Don't create incident from Alert if there is an ongoing change

Henrik Jutterst
Tera Guru

‎09-08-2023 03:54 AM - edited ‎09-08-2023 04:45 AM

We are using Event Management to monitor the health of our infrastructure and it's working good. But we have a question with this.

 

Example: We are monitoring a server. Now, we need to perform a change on that server so the server will be down for 1 hour. What happens then is that we will start to receive events that the host is down and this will create an Alert for the operators to look into.

 

But since this is a planned change, we don't want to have an incident for this Alert.

What is the idea to handle this from a ServiceNow point of view?

 

Basically; How do I as an operator know that there is no Change on the CI that the Alert reflects?

 

I have a Change Request for the server CI, but even when I send in an event for that server, I can't see any Change Request for that specific CI.

 

HenrikJutterst_0-1694170403724.png

 

Labels:
0 Helpfuls
  • 662 Views
9 REPLIES 9

Prabu Velayutha
Mega Sage
In response to Henrik Jutterst

‎09-08-2023 06:41 AM - edited ‎09-08-2023 06:43 AM

Hi @Henrik Jutterst  in order to view the active CRs associated to a CI we can create report Task_CI table, Also if you have Service mapping implemented for Operator Work Space they can navigate to the impacted application Service Map and view the associated Incidents, CR, Problem, Event, etc. 

 

But I don't think it is a feasible solution remove a CI from an active CR after it is move to Scheduled State because there are some OOB BRs to monitor and restrict the CIs getting removed from the Scheduled CR.  Also based on CR type Normal and emergency may go for approvals from CAB team so after approval, if any changes to the affected CI list should be resubmitted for approval.

 

With regards to Incident suppression for event I have implemented based on Outage Task, Also the monitoring tools like Zabix, SCOM, etc can include the maintenance flag in the Events which can be found in additional information field used to that suppress incident at the Event level.

 

If my response helps to solve your issue. Kindly mark it as helpful & accept solution. It will be helpful for future readers!

Henrik Jutterst
Tera Guru
In response to Prabu Velayutha

‎09-08-2023 07:45 AM

Thanks for the input @Prabu Velayutha!
But I still don't understand why I can't see any Change Request on the Alert, in the list from my original post. Because there is a tab for Change Request.

 

 

But I don't think it is a feasible solution remove a CI from an active CR after it is move to Scheduled State because there are some OOB BRs to monitor and restrict the CIs getting removed from the Scheduled CR.  Also based on CR type Normal and emergency may go for approvals from CAB team so after approval, if any changes to the affected CI list should be resubmitted for approval.

 

Not sure I understand what you mean by this. But I don't want to change the state of a Change Request just to have it in the list 🙂

0 Helpfuls

Prabu Velayutha
Mega Sage
In response to Henrik Jutterst

‎09-08-2023 10:43 AM

@Henrik Jutterst  You can check the relationship configuration of the CI change request related list. Please find the steps for navigation below

 

System Definition -> Relationship -> Open the "Alert Insight CI Change Requests" record

 

Review the Script include "EmAiInsigh" and the function "getSameCiTaskQuery"

 

For CR query is only for the following states Implement:-1, review:0 and closed:3, The CRs in other state are not queried , you can customize the Script include function line 209 to add additional CR states to be queried an displayed.

 

If my response helps to solve your issue kindly mark it as helpful & Accept the Solution. 

0 Helpfuls

Henrik Jutterst
Tera Guru
In response to shri5

‎09-08-2023 04:59 AM - edited ‎09-08-2023 05:02 AM

Just digging arround in the instance it sounds like the Maintenance check box is the solution here.

So, create a Maintenance Rule and make sure that the criteria matches so that the Maintenance checkbox on the Alert is "true".

 

HenrikJutterst_0-1694174378847.png
Fig. 01 - Out of box Maintenance Rule to set Alert in Maintenance if there is an active Change on the CI.

 

0 Helpfuls

Prabu Velayutha
Mega Sage

‎09-08-2023 09:52 AM - edited ‎09-08-2023 09:53 AM

@Henrik Jutterst  did the alert bind with the correct CI? Hope the CI field on the Alert is populated?

 

Also is there a duplicate CI so the Alert and CR were associated with the same CIs which are duplicate of each other which could be a potential cause 😊

 

I'm trying to find the query for the related list of CI change request on the Alert form, this can provide some details. I will keep you posted.

0 Helpfuls