How come itom engineer will understand the alert/incident at the application service level?
If alerts are intentionally mapped to a non‑host CI such as an Application Service to notify the application team about service degradation, how can the team still identify which downstream infrastructure CI actually caused the issue?