Load Balancer Hybrid Identification Rules

SRSkaggs
Tera Expert

‎07-28-2025 03:31 PM - edited ‎07-28-2025 03:32 PM

I have a situation where F5 load balancers are being discovered just fine, but there are multiple F5 load balancers with the same name and serial number. But there isn't any de-duplication tasks or messages indicating they are duplicates. I noticed it has a hybrid identification rule at the parent load balancer class. I am not sure if that is what is causing it, but I am wondering if there is something I am missing here.

Labels:
Preview file
65 KB
  • 431 Views
5 REPLIES 5

Abbas_5
Tera Sage
Tera Sage

‎07-28-2025 09:43 PM

Hello @SRSkaggs,

 

Please refer to the link below:
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1157082

 

If it is helpful, please hit the thumbs-up button and accept this solution as the correct answer. By referring to it in the future, it will be helpful to others.

 

Thanks & Regards,

Abbas Shaik

0 Helpfuls

SRSkaggs
Tera Expert
In response to Abbas_5

‎07-29-2025 05:34 AM

Thank you for your response. However, the article you provided does not address the issue I’m experiencing.

 

The health metric for duplicate records isn’t flagging load balancers the same way it does for Windows servers. I have two identical load balancer records, but neither is showing a duplicate message, nor is a de-duplication task being created. In contrast, when I tested with a Windows server, the system correctly identified the duplicate and generated a de-dupe task.

 

I’m wondering if this behavior is related to the hybrid identification rules used for load balancers.

0 Helpfuls

AJ-TechTrek
Giga Sage
Giga Sage

‎07-29-2025 07:29 AM

Hi @SRSkaggs ,

 


1. lets Understand what’s likely happening as per my understanding :-


By default, the Identification and Reconciliation Engine (IRE) uses Identification rules to decide if an incoming CI matches an existing one or should create a new one.


For the Load Balancer class (cmdb_ci_lb or subclass like F5), there may be:


* A hybrid identifier rule (mix of serial number + name + other attributes)
* Or a rule that treats each discovered record as separate if some part of the identifier set is missing


If the same serial number & name come in but on separate discovery runs, from different discovery sources, or with slightly different data, and the identifier rule isn’t strict enough, IRE may treat them as separate CIs.

 

2. Step to what to check


Step 1: Review the Identification Rule
* Go to:
CMDB → Identification Rules
* Filter for rules related to:
cmdb_ci_lb_f5
or parent cmdb_ci_lb if that’s where the rule lives.
Check:
* Which fields are used as identifiers? (e.g., serial number, name, discovery source)
* Is it a hybrid rule? Hybrid rules combine multiple sets (e.g., match on serial number + name OR on management IP).
If the rule says:
* “Match on serial number + name” → these should merge.
* If it's hybrid: “serial number + name” OR “management IP” → and you have different management IPs → it may create new CIs.

 

Step 2: Check the Discovery logs and IRE logs
* Go to:
CMDB → Identification Log
* Look at the log entries when these CIs were created.
* See why IRE decided it was a new CI instead of matching the existing one.

 

Step 3: Validate incoming data
* From Discovery logs, check if the serial number or name values coming from each run really are exactly identical.
* Sometimes:
* Name may have an extra space or case difference (LB-01 vs lb-01)
* Serial number may have different format (e.g., uppercase vs lowercase, dashes)
Even small differences → no match.

 

Step 4: Check Data Source priorities
If the same CI comes from multiple discovery sources (e.g., SNMP Discovery, Network Discovery, or manual import):
* IRE may create separate CIs if the identifier rule doesn’t fully unify them.
* Check the Data Source field on CIs; if one source sends different values, that may cause the duplicate.

 

3. How to fix it
Option 1: Adjust the Identification Rule
* Make the rule stricter: require serial number + name always
* Or simplify: rely on unique serial number only (if that’s truly globally unique)


Option 2: Normalize data
* Use Transform Maps or Data Sources to clean up names (case, spaces)
* Use Data Normalization if you have Data Certification or Data Manager


Option 3: Use reconciliation to merge
* Use the Reconciliation definition to ensure only one active CI wins

 

4. Common cause
* Hybrid rule: if it has "OR" logic and Discovery brings in different attributes each time, IRE may not match correctly.
* Same name & serial number but different management IPs → may cause multiple CIs.

 

5. Quick summary solution
* Check & adjust the Identification Rule on the F5 class or parent load balancer class
* Make sure serial number + name is always used together (and data is clean)
* Check Identification Logs to see why IRE didn’t merge
* Normalize incoming data to remove formatting differences
* Reconcile if duplicates already exist

 

Please appreciate the efforts of community contributors by marking appropriate response as Mark my Answer Helpful or Accept Solution this may help other community users to follow correct solution in future.
 

Thank You
AJ - TechTrek with AJ - ITOM Trainer
LinkedIn:- https://www.linkedin.com/in/ajay-kumar-66a91385/
YouTube:- https://www.youtube.com/@learnitomwithaj
Topmate:- https://topmate.io/aj_techtrekwithaj (Connect for 1-1 Session)
ServiceNow Community MVP 2025

SRSkaggs
Tera Expert
In response to AJ-TechTrek

‎07-30-2025 07:39 AM

I appreciate the response, but I think I am not communicating the issue accurately.

I’m trying to understand how the CMDB Health metric for Duplicate CIs determines whether a CI is a duplicate, particularly when hybrid identification rules are in play.

I’m not concerned with Discovery at this time—this is specifically about the health metrics job and the resulting de-duplication tasks.

Here’s the situation I tested:

  • I created two identical Windows Server CIs

  • I created two identical F5 BIG-IP Load Balancer CIs

Windows Server:

  • Uses standard/lookup identification rules.

    SRSkaggs_1-1753885644242.png

  • The health job flagged the CI as a duplicate.

  • I saw a banner at the top of the CI record indicating it was a duplicate.

  • A De-Duplication Task was created as expected.

F5 BIG-IP Load Balancer:

  • Uses hybrid identification rules.

    SRSkaggs_0-1753885580422.png

  • I created two records that should be considered identical based on the rule (same Name and Serial Number, and same Serial Number / Serial Number Type on the referenced cmdb_serial_number table).

  • However, I did not see a duplicate banner or any de-duplication task.

The only difference I can think of is that the serial number records (on the cmdb_serial_number table) are unique per CI—meaning the same Serial Number and Type are being used, but each is tied to a different CI (via a different sys_id).

My question is:

  • Does the CMDB Health Duplicate CI job evaluate hybrid identification rules the same way it does standard/lookup rules?
  • If not, what is the impact of referencing associated tables like cmdb_serial_number where the same serial number value might be linked to two different CIs?

Any clarity on how the Duplicate CI metric interprets hybrid rules are used within health metric results is appreciated.

0 Helpfuls