Alert - Overall Event Count
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-31-2022 01:52 PM
We recently had an issue where events were being created and grouped in an Alert (see attachment).
Do you know what is causing the grouping and what stopped the grouping so a second (and third and fourth over time) incident could be created?
(I'm suspecting a business rule or system property)
- Labels:
-
Event Management
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-11-2022 04:07 AM
First, check the group column.
For more info, please follow this link
https://docs.servicenow.com/bundle/rome-it-operations-management/page/product/event-management/concept/Alert-Groups.html
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-29-2022 01:01 PM
Hi JJ
When the Overall Event Count increases it means that a new Event record [em_event] was created and it had the same message key as an existing Alert. This updates the Alert and reopens it if Alert was closed at that time. Some monitoring tools also closes the Alert by sending a clear event.
There are some Event Management sys properties that decides what to do when Alerts closes or reopens. See Event Management->Administration->Event Management Properties.
