Grouping Multiple Events Into a Single Alert

Kyle Wiley
Mega Expert

‎01-29-2019 07:34 AM

Hello,

I am trying to group Events together into one Alert record but I am having some trouble finding where to accomplish this.

As you can see in the screenshot below, there are Events with the same Metric Name that I would like to group into the same Alert record every time the Event with that Metric Name is generated but currently each Event is creating it's own Alert.

find_real_file.png

Is this accomplished through creating Event Rules?  The correct Event Rule is evaluating when the Event is created (PostPickOrders STAGE Test) but there are still individual Alerts being created.

Can someone please point me in the right direction? 

Labels:
Preview file
34 KB
0 Helpfuls
  • 2,586 Views
1 REPLY 1

Gianpaolo Pagan
ServiceNow Employee
ServiceNow Employee

‎01-29-2019 08:28 AM

Hi Kyle,

 

"Correlation" is usually done at the alert level, as in defining a logic that groups various alerts together.

In the conversion from event to alert what typically happens is deduplication, update, consolidation of events into the resulting alert.

Having said that the way you drive this is by ensuring the events have a matching "message_key" field value, so all the events with the same  message key in a compatible timeframe, would update the same alert.

Have a look here:

https://docs.servicenow.com/bundle/london-it-operations-management/page/product/event-management/concept/c_EMEventIdentifier.html

https://docs.servicenow.com/bundle/london-it-operations-management/page/product/event-management/concept/c_EMIntegrateRequirementEvent.html

The auto-generated message key uses values from the SourceNodeType, and Resource fields.

You can always use an event rule to generate your own message key using the fields you have at the top level or in additional_info.

 

I hope this helps,

 

Gp