Alert - Overall Event Count

JJ20 · ‎01-31-2022

We recently had an issue where events were being created and grouped in an Alert (see attachment).

Do you know what is causing the grouping and what stopped the grouping so a second (and third and fourth over time) incident could be created?

(I'm suspecting a business rule or system property)

Vivek Verma · ‎02-11-2022

First, check the group column.

For more info, please follow this link

https://docs.servicenow.com/bundle/rome-it-operations-management/page/product/event-management/concept/Alert-Groups.html

MortenPettersen · ‎03-29-2022

Hi JJ

When the Overall Event Count increases it means that a new Event record [em_event] was created and it had the same message key as an existing Alert. This updates the Alert and reopens it if Alert was closed at that time. Some monitoring tools also closes the Alert by sending a clear event.

There are some Event Management sys properties that decides what to do when Alerts closes or reopens. See Event Management->Administration->Event Management Properties.