Hello,

As per the requirement, We need to convert the emails into events and then create alert for each event for below subject lines

‘[conap10973] XPOC | HOMED Error in WFID = 123456 : LA_BA_SEND : Unauthorized’

Here, conap10973 is CI 

          XPOC  is Sender ID

         HOMED is receiver ID

After that, we need to group the alerts created in timespan of 10 min where CI, Sender ID and Receiver ID are same. Then, create incident for parent alert.

Configurations

1. 1. We have created an inbound action to generate events from received emails.
   2. We have mapped the CI with Node, Sender ID with Source and Receiver ID with Type field of Event table.
   3. We need to create a unique alert for each event, which requires that the message key must be unique. To address this, we created a message key in the inbound script as follows:
   Message Key = Sender ID + Receiver ID + WFID Number(WFID number is unique for each email).

   5. we created an event rule to generate alerts, where we established an alert tag based on Sender ID + Receiver ID + CI
   We created a Tag Based Alert Clustering Definition to group the alerts based on the alert tag.
   6. We also created an Alert Management Rule to facilitate alert creation.
   7.However, we encountered an issue: sometimes alerts are group together using CMDB, but we want to group the alerts based on CI + Sender ID + Receiver ID using Tag Based Clustering.

    

Please advise if this is the correct approach and if there is any solution for the Tag Based clustering issue

#servicenow #Event Management #Tag Based Clustering #Events #Alerts

@Ankur Bawiskar @Chuck Tomasi