How come itom engineer will understand the alert/incident at the application service level?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
yesterday
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
yesterday
If alerts are intentionally mapped to an Application Service, how is the actual root-cause infrastructure CI identified?
Even when alerts are mapped to a non-host CI such as an Application Service, the downstream root-cause infrastructure CI is identified through Event Management correlation and Service Mapping topology, not by the alert target alone.
Events are still generated against the source infrastructure CI
(server, database, network device, middleware). The alert may be presented at the Application Service level, but the originating CI is retained internally.Service Mapping provides the dependency topology
The Application Service is related to all downstream CIs (compute, app, DB, network). This topology allows ServiceNow to trace which dependent CI is unhealthy.Event Management correlation links cause to impact
Using CI relationships and correlation rules, ServiceNow identifies the most likely root-cause CI and suppresses secondary symptoms, even when the visible alert is service-level.Alert details and RCA views expose the root-cause CI
The correlated alert shows:Root-cause CI
Impacted Application Service
Affected downstream components
enabling the application team to quickly see what failed underneath the service.
Incidents inherit both service and root cause
When an incident is created, it can reference:The Application Service (business impact)
The root-cause infrastructure CI (technical resolution)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
yesterday
@KM SN By checking on the Application Service -> runs on -> Infra, you will be able to see the downstream applications mapped.
Sometimes, the Application Service -> depends on ->Application -> runs on -> Infra.
You can see the Service map of the Application service, it might help you to see the downstream applications.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
yesterday
I understand that we can see the service map or dependency views, but my question is how can he understand where the issue is or which ci is actually creating a problem in the downstream infra?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
yesterday
@KM SN Usually, the Infra details where the check is done and alert is generated would be included in the Alert description.
When you look at an Alert and you should see it. Or are you trying to create an alert?
