Event Management alert correlation question

Go to solution
Stacey Shapiro
Tera Expert

‎04-21-2022 10:44 AM

Looking to the community to get ideas on how you achieve alert correlation by location. For example: If a site loses network connectivity, we currently get alerts for the network equipment, ESX hosts and all the VMS that are down. This equates to about 15 to 20 alerts some of which are correlated through CMDB grouping which usually boils it down to 9ish alert groupings that the NOC would be creating incidents for. The grouping does not work the same every time in all locations and it still generates a few CMDB groups. Is there a clean way to correlate all the alerts in a single location within a time frame? I was looking at the tag based alert correlation engine as well as creating my own correlation rules but not sure how to get the rules to work off of a CI Location. 

Thanks in advance for sharing ideas. 

Labels:
0 Helpfuls
  • 1,944 Views
1 ACCEPTED SOLUTION

Go to solution
Rahul Priyadars
Giga Sage
Giga Sage

‎04-21-2022 11:19 PM

You may need to use some scripting for same.

This Blog may give you some idea.

https://community.servicenow.com/community?id=community_blog&sys_id=5b8a88b6db9f670011762183ca9619c7

Regards

RP

View solution in original post

5 REPLIES 5

Go to solution
Stacey Shapiro
Tera Expert

‎07-24-2023 07:54 AM

Hi Ganesh, No, I was not able to get this done and we struggle with it on a daily basis. 

 

Stacey 

0 Helpfuls