How to get events converted into alerts
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-01-2017 06:44 AM
Hi All,
I m a beginner in ServiceNow. My initial task is to understand how does event management works in ServiceNow.
I need to create incidents automatically from events & alerts.
Can anyone of you help me in getting to know how does an event rule runs, after which how do we verify that this event rule has been applied to an event successfully?
Any help/suggestions would be much appreciated.
- Labels:
-
Event Management

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-01-2017 07:43 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-02-2017 03:50 AM
Hi Akshay!
First of all you need to get your event into the table em_event.
Then you will see in the 'Processing notes' field of the event which Event rule was applied and the outcome of the Binding alert CI process flow.
In the event rule you should capture the things that you want to capture in the alert. (The content that is within the event will be automatically moved to the alert for all fields that has that same name in both tables). The only thing that is mandatory in the alert is 'Severity', so you need to be sure that is stated for the alert to be created. If you have a host in the 'node' field of the event, and this host exist in the CMDB, the alert will be tied to this CI.
Then you should create an alert rule that should create the actual Incident.
Hope that gives you a starting point!
BR
Chatarina

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-15-2020 06:49 PM
Old thread but since not marked as answered.
- From the Application Navigator, open "Event Management" > "Rules" > "Event Rules".
- Create a new Event Rule (select the "New" button).
- Go through the tabs. Specify condition to process events in the "Event Filter" tab.
- Set fields in the events in the "Transform and Compose Alert Output" tab. For example, some events have values in the "Additional information" field and may need to be mapped to a separate field by creating Manual attributes
- Specify threshold conditions in the "Threshold" tab. For example, how many time event should be detected before creating an alert
- Finally specify CI binding condition to connect an event to a CI. This is not necessary to create an Alert but it would create a more meaningful alert if the alert has a filled CI so alerts can be listed by CI to see history of alerts for a CI. For example, if a particular CI has many alerts, it may means it's not properly configured or that there is a hardware defect