.

 

All organizations are different and want to prioritize specific automated grouping methods over others. Automated alert grouping types include CMDB, tag based, time pattern, and text similarity. As part of Xanadu, organizations can configure the automated alert correlation sequence² to what works best for their specific needs. Define correlation sequence by Establish a new sequence through the following process:

• Navigate to System Properties > All Properties
• Create a new property with the name: sa_analytics.agg.query.group_logic_order
• Enter the following as the value, and rearrange in desired order for grouping: CMDB,TAG_BASED,PATTERN,TEXTBASE

Through establishing an automated alert correlation order, this enables organizations to have a higher degree of confidence in automated alert grouping.

 

When defining alert correlation criteria for rule based alert groups, it is difficult to understand what the impact will be on real production alerts when relying on sub production data. Alert grouping simulation ³ can now be used to see the results of alert grouping rules on real past alert data and enables users to proactively fine tune and iterate on the criteria until the desired simulated outcome is achieved. The ability to simulate alert grouping while defining the criteria increases grouping accuracy and reduces time and complexity by enabling production testing through using past alerts to run the simulations.

 

 

However, if alerts are inaccurately grouped together, users can now easily remove alerts from alert groups ⁴ through Express List quick actions or in the alert panel of an alert group. Removing alerts ensures accuracy of alert groups and allows users to focus on only relevant alerts.

 

 

 

Expanded OOTB Monitoring Capabilities -  ServiceNow syslog Monitoring using Health Log Analytics & New Dynatrace Metric Definition 

Out of the box (OOTB) capabilities are the easiest way for organizations to use ServiceNow. In August, we have released more OOTB options for HLA and Metric Intelligence data inputs.

 

Organizations are already using ServiceNow AIOps to monitor as many services as possible, but what about the ServiceNow instance itself? The August release allows organizations to leverage Health Log Analytics (HLA) to monitor ServiceNow logs ⁵ to detect any anomalies and raise them as actionable alerts before impacting ServiceNow users.

 

 

Getting syslog monitoring with HLA up and running takes less time than reading this blog, just a few clicks to setup the new HLA data input Glide Sys Log Retriever - Streams logs from glide syslog table, and no MID server is needed!

 

 

There is also now the option seamlessly integrate Dynatrace Metrics with ServiceNow AIOps. Where users can easily setup and stream metrics from Dynatrace with the new Dynatrace Metrics OOTB Connector Definition ⁶  to identify anomalous behaviour using Metric Intelligence. As a result, organizations can easily centralize actionable alerts raised using Dynatrace metrics with alerts from all other integrated monitoring tools

 

Enhanced Experience for Analyzing & Actioning Alerts

Analysis and actioning of alerts are both important activities associated with alerts that users are constantly doing, and it is important that the experience for these activities is as seamless and efficient as possible to reduce MTTR and business impact.

 

When analyzing alerts, the Unified Service Map and Metric Explorer can now be accessed natively in the Service Operations Workspace ⁷ while viewing the impacted services of an alert in Express List or the Service Dashboard.

 

 

The Unified Service Map and Metric Explorer is opened within the workspace, where users can quickly understand the impact of the alert on other CIs and quickly navigate back to Express List.

 

 

In situations where users know that they need to create an incident for an alert, users have the new option to harness the power of Alert Analysis in incidents ⁸. Where Alert Analysis provides alert insight and clarity to users through GenAI, Alert Analysis can now be populated into the Incident forms created from alerts. This streamlines analysis the process between Alerts and Incidents and improves the operator experience regardless of which form is used.

 

 

While other times, users know exactly how to action alerts coming in and sometimes it can be a flood of alerts that need to be actioned at once. In Express List, all filtered or searched alerts, up to 1000, can now be bulk selected ⁹ and general quick actions can be applied to all alerts, eliminating the headache of selecting many alerts individually. All selected alerts in Express List can also be unselected using the same button.

 

 

Licensing Requirements

The capabilities mentioned in this document, except for Health Log Analytics and Alert Analysis, are available through the ITOM Professional. Health Log Analytics is available through ITOM Enterprise. Now Assist for ITOM is available as an add on to existing ITOM Professional/ITOM AIOps Enterprise packages.

Conclusion

ServiceNow ITOM AIOps is continuing to innovation, and we show no signs of stopping. Be sure to try out the newest innovations, and stay up to date on what is coming up through live webinars, Youtube videos, and blogs/articles on ServiceNow Community.

 

¹ Ignore events enhancement is available in August 2024 release of AIOps Experience
² Configure automated alert correlation sequence is available in Xanadu family release
³ Alert group simulation enhancement is available in August 2024 release of AIOps Experience
⁴ Remove alerts from group enhancement is available in August 2024 release of AIOps Experience
⁵ Monitor ServiceNow logs with HLA is available in August 2024 release of Health Log Analytics

⁶ Dynatrace Metric Connector is available in August 2024 release of Event Management Connectors
⁷ Unified Service Map in SOW is available in August 2024 release of Service Operations Workspace Service Map Monitoring
⁸ Alert Analysis in Incidents is available in August 2024 release of Now Assist for IT Operations Management
⁹ Bulk action alerts enhancement is available in August 2024 release of AIOps Experience