Duplicate incidents are created in automated alert correlation

Go to solution
Powshika B
Tera Contributor

‎06-21-2023 11:29 PM - edited ‎06-22-2023 07:39 AM

Hi @Ankur Bawiskar 

 

In Event Management,

Event E1 - 7.00(Time of event)---> Alert A1 is generated---> Incident INC1 is created
Event E2(same event with different message key) - 7.02-----> Alert A2 is generated(secondary alert, since pattern matches which is defined in automated alert correlation) ------> No incident created

 

Since A1 and A2 are grouped based on automated alert correlation, Virtual alert is generated as primary alert and incident INC2 is created

 

Now INC2 will become duplicate incident of INC1, Then what is the purpose of grouping? Is this how it actually works?

0 Helpfuls
  • 981 Views
1 ACCEPTED SOLUTION

Go to solution
Rahul Priyadars
Tera Sage
Tera Sage

‎06-22-2023 08:14 PM

Now INC2 will become duplicate incident of INC1, Then what is the purpose of grouping? Is this how it actually works?---> This is how it actually works. Same behavior also in case of CMDB based alert grouping.

 

Imagine for ur case instead of 2 50 event arrived and alert genertaed-- If it matches the pattern then Automated Grouping will happen and 1 Primary Incident will be Created corresponding to Primary Alert  and rest attached you know.

 

Regards

RP

View solution in original post

5 REPLIES 5

Go to solution
Namrata8
Tera Contributor
In response to Rahul Priyadars

‎03-15-2024 05:45 AM

Hi Rahul,

 

Is this solution or behavior is mentioned in anywhere in ServiceNow docs?

Thanks in advance.

0 Helpfuls