- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-02-2021 11:09 AM
How are you usually implementing event management projects. Only unidirectional or bi-directional?
One of our client is using around10 monitoring tools like zabbix, solarwinds, splunk etc. and question is, if we are bringing all the events to ServiceNow and ask them to work on alerts/incidents in ServiceNow, then the alerts remain in open state in those monitoring systems.
Looking for suggestions and your experiences in Event Management implementation projects.
Thanks!!!
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-04-2021 01:03 AM
if we are bringing all the events to ServiceNow and ask them to work on alerts/incidents in ServiceNow, then the alerts remain in open state in those monitoring systems.---> No this is not the case. Once event is cleared Alert will be Auto Healed and Incident too.
This is how it goes-
Event --->Event Rule ---> Alert ---> Rule ---> Incident
If Alert is gone then CLEAR event should come and it should Auto close Alert and Resolve Incident - At least this is how we have tested few scenarios.
So if you do not have Event Management Layer you need to do a P2P integration between Monitoring tool and Service Now ITSM.
When you have Event Management then All intelligence and Tuning is done at Event Management Layer and accordingly alert and Incidents are created.
All Monitoring Tools Event (SW,Dynatrace,Zabbix, Scom etc) ----> Event Management -----> ITSM
It will be Uni-Directional from Monitoring tool to Event Management layer and then ITSM.
*Please mark as Correct and or helpful if appropriate.
Regards
RP
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-17-2021 01:11 AM
There are few instances where for a generated event, there wouldn't be a need to take any actions but just acknowledge and close them (warning or minor events or known issues).
Today, for all such events, our monitoring team is reviewing them and closing wherever appropriate.
Now that after integrating those tools with ServiceNow, all the events are coming to ServiceNow, but if we ask the operators to work with ServiceNow only, then in the monitoring tool, those will be left opened (considering above scenario).
How to tackle this situation.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-17-2021 07:34 PM
There are few instances where for a generated event, there wouldn't be a need to take any actions but just acknowledge and close them (warning or minor events or known issues).-->
Operators do not work on events . They Work on ALERTS. So in your event processing rule
you can control the creation of ALERTS.
Regards
RP
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-18-2021 10:48 AM
Thank you very much for all the details provided.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-19-2022 04:10 AM
i must agree with Ben's comment - it does depend on the way you integrate the systems. most of my projects revolve around bi-directional integrations and we use connectors such as zigiops. we even used it for our latest client.
