Introduction

The ServiceNow ITOM AIOps solution leverages the ITOM Health product to ingests events, logs, metrics and traces from applications and monitoring tools to generate meaningful and actionable alerts.

The workspace of an AIOps user is the Service Operations 

Workspace (SOW). In the SOW, users can configure monitoring tool integrations, alert enrichment, alert escalation, alert remediation, and more. While operators can monitor and analyze incoming alerts, remediate issues, and escalate alerts in the SOW. Both users are able to intuitively navigate through the SOW with ease to perform their responsibilities.

In this article I will be discussing the many innovations being released for ITOM AIOps this June 2024, and how they are integrated into the existing AIOps Experience! See this blog for an overview of the May and June release.

Data Ingestion

Integration Launchpad provides a straightforward experience to configure AIOps integrations of 3rd party monitoring tools. This enables organizations to confidently and easily manage integrations, through a guided setup experience for out of the box (OOTB) connectors or custom connectors for non-OOTB supported monitoring tools.

Integration Health¹ can by monitored through an overview of performance using recent events, where the value or improvement needed for noise reduction of alerts can be realized. And get suggestions on how to improve core alert aspects of alert health, including – alert suppression, CI binding, metric name mapping, and new alert tags.

By leveraging Service Reliability Management² (SRM), distributed teams can also setup and manage their own integrations.

Alert Enrichment, Grouping & Escalation

With events, logs and metrics being streamed into ServiceNow, there are configuration options for organizations to enrich the alerts with more information, group similar alerts to reduce noise, and for automatic escalation. Alert Automation³ provides a single page experience to set up Event Management related automations within the SOW. Within the SOW, users can easily define how alerts are enriched, grouped, and escalated.

For alerts that need to be escalated, rules can easily be defined for specific alerts in Alert Automation to create an incident or outbound webhook⁴ to send POST requests dynamically populated with alert information to 3^rd party tools for further remediation or notification.

Analyzing Alerts

Alerts are actionable issues that need to be further analyzed and resolved. AIOps provides all the necessary tools for teams that manage alerts to quickly understand alerts, the impact to the business, and how to remediate the issue. Express List is a live alert list in SOW that provides the ultimate experience for an operator to monitor, understand, and resolve alerts. Alert filters on Express List can be dynamically managed for groups or individuals through Express List View.

The Express List experience enables users to actively monitor the alerts that they are responsible for and quickly action them. There is now a free text search that allows you to search on the all the filtered alerts on your list by the following fields - metric name, node, alert number, alert tags, additional information, or description.

Keyboard shortcuts have also been introduced to Express list, allowing you to, with the utmost speed, perform actions including, but not limited to:

• Moving between alert rows
• Opening an alert record
• Acknowledging an alert
• Assigning an alert to yourself
• Closing an alert
• Creating an incident
• Free text search

And there are many more shortcuts! The information for available keyboard shortcuts can be found in a Help Center help article, while in the Express List.

While to increase efficiency of analyzing alerts, there is a side panel that pops out when drilling down into alert information. The side panel includes presents the user with useful information for analysis, including the option to use Generative AI to analyze alerts through Now Assist for ITOM Alert Analysis⁵ which generates an alert summary and analysis of individual alerts or alert groups. Alert Analysis empowers users to action alerts on their own, and decreasing MTTR by providing necessary information like remediation suggestions, reducing the reliance on other team members and additional research outside of ServiceNow.

Alert groups can reduce noise in the Express List, but can be time consuming to analyze due to the need to look through each individual alert of the group to understand the full context of the grouping. Alert Analysis alert group simplification⁶ can generate a summary of these alert groups so that users can easily understand why the alert group was created, through being enriched with contextual data from the CMDB and alert timings.

Group Timeline⁷, natively part of the Express List experience, is a visualization and list of all the alerts in an alert group with timelines reflecting the alert state and severity. This feature help users understand alert groups by identifying the sequence and change of severity and state to easily understand and perform root cause analysis. 

Link View⁸ generates a topological map of alert groups based on alert tag or CMDB relationships. This visualization enables users to understand the business impact and blast radius of alert groups. The relationship between alerts can be viewed through a converged view of alerts, tags, CMDB data, and more, to improve root cause analysis and prioritization.

Licensing Requirements

The capabilities mentioned in this document, with the exception Now Assist for ITOM, are available through the ITOM Professional/Enterprise package. Now Assist for ITOM is available as an add on to existing ITOM Professional/ITOM AIOps Enterprise packages.

Conclusion

ServiceNow ITOM AIOps has already released and is set to release many new features. Be sure to try out the newest innovations, and stay up to date on what is coming up through live webinars, Youtube videos, and blogs on ServiceNow Community.