Event Management - CMDB Based Alert Correlation

Sathya Prakash
Tera Contributor

‎05-15-2024 09:46 AM

Hi Team,


I have the following queries regarding the implementation of CMDB-based alert correlation:

  1. Is there any way to exclude specific nodes, severities, or alert types from CMDB-based alert correlation?
  2. Is it possible to define a timeframe window for CMDB-based alert correlation?
  3. What is the order of correlation execution? Considering that I have enabled the Alert correlation rule, Automated Alert correlation, and Tag-based alert correlation, which one takes precedence?
Labels:
  • 687 Views
5 REPLIES 5

SK Chand Basha
Giga Sage

‎05-15-2024 09:59 AM

Hi @Sathya Prakash 

This blog might be helpful

https://www.servicenow.com/community/itom-blog/alert-correlation-advanced-processing-example/ba-p/22...

 

Mark it Helpful and Accept Solution!! If this helps you to understand.

0 Helpfuls

Sathya Prakash
Tera Contributor
In response to SK Chand Basha

‎05-15-2024 10:09 AM

Thanks @SK Chand Basha 

 

The link that you have shared above is related to the Alert Correlation Rule. I need to know about the CMDB based alert correlation.

0 Helpfuls

Vivek Verma
Mega Sage
Mega Sage

‎05-15-2024 10:22 AM

Hello Satya, you need to create an automatic group filter. It's a fairly straightforward solution. Just select your alert group type and apply the filter.

LIKN: Configure filters for automatic alert groups (servicenow.com)

0 Helpfuls

Vivek Verma
Mega Sage
Mega Sage

‎05-15-2024 10:25 AM

Point 2: No, you cannot change it. It is set to 10 minutes by default. by default.

Link; Configure the time window for alert grouping - Support and Troubleshooting (servicenow.com)

point 3. Groping order: 

  1. Log Analytics
  2. Rule-based and Tag Cluster
  3. Manual
  4. Automated
  5. CMDB
  6. Text

Link: Alert group types (servicenow.com)

 

0 Helpfuls