How can we exclude specific alerts from participating in alert grouping or correlation mechanisms?

Deepak Jaisingh
Tera Contributor

4 weeks ago

We have certain alerts that should remain standalone and not be considered in any type of correlation, including:

  1. Rule-Based Correlation
  2. Tag-Based Correlation
  3. CMDB-Based Correlation
  4. Automated Correlation
  5. Manual Correlation

Is there a recommended approach or configuration to ensure these alerts are completely bypassed from all correlation types?

Labels:
0 Helpfuls
  • 793 Views
4 REPLIES 4

Tanushree Maiti
Tera Patron

4 weeks ago

Hi @Deepak Jaisingh 

 

Create a custom Alert Correlation rule .

 

Refer: 

https://www.servicenow.com/docs/r/zurich/it-operations-management/event-management/c_EMEventCorrelat...

 

https://www.servicenow.com/community/itom-forum/event-management-disable-correlation-for-specific-so...

 

https://www.servicenow.com/community/developer-forum/event-management-flooding-alerts-due-to-missing...

 

 

Please Accept the solution if it assisted you with your question & Mark this response as Helpful.
Regards
Tanushree Maiti
ServiceNow Technical Architect
LinkedIn: https://www.linkedin.com/in/tanushreemaiti
0 Helpfuls

Deepak Jaisingh
Tera Contributor

4 weeks ago

I am trying to understand how this is going to help, can you tell me exactly how we need to achieve this

0 Helpfuls

MushtaqMir
Tera Contributor

3 weeks ago

Hi Deepak,

 

I’d like to know which attribute or unique identifier you want to use to exclude alerts from the alert group.

If you are using CMDB-Based Correlation or Automated Correlation, this requirement will need customization of the out‑of‑the‑box functionality.

If you are not using CMDB-Based Correlation or Automated Correlation, then exclusion can be achieved by adding conditions to other configurable rules.

0 Helpfuls

Deepak Jaisingh
Tera Contributor

2 weeks ago

Hey @MushtaqMir , We are using the tag based correlation and apart from that the alert correlation properties are set to true for CMDB, Network Traffic, ML based automation correlation

 

Requirement is I want to do correlation for all except few, I understand that the requirement will need customization of the out‑of‑the‑box functionality.

 

I can use one field that is we have as customer name on the alert table to exclude those alerts from any type of correlation

0 Helpfuls