Duplicate task creation with group alerts

Jeffreys Quinti
Tera Contributor

‎03-28-2025 12:42 PM

As you may know, the out of the box correlation(CMDB, Automated, text based, etc.) creates a new Group Alert as a parent record and keeps the real alerts as secondary child alerts.

When using an alert management rules to create Incidents automatically from alerts, if alerts are open more than 1 minute apart:

  • The first alert will create a task.
  • The second alert will trigger the creation of a group Alert
  • The Group Alert will also create a second task.

 

This is a pain point as we must document and close 2 tasks instead of 1.

 

Our solution was to create a business rule that runs when the parent changes, parent is not empty, and task is not empty. The business rules is then a few lines of scripting to take the original created task in the alert that has now become secondary and transfer it to the group alert.

 

As a result, if you get a group alert with alerts that are spaced out time wise, we are not generating a second task, but rather reusing the first generated task.

 

Have you come accross this problem in your instance? if so what was your solution? 

Labels:
  • 675 Views
4 REPLIES 4

Jeff K1
Kilo Guru

‎03-31-2025 05:16 AM

This was a pain point for us as well. And to be honest, all of our customers asked for it to be turned off and that's what we did.

This has been several years now and I have been wondering if I should explore it again in one of our lower environments to see if it's any better now. IT sounds like that same issues exists.

I'd probably do something similar but work something out in a Flow versus a business rule when possible.

Jeffreys Quinti
Tera Contributor

‎04-01-2025 01:11 PM

Hey Jeff,


I understand, we also thought about turning it off as we had multiple users that complained on this behavior.

 

With alert grouping and this business rule, we are able to avoid several thousand tasks per year which is great.

 

You can probably do it with a flow as well, let me know if it works

Jeff K1
Kilo Guru
In response to Jeffreys Quinti

‎04-02-2025 05:42 AM

One issue I have with Alert Grouping is that it can't be controlled per source. There are some sources that didn't mind it.

Something else I'd probably explore with a Flow. Since I've created several flags and things that sources can pass through Additional Info to override various functions in place for processing.

Now I just need to find "free time" to explore it some more in a lower instance. ;-}

Jeffreys Quinti
Tera Contributor
In response to Jeff K1

‎04-02-2025 06:35 AM

You might be able to control grouping per source using "Automatic Group Filter" See documentation here: 

https://www.servicenow.com/docs/bundle/yokohama-it-operations-management/page/product/event-manageme...

I have not used it yet so you will have to find free time 🙂

0 Helpfuls