Event Management Implementation

shank1 · ‎01-02-2021

How are you usually implementing event management projects. Only unidirectional or bi-directional?

One of our client is using around10 monitoring tools like zabbix, solarwinds, splunk etc. and question is, if we are bringing all the events to ServiceNow and ask them to work on alerts/incidents in ServiceNow, then the alerts remain in open state in those monitoring systems.

Looking for suggestions and your experiences in Event Management implementation projects.

Thanks!!!

Rahul Priyadars · ‎01-04-2021

if we are bringing all the events to ServiceNow and ask them to work on alerts/incidents in ServiceNow, then the alerts remain in open state in those monitoring systems.---> No this is not the case. Once event is cleared Alert will be Auto Healed and Incident too.

This is how it goes-

Event --->Event Rule ---> Alert ---> Rule ---> Incident

If Alert is gone then CLEAR event should come and it should Auto close Alert and Resolve Incident - At least this is how we have tested few scenarios.

So if you do not have Event Management Layer you need to do a P2P integration between Monitoring tool and Service Now ITSM.

When you have Event Management then All intelligence and Tuning is done at Event Management Layer and accordingly alert and Incidents are created.

All Monitoring Tools Event (SW,Dynatrace,Zabbix, Scom etc) ----> Event Management -----> ITSM

It will be Uni-Directional from Monitoring tool to Event Management layer and then ITSM.

*Please mark as Correct and or helpful if appropriate.

Regards

RP

View solution in original post

Ben81 · ‎01-03-2021

Hello Shank,

Thank you for this question.

I have been implemented Event Management for a large infrastructure so I am way more than happy to answer to this question.

It all depends of the population method (Connector, Web service, SNMP, Email).

Most of the time, if you go through a ServiceNow connector or available from the store, it will manage effectively the alert in the monitoring system.

Personally, I would suggest to close directly the alert in your monitoring system as soon as the event has been generated in ServiceNow. Yes they have to work mainly on the Alerts.

The only reason to generate an incident from the alerts are:

- Need to reassign to a third party team
- Need to investigate the root cause or the workaround as we don't have that in our current KB
- Need to create a Major Incident

To be fair, I would suggest we have a chat together to talk about this project. The Event Management implementation seams easy as the technical side is quite small, but you have tons of challenges. Do not underestimate these challenges as it's the key of a successful project.

Hope my answer is useful, please click on the button if it's the case.

Cheers,

Ben

Dhana1 · ‎06-09-2021

Hi Ben,

I have seen your post regarding Event management it was very useful to me.

I am going to start a new project Event Management integrating 25 different monitoring tools to service now processing events and alerts in service now.

Can you please help me how to perform integration from monitoring tools like(splunk,nnmi,solarwinds............)to service now and to process those events and alerts. If you have any documentation can you please forward or having any links which were helpful. I am going to start new project about this Event management.

TV · ‎01-03-2021

Hello Shank- I wouldn't be comfortable clearing the monitoring tool alert without fixing the problem itself. And the alert gets cleared as we fix the problem. So , my focus been letting monitoring tools do the job and build the intelligence using Event Management to act on them through flow designer. The Event Management alert will be cleared along with Monitoring tool alert once the issue is fixed. I don't think we need two way or forceful monitoring tool alert clearance and it might mask the problem.

Rahul Priyadars · ‎01-04-2021