how to Avoid Multiple incidents for the same CI through events and alerts

pranithareddy
Tera Contributor

‎01-10-2022 11:23 PM

Hi Everyone,

 

I have a situation where multiple incidents are being created for the same CI from 3rd party monitoring tool, with exact same information in the tickets except a little change in description.

Instead of multiple tickets on the same CI, can we make some rules to create only one ticket for such issues ?

 

Thanks&Regards,

Pranitha D

Labels:
0 Helpfuls
  • 1,271 Views
7 REPLIES 7

Rahul Priyadars
Giga Sage
Giga Sage
In response to pranithareddy

‎01-11-2022 01:43 AM

If Message Key is not coming from SPLUNK then Service Now should populate it default from event data-

  • By default, each event is uniquely identified by the Message Key.
  • If the Message Key is not populated, the system concatenates the SourceTypeNodeResource, and Metric Name fields to populate the Message Key.
  • If identifiers are not supplied in the event, you can add them with event rules.

refer this post for similar issue 

https://community.servicenow.com/community?id=community_question&sys_id=fddb0ac61b948d14aefc11751a4bcb0f

Regards

RP

Richard Hine
Tera Guru
Tera Guru

‎01-10-2022 11:38 PM

Pranitha,

Can you confirm how the incidents are created? Are you using SN Event Management or is the 3rd party tool directly raising the incidents using the Incident Table API or a scripted API?

Thanks,

Richard

0 Helpfuls

pranithareddy
Tera Contributor
In response to Richard Hine

‎01-10-2022 11:40 PM

Thank you for the replay Richard.

The incidents are created through SN Event Management, from Splunk monitoring tool.

0 Helpfuls