SD event management notes

Keypoints
*********
he rollback window is 10 days by default. You can customize this window by modifying the glide.rollback.expiration_days property. 
ServiceNow can restore an instance to any point in time, regardless of when a backup is completed. Customer Service and Support provides support 24 hours a day, 7 days a week for assistance with critical post-upgrade issues.

IT Operations Management

Get better visibility into your infrastructure and services, prevent service outages, and expand your organization's operational agility with ServiceNow® IT Operations Management.

See more and do more with IT Operations Management
Accelerate your cloud strategy with IT Operations Management. Improve your organization's cloud utilization, drive down costs, automate requests, and aid in approvals and governance of the infrastructure that supports native cloud environments.

View and download the full infocard for a highlight of IT Operations Management features.

Gain visibility    
Get visibility into your infrastructure and services

Take charge of your infrastructure and services from one source. Improve service quality, strengthen change processes, reduce risk, optimize your infrastructure spend, and minimize software compliance issues.

Diagnose service issues    
Avoid and solve service issues effectively

Free up your IT staff from time-consuming, error-prone tasks and drive down service outages with AIOps. Accelerate issue resolution with relevant and contextual change, problem, and incident data.

Get visibility into your infrastructure and services
Visibility into discovered resources
Instantly see the service impact of your infrastructure issues and changes, simplify root-cause analysis, and reduce mean time to repair (MTTR). End-to-end discovery and service mapping gives you an accurate, up-to-date CMDB view of your IT infrastructure and services. The resulting complete and reliable record is used by other ServiceNow applications, such as ITOM Health, ITOM Optimization, and Software Asset Management. In this way, you can improve service quality, strengthen change processes, reduce risk, optimize infrastructure spend, and minimize software compliance issues. For more information, see ITOM Visibility.

Avoid and solve service issues effectively
Events prioritized on the dashboard
ITOM Health uses the power of AIOps to turn events into actionable alerts. Pinpoint service issues and rapidly identify and remediate the root cause. Unlike legacy event management systems, which are static and rule based, ITOM Health applies machine learning and advanced analytics to correlate events, adapting automatically to rapidly evolving virtualized and cloud environments. For more information, see ITOM Health.

The Now Platform® platform uses a licensing method where your organization is billed for using the following IT Operations Management products: ServiceNow® ITOM Visibility, ServiceNow® ITOM Discovery, ServiceNow® ITOM Health, Health Log Analytics, ServiceNow® ITOM Optimization, and ServiceNow® ITOM Governance.
For more information, see Subscriptions for IT Operations Management.

Accelerate cloud strategy and reduce costs
A powerful cloud governance model
\
Get started
Work with an implementation specialist to achieve your desired business outcomes. To learn more, visit the Customer Success Center.
Choose the training that’s best for you at the Now Learning center.
Learn
What is AIOps?
What is a configuration management database (CMDB)?
What is IT operations (ITOps)?
Applications and features
ITOM licensing and subscriptions
ITOM Governance
ITOM Visibility
Visibility: Discovery
Visibility: Service Mapping
ITOM Health
Health: Event Management
Health: Health Log Analytics
Health: Agent Client Collector
ITOM Optimization
Optimization: Cloud Provisioning and Governan

Event Management MID Web Server extension form
https://docs.servicenow.com/bundle/sandiego-it-operations-management/page/product/event-management/reference/configure-midwebserver-extension-form.html

Tag-based alert clustering

San Diego
Tag-based alert clustering enables you to easily create groups of alerts. It is a non-code method of alert grouping that correlates alerts without having to use CMDB or model training. This simpler way of grouping similar alerts reduces the overall noise of a large quantity of alerts.

Tag-based alert clustering is enabled immediately after activation of the Tag-Based Alert Clustering Engine application available in the ServiceNow Store. This clustering works in parallel with existing ServiceNow alert correlation algorithms. Alert clustering tags are attached to definitions on a many-to-many (M2M) basis. Multiple tags can belong to a single definition, and tags can belong to more than one definition.

Create alert clustering tags

San Diego
Alert clustering tags represent an improved way to correlate alerts. Alerts with identical or similar tags (depending on the configured match method) are joined together to form a group.
Create an alert clustering definition

San Diego
An alert clustering definition determines the conditions that must be met for invoking one or more alert clustering tags. Alert clustering tags enable you to create an alert group from fewer alerts.

Event Management tag based alert clustering tag form

San Diego
The form for creating or modifying a tag based alert clustering tag displays detailed information about the tag.

Tag based alert clustering tag form
Field    Description
Name    Name of the clustering tag. Defaults to a description of the configured tag (such as, Exact match on Alert Field "metric name").
The default name is visible only after saving the tag.

Tag names must be unique.

Customized name    Select the check box to customize the value in the Name field.
Domain    The domain in which the current record was created. Read-only.
Description    Enter an optional description of the tag.
Source    Select the source from which to choose the field to be matched.
Alert Field
Alert Additional Info
Alert CI
Alert CI Key
If you select Alert Additional Info, choose an Additional Info Key instead of a field.

Selected field    Indicate the field that has to match between alerts for the alerts to be included in a group.
Appears when you select Alert Field or Alert CI in the Source field.

Additional info key    Indicate the Additional Information key that has to match between alerts for the alerts to be included in a group.
Appears when you select Alert Additional Info in the Source field.

CMDB key    Indicate the CMDB key to match for the alerts to be included in a group.
Appears when you select Alert CI Key in the Source field.

Match method    Select the type of match required for the alerts to be included in a group.
Exact: Indicates that the field value must be an exact match for the alert to be included in a group.
For example, you can configure an alert clustering tag indicating that the alert's Metric name field must be an exact match to form a group. When invoking that tag, all alerts with identical values in the Metric name field are included in the same group.

Fuzzy: Indicates that the field value needs to be an approximate match (depending on the value configured in the Similarity field) for the alert to be included in a group.
Pattern: Indicates that the field value needs to follow the pattern in the Pattern field. For correct syntax and usage examples, see Pattern matching.
Similarity    Specify the similarity percentage that must be met by the alerts to be included in a group. For example, entering 50 indicates that at least 50 percent of the indicated value must appear in the alert for the alert to be included in the group.
Appears only when Fuzzy is selected as the Match Method value.

Default value = 90

Event Management tag based alert clustering definition form

San Diego
The form for creating or modifying a tag based alert clustering definition displays detailed information about the definition.

Tag based alert clustering definition form
Field    Description
Name    Name of the alert clustering definition.
Definition names must be unique.

Active    Select to activate the definition. This option is selected by default.
Order    The order by which definitions are tested for incoming alerts. Those with lower Order values are tested first.
When an alert matches one of the definitions' filters, it continues searching for more definitions.

Default value = 1000

Domain    The domain in which the current record was created. Read-only.
Description    Enter an optional description of the alert clustering definition.
Filter    Set conditions that incoming alerts must meet to be measured by the alert clustering definition's tags. If the tags correspond to alerts that exist in the system and are within the Clustering timeframe (minutes) value, the incoming alerts join with the existing alerts to form an alert group.
After configuring the filter, you can click the Preview button to view how many existing alerts match the filter's condition.
Note:
Matching alerts are not automatically included together in an alert group. Alerts are grouped only if they have corresponding alert clustering tags.
Filter parameters are case sensitive by default. To disable case sensitivity, set the sa_analytics.correlation_case_sensitive parameter to false.
You can also configure alert fields to be excluded from the search, using the sn_em_tbac.tag_excluded_alert_fields property. By default, the following are excluded by this property:
type
event_class
Clustering timeframe (minutes)    The maximum time, in minutes, allowed between alerts for the alerts to be grouped together. For example, a value of 60 indicates that an alert generated within 60 minutes of the most recent alert is included in the alert group. Any alert generated after this time is not included in the alert group.
Default value = 60

Permitted values = 0-1440

Tag Based Alert Clustering Definitions Tags M2M    Select the alert clustering tags to be assigned to the alert clustering definition. Alerts that meet the criteria specified in the selected tags are included in the alert group.
The available options are the tags created on the Tag Based Alert Clustering Tags page.

Alerts are grouped either automatically or manually into (R)ule-based, (A)utomated, (M)anual, (C)MDB, or (T)ext alert groups. Grouping alerts enables you to narrow down problems by focusing on the primary alerts in the correlated group.

Reference : https://community.servicenow.com/community?id=community_article&sys_id=c7bf71b01bf54910cdd555fa234bcbd4

Create alert groups to combine similar alerts that meet the specified criteria.

Alerts that do not contain a CI can be grouped together as text-based or pattern-based alert groups. To enable this functionality, set the sa_analytics.enable_no_ci_grouping property to true. When working with pattern-based groups, ensure that the Feature Identifier includes both node and metric name. For details on configuring the feature identifier, see Learned Patterns report.