The Zurich release has arrived! Interested in new features and functionalities? Click here for more

How to automatically close duplicate alerts (Event Management) in ServiceNow based on error details?

brahmandlapally
Giga Guru

4 weeks ago

In our environment, we receive multiple alerts for the same integration. For example, if the Salesforce integration generates 4 alerts and 3 of them report the exact same error, I want ServiceNow to handle them as follows:

Out of the 3 duplicate alerts, 2 should be closed automatically with a note like “Already reported with Alert Number X”.

The remaining 1 alert should stay open and visible in the alert table.

Has anyone implemented a similar deduplication logic in ServiceNow? How can I parse the alert description to identify duplicates (Node + Error details) and then automatically close the redundant alerts while keeping one active?

0 Helpfuls
  • 355 Views
3 REPLIES 3

Ajay_Chavan
Kilo Sage

4 weeks ago

I’m curious, how do you determine if a particular even is a duplicate? Is there a reference field or a combination of fields that helps you with that?

Glad I could help! If this solved your issue, please mark it as Helpful and Accept as Solution so others can benefit too.*****Chavan A.P. | Technical Architect | Certified Professional*****
0 Helpfuls

brahmandlapally
Giga Guru

4 weeks ago - last edited 4 weeks ago

I have only one field which helps is Description field. which contains below content. and the requirement is we need to achieve with AI ops.

 

"Tibco Notification - SALESFORCE_INTEGRATION - [CSF]:CSFGRP_4191873
2025-05-15T08:47:13.049-07:00--*<?xml-version=*1.0*-encoding=*UTF-8*?>.<ns0:upsertAllOutput-xmlns:ns0=*urn:partner.soap.sforce.com*>.----<upsertAllResponse>.--------<ns0:result>.------------<ns0:created>true</ns0:created>.------------<ns0:errors>.----------------<ns0:message>unable-to-obtain-exclusive-access-to-this-record</ns0:message>.----------------<ns0:statusCode>UNABLE_TO_LOCK_ROW</ns0:statusCode>.------------</ns0:errors>.------------<ns0:id-xmlns:xsi=*http://abc.com>.------------<ns0:success>false</ns0:success>.--------</ns0:result>.----</upsertAllResponse>.</ns0:upsertAllOutput>........BUSINESS-ID-LABEL----->Financial_Account_Number__c..........BUSINESS-ID-VALUE----->040552AE480*
Severity:warning
Object:[CSF]:CSFGRP_4191873"

0 Helpfuls

chandrakumar
Tera Contributor

a week ago

Hi @brahmandlapally ,

I would suggest handling it in event level instead of alert level. You can control creating multiple alerts for same issue by utilizing event deduplication capability.  This u can achieve by adjusting the message key based on your requirement.

 

If this response resolved your query, kindly mark it as helpful and accept the solution.

 

Regards,

Chandra Kumara BS

0 Helpfuls