How can we avoid duplicate Incidents from Multiple similar events?

Go to solution
Bharath Kasimse
Kilo Contributor

‎10-16-2019 08:40 AM

Hello Team -

I am looking for a quicker suggestion or solution in one of the use case on Event Management side. 

I have couple of monitoring tools which monitors log entries and create an auto generated incident ticket. I would like to understand if we have any solution in place to avoid duplicate ticket generation to avoid multiple tickets on same event. 

Is there any mechanism which will help me to update the same incident ticket if it is in Open State with a new event entry until the incident is marked as RESOLVED or CLOSED. I am good to have a new incident created once the Incident is resolved within SLA's. I am trying to avoid additional man hours when I am working on the issue for circumvention to handle multiple incidents. 

 

Appreciate anyone's quick help here with the right solution. Thanks!

 

Regards,

Bharath Babu. K

Labels:
0 Helpfuls
  • 3,150 Views
1 ACCEPTED SOLUTION

Go to solution
adilrathore
ServiceNow Employee
ServiceNow Employee

‎10-19-2019 05:19 AM

If you have a single alert for each event then the existing incident would be updated. For this the new events generated for the same issue should have the same value in the 'message key' field. Message key is a unique event identifier to identify multiple events that relate to the same alert. If this value is empty, it is generated from the SourceNodeTypeResource, and Metric Name field values. This field has a maximum length of 1024 digits.

View solution in original post

2 REPLIES 2

Go to solution
adilrathore
ServiceNow Employee
ServiceNow Employee

‎10-19-2019 05:19 AM

If you have a single alert for each event then the existing incident would be updated. For this the new events generated for the same issue should have the same value in the 'message key' field. Message key is a unique event identifier to identify multiple events that relate to the same alert. If this value is empty, it is generated from the SourceNodeTypeResource, and Metric Name field values. This field has a maximum length of 1024 digits.

Go to solution
SteveMac1
Mega Guru

‎10-22-2019 10:05 AM

In addition to what @adilrathore said, if the events are coming from different monitoring systems, look into Alert correlation rules. They can be used "to manually classify alerts into primary and secondary, and establish a relationship between them. Use alert correlation rules to group alerts that are related."

https://docs.servicenow.com/bundle/newyork-it-operations-management/page/product/event-management/co...